...
By leveraging these pre-built Access Request policies and configuring them according to your organization's security requirements, administrators can effectively manage privileged sessions and ensure secure access to critical resources. Regularly reviewing and updating these policies will help maintain compliance with relevant regulations and internal policies and enhance overall security.
General Settings
...
Setting | Description |
|---|---|
Name | Name of the policy |
Display Name | Display Name of the policy that appears to users in the UI |
Description | Description of the policy |
Allow Activation (Skip Business Request) | Specifies whether Business Requests are generated for access requests. If selected, the system does not route requests through Approval policies. |
Approval Policy | Specifies the Approval policy linked to the Access Request policy. Approval policies determine who can approve access requests and how many approvals are required before access is granted, etc. The drault Access Request policies for computer credentials are configured with the Owner Approval Approval policy. |
Fulfillment Delay (HRS) | Specifies the number of hours the system should wait to fulfill approved requests |
Is Shipping Data | Internal use |
Enable Just in Time Account Provisioning | Specifies whether EmpowerID should provision a user account on the computer to which the policy is applied when that user connects to the computer using PSM. This only applies when an account store is created for the computer in question. For details on how to create an account store for a Windows server, see the Local Windows Servers Connector topic in this guide. |
Selectable in UI | Specifies whether the Access Request policy can be selected in the EmpowerID Web Interface |
Time Restrictions
...
Setting | Description |
|---|---|
Time Restrict Access | Specifies whether connections to the computer are restricted to specific durations of time. If enabled, additional settings can be configured to specify the default access duration, the max duration in minutes, and whether users can select durations within those parameters. |
MFA Required for Access Request
...
Setting | Description |
|---|---|
Min Login LOA If Local | Specifies the minimum Level of Assurance points required for users to log in to the computer if on the local network, if any. |
Min Login LOA If Remote | Specifies the minimum Level of Assurance points required for users to log in to the computer if the user is remote, if any. |
Shared Credential Settings
...
Setting | Description |
|---|---|
Publish in IAM Shop | Specifies whether credentials are available to eligible users in the IAM Shop |
Allow Multi Check Out | Specifies whether credentials can be checked out by multiple concurrent users |
Reset Password On Check In | Specifies whether EmpowerID should reset the password portion of the credential after a user completes their session and disconnects from the computer |
Update Windows Services On Password Reset | Specifies whether EmpowerID should update Windows services passwords after a user completes their session and disconnects from the computer |
Update IIS App Pools On Password Reset | Specifies whether EmpowerID should update IIS App Pool passwords after a user completes their session and disconnects from the computer |
PSM Computer Settings
...
Setting | Description |
|---|---|
Privileged Session Policy | Specifies whether privileged session policy applies when users connect to the computer. If selected, additional settings are used to determine the maximum number of concurrent sessions are allowed, whether sessions are to be recorded and whether administrators can view current sessions in real time. |
Password Rotation Settings
...
| Macrosuite divider macro | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Assigning Assign PSM-Enabled Computers to Access Request Policies to Computers