Concurrent Access to Accounts - Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager can be configured to control the number of users who can
simultaneously connect to a given privileged account. This is done
using a checkout/checkin process, in a manner similar to checking a
book out of a library and returning it later.
- Rather than simply granting access to a privileged account, a user
may be required to check out access. Checkout is subject to
- A counter is incremented whenever access is checked out,
indicating that one more person is allowed to sign into
the account in question.
- The number of users who may concurrently access an account
is limited -- for example, up to two at a time.
- The time interval during which a user may be allowed to sign
into an account is limited -- for example, no more than two hours.
- Users are asked to check-in access rights when they are done using
a privileged account.
- The account's checkout counter is decremented.
- If the maximum allowed checkout time has elapsed, Privileged Access Manager
may automatically perform a checkin. This normally causes the
account's password to be re-randomized.
- Checkout and checkin supports coordination among IT workers:
- Privileged Access Manager can notify users who have already checked out access
to an account of subsequent checkouts (e.g., via e-mail or SMS).
- Privileged Access Manager can inform users who request a new checkout
about already-active checkouts.
- Passwords are normally randomized whenever the checkout
counter returns to zero. This ensures that access does
not persist after the last user disconnects from a privileged
- Network Architecture:
How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
- Replicated Credential Vault:
Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
- Included Connectors:
Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
- Infrastructure Auto-discovery:
Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
- Non-target integrations:
Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
- Workflow Requests and Approvals:
Enabling users to request and approve one-off access to sensitive accounts.
- Concurrent Access to Accounts:
Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
- Single Sign-on Mechanisms:
Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
- Server requirements:
Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
Scaling to manage passwords across millions of devices.
- Emergency access:
Access to Privileged Accounts During Emergencies.
- Language Support:
A list of languages supported in the web portal.