Request one-time access


Request one-time access
Play movie

Content:

  • During an emergency or during a one-time event such as a production migration, users can request access to privileged accounts.
  • Requests are subject to validation (e.g., does the request include a valid incident number?) and authorization.

Key concepts:

  • A powerful workflow engine is built into Hitachi ID Privileged Access Manager.
  • The approval process supports:
    • Inviting multiple authorizers at one time.
    • N of M approvals.
    • Reminders, escalation and delegation to replace non-responsive authorizers with alternates.

Approve one-time access


Approve one-time access
Play movie

Content:

  • Authorizers are invited to review requests via e-mail.
  • Requests are approved or rejected via a secure, authenticated web form.

Key concepts:

  • Authorizers who don't respond promptly will receive reminder e-mails.
  • The approvals UI is works with small web browsers, such as on smart phones. This means that requests can be approved any-where, any-time.

Launch one-time session to a privileged account


Launch one-time session to a privileged account
Play movie

Content:

  • Once a session has been approved, the request's recipient can launch a login session to the privileged account.

Key concepts:

  • As with routine administrator access, Privileged Access Manager is normally configured to launch SSH, RDP and similar sessions rather than displaying a password value.
  • Passwords are normally re-randomized when a session completes and access is "checked in."
  • Checkout/checkin controls can limit the number of people connected to the same administrator ID at one time.
  • Late users are shown the names of people already connected to the same account.

Request, approve, and playback recorded session


Request, approve, and playback recorded session
Play movie

Content:

  • Recorded sessions may contain sensitive of private data. They are protected in Hitachi ID Privileged Access Manager by a combination of access controls and workflow approvals. An auditor must first request the right to perform a search of recorded sessions. Once this has been approved, he must select a session and request access to the recording. Only when this second request is approved can he download and play back the session.

Key concepts:

  • Securing access to recorded sessions.
  • Search using meta data and keyboard input.
  • Approvals for both search and play-back.

Hitachi ID Privileged Access Manager API CMD


Hitachi ID Privileged Access Manager API CMD
Play movie

Content:

  • Command-line execution of FTP client.
  • Plaintext password replaced with credentials from secure vault.
  • Video shows establishment of trust relationship.

Key concepts:

  • Authentication into Privileged Access Manager web services API uses OTP and IP address validation.
  • Wrapper library manages caching, encryption, key generation, serialization.
  • Encryption key generated based on runtime environment.
  • Command-line launcher hides complexity from user.