With PAM, your organization is able to secure Windows and Linux servers by vaulting the credentials needed to access those machines. These credentials can be usernames and passwords for specific computer accounts on Windows servers or SSH keys for Linux servers. If you need to access a particular computer to perform a task on that machine, you request a "check-out" of the credentials needed for that computer. When you request a check-out, your request is sent to an administrator for approval. If your request is approved, you access the machine directly from EmpowerID via Privileged Session Manager, which is an application that is embedded in your browser. When PSM launches, you are automatically logged in to the machine and granted access to perform the tasks authorized by the credentials you checked out. In this way, you gain access to the machine without needing to open Remote Desktop or a similar application and will never need to manually enter any credentials . This protects both yourself and your organization in that those credentials can never be compromised. manually.
Request a computer session
On the navbar, expand Privileged Access and click Request Access.
Select the Computers tab and click Show All.
Search for the computer to which you want to request access.
Click the Connect icon for that computer and then click For Myself.
If prompted, enter your master password and then click OK.
In the Request Check-Out dialog that appears, do the following:
Access Begins – Select the date and time you want the access to begin.
Time Requested (Minutes) – Enter the time needed in minutes for your session. The max time allowed in the above image is 2880 minutes. However, this depends on your organization's policy so what you see may.
Justification – Enter the reason for your access request.
Click OK.
Your request is routed for approval. Once it is approved, you will receive email notification of the approval and can start your session.
...
hidden | true |
---|
Request a computer session
...
Navigate to the IT Shop portal for your organization.
...
In the IT Shop, click the Resource Type dropdown and select Computers.
...
...
Apply any desired filters to the limit the computers appearing in the grid to you. In the below image, we expanded the Advanced Search filter and entered the friendly name of the computer in the Friendly Name field.
...
Click the Request Access button.
...
...
In the Overview section of the Request Card, enter the following information:
Select Request Type – Login Session Access
Select Access Type – One Time Access
Select Duration – Enter the following:
Start Date – Date you want your access to start
Start Time – Time you want your access to start on the above start date
End Date – Date you want your access to start
End Time – Time you want your access to end on the selected end date
...
Select Credential Type – Select the appropriate type
Shared Credentials – Select this option if you are using credentials that are vaulted for the computer in EmpowerID
Personal Credentials – Select this option if you are using your personal credentials to access the computer
...
Click Add to Cart.
...
...
Click the Cart icon to open your shopping cart.
...
Enter a name for you request in the Enter Business Request Name field. This allows you and people who can approve your request know what the request is about. For example, when requesting a login session for a computer, the Business Request Name could be “<Your Name> Login Session for <Computer Name>.”
...
...
When ready, click Submit to submit your request.
Once successfully submitted, a window appears stating that the cart was successfully submitted with a link to track the status of the request.
...
Log in to Resource Admin.
Select Computers from the Resource Type dropdown and search for the desired computer.
Click Request Access for the computer.
This opens the request card for the computer.Under the Select Access Type section, choose One Time Access if your usage of the computer is occasional, or opt for Pre-Approved if you require frequent access to the computer.
If you chose One Time Access, follow the below procedures; otherwise, go to step 6.
Under the Select Request Type section, opt for Membership-Based Access if you require access with elevated privileges, or select Login Session Access to access the computer using the credentials provided to you.
If you selected Membership-Based Access, select the appropriate permission level.
If you selected Login Session Access, select the credential type.
Under Select Duration, adjust the Start Date, Start Time, End Date, and End Time as needed.
Click Add to Cart.
Click the Cart at the top of the page to open it.
Add a comment as needed and enter a Business Request Name. The text entered here helps identify the purpose of the request to potential approvers.
Click Submit.
You should see a message saying the cart was successfully submitted with a tracking link.To view the status, click the tracking link.
Doing so opens the request in My Tasks.Insert excerpt IL:External Stylesheet IL:External Stylesheet nopanel true