Some users need access to privileged accounts frequently. This includes platform administrators and IT operations, who sign into certain types of systems regularly.
High frequency users should have access to appropriate systems on demand, without waiting for approvals. On the other hand, infrequent users should still be able to request and gain access, but only when appropriate and for a defined time interval.
- Hitachi ID Privileged Access Manager includes a robust access control policy, which can
base allow/deny decisions on:
- The group memberships or identity attributes of requesters and recipients.
- Groups of managed systems or regular expression matches on system name or address.
- Groups of managed accounts or regular expression matches on account ID, name, UID or group membership.
- Ticket numbers, which may be validated against an ITSM application.
- Time of day and/or day of week and/or requested duration.
- Risk scores of the requester, recipient and recent activity.
- Frequent users, identified using whatever grouping is convenient in any given organization, can be assigned pre-approved access, optionally with the requirement to enter a valid ticket number.
- Other users may still request access, but their requests will be routed to system owners, IT security, IT operations or others to approve.
Access to shared accounts or elevated group memberships is decided based on a flexible, easily managed policy.