- Pre-authorized users can launch an admin session any time.
- Access control model:
- Users ... belong to
- User groups ... are assigned ACLs to
- Managed system policies ... which contain
- Devices and applications
- Also used for API clients.
- Request access for any user to connect to any account.
- Approvals workflow with:
- Dynamic routing.
- Parallel approvals.
- N of M authorizers.
- Coordinate admin changes by limiting
number of people connected to the same
- Can be >1.
- Notify each admin of the others.
- Ensure accountability of who had access to an account at a given time.