Hitachi ID Facebook Page

Hitachi ID Twitter Page

Find us on Google+

Hitachi ID Privileged Access Manager Screen Recordings

Request one-time access

Content:

During an emergency or during a one-time event such as a production migration, users can request access to privileged accounts.
Requests are subject to validation (e.g., does the request include a valid incident number?) and authorization.

Key concepts:

A powerful workflow engine is built into Hitachi ID Privileged Access Manager.
The approval process supports:
- Inviting multiple authorizers at one time.
- N of M approvals.
- Reminders, escalation and delegation to replace non-responsive authorizers with alternates.

Approve one-time access

Content:

Authorizers are invited to review requests via e-mail.
Requests are approved or rejected via a secure, authenticated web form.

Key concepts:

Authorizers who don't respond promptly will receive reminder e-mails.
The approvals UI is works with small web browsers, such as on smart phones. This means that requests can be approved any-where, any-time.

Launch one-time session using a privileged account

Content:

Once a session has been approved, the request's recipient can launch a privileged session.

Key concepts:

As with routine administrator access, Privileged Access Manager is normally configured to launch SSH, RDP and similar sessions rather than displaying a password value.
Passwords are normally re-randomized when a session completes and access is "checked in."
Checkout/checkin controls can limit the number of people connected to the same administrator ID at one time.
Late users are shown the names of people already connected to the same account.

Request, approve, and playback recorded session

Content:

Recorded sessions may contain sensitive of private data. They are protected in Hitachi ID Privileged Access Manager by a combination of access controls and workflow approvals. An auditor must first request the right to perform a search of recorded sessions. Once this has been approved, he must select a session and request access to the recording. Only when this second request is approved can he download and play back the session.

Key concepts:

Securing access to recorded sessions.
Search using meta data and keyboard input.
Approvals for both search and play-back.

Report on requests for privileged access

Content:

Requests for "one-time" access to privileged accounts are archived indefinitely and visible in reports.

Key concepts:

Privileged Access Manager differentiates between "one-time" requests (which must pass through workflow authorization) and "ACL-based" access, which does not.
All privileged access is logged and visible in reports.
"One-time" access requires a special report, since it has different attributes -- a requester, a recipient, one or more authorizers, a permitted time window, etc.