Access Control
How to Enforce Reason Justification for Account Access?¶
Providing a reason while requesting account access would help in maintaining auditability, accountability and security. The admin can decide whether to grant access or not based on the explanation provided.
If you want to make the justification mandatory for an access request, navigate to Admin >> Customization >> Configurations >> Account Management >> Access Control, find Justification for Account Access, and click on Edit button.
Choose Enable for All option to get a request along with a reason, Disable for All option if reason is not mandatory, and Customize option if you want to enable or disable the justification for a specific group or users. In accordance with the number of users or groups required to provide a reason, the option can be customized.
How to Give Concurrent Account Access to Multiple Users?¶
You can provide access to an account to multiple users simultaneously using JIT workflow. If this is allowed, the users can view the password and perform operations such as launching the remote connections along with the owner of the account at the same time.
To activate concurrent access, go to Admin >> Customization >> Configurations >> Account Management >> Access Control, find Allow Concurrent Access, and slide the toggle to the right.
Note
If concurrent access is not allowed, the owner cannot make any changes or view the password despite being the owner, as the other user would be accessing the account at that time.