When a user needs to gain access to a privileged account on a
managed system, the first step is to select the system and account.
A searchable, browsable UI is presented for this purpose, as
The next step is to checkout a session. Access control rules
determine which users are allowed to checkout a session to
which accounts on which systems. Alternately, a user can
request one-time access (authorized through a workflow process).
In either case, concurrency limits may be in place, for example
to ensure that no more than two administrators work on the
same system at the same time.
Using the remote desktop window, the user can do his work.
He can close the window and open it again later, so long as
his Hitachi ID Privileged Access Manager session has not timed out and been automatically
checked back in.
When his work is done, the administrator checks in the session.
This typically causes the password to the account he was using to
be randomized again and the new value placed in the secure,
Shows activity, in terms of workflow requests for on-off access and
check-outs (pre-authorized or individually approved) over time. The
scope of the report (which systems, which accounts) and the time
interval are configurable.
Shows accounts that have been discovered by the system. For each account,
indicates why it appears in the listing -- for example, the account is
a member in a privileged security group, is used to run a service, etc.