Concurrent Access to Accounts - Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager can be configured to control the number of users who can
simultaneously connect to a given privileged account. This is done
using a checkout/checkin process, in a manner similar to checking a
book out of a library and returning it later.
- Rather than simply granting access to a privileged account, a user
may be required to check out access. Checkout is subject to
- A counter is incremented whenever access is checked out,
indicating that one more person is allowed to sign into
the account in question.
- The number of users who may concurrently access an account
is limited -- for example, up to two at a time.
- The time interval during which a user may be allowed to sign
into an account is limited -- for example, no more than two hours.
- Users are asked to check-in access rights when they are done using
a privileged account.
- The account's checkout counter is decremented.
- If the maximum allowed checkout time has elapsed, Privileged Access Manager
may automatically perform a checkin. This normally causes the
account's password to be re-randomized.
- Checkout and checkin supports coordination among IT workers:
- Privileged Access Manager can notify users who have already checked out access
to an account of subsequent checkouts (e.g., via e-mail or SMS).
- Privileged Access Manager can inform users who request a new checkout
about already-active checkouts.
- Passwords are normally randomized whenever the checkout
counter returns to zero. This ensures that access does
not persist after the last user disconnects from a privileged