Secret Server Feature: Request access
Control Privileged Account Access Through Workflow
Require access approval and ticket validation for privileged credentials
What’s the challenge?
There are occasions when IT users or contractors should not have continuous access to your privileged accounts. This may be due to the sensitivity of your environment, or compliance mandates that require segregation of duties for privileged access.
Why it’s important
To prevent gaps in your privileged account security these users should only be able to access a privileged account if they have a legitimate reason, such as a change request. Workflows should be enforced on accounts used by 3rd parties to ensure that internal users are aware of access, and that privileges aren’t being misused.
How this feature solves it
Secret Server’s workflows require that a user is granted approval to access a password or Secret. Once the control is applied, users must request access for a set amount of time and cannot use the Secret until approved.
This can be tied into ticket systems such as ServiceNow or BMC to ensure that the user has a valid change or incident number that they are responding to. Requiring approval with a reason maintains accountability and guarantees that approvers know why a user needs access.
LOVE THIS FEATURE? TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use!
Start your free trial of Secret Server using the form at the top right.
View Secret Server’s full list of user-friendly features.
All requests, approvals, and denials are fully audited for reporting and compliance. Enforcing approval and auditing who requested and who approved is a key control for many insider threat and risk management programs because it requires two different users to complete a task. This helps prevent abuse of privilege or the prospect of an insider using sensitive accounts to sabotage systems or exfiltrate data.
Ticket number validation can be included in the approval request or can be a standalone workflow, along with a reason for access.
For more information on configuring ticket systems with Secret Server refer to this Knowledge Base topic.
Access can be requested ad hoc or ahead of time if a user knows they will need a credential during a maintenance window. Email notifications are customizable to include company-specific policy information.