Access Request policies play a crucial role in managing resource access within an organization. In EmpowerID, they serve as the foundation for guiding the approval and fulfillment processes for user access requests. By defining the required approvals, conditions, and entitlements, Access Request policies help administrators control who can access specific resources and under what circumstances. In the context of PSM, Access Request policies are essential for regulating user access to computer credentials related to servers and other machines configured for RDP or SSH sessions. They ensure that only authorized users can access privileged credentials, thereby reducing the risk of unauthorized access or misuse of sensitive information.
In EmpowerID, Access Request policies are essential for managing resource access by guiding the approval and fulfillment processes for user access requests. They are particularly important for Privileged Session Management (PSM), where they regulate users' access to computer credentials related to servers or other machines set up for RDP or SSH sessions. Additionally, Access Request policies establish whether such sessions fall under a privileged session policy, which governs aspects such as session recording, live session monitoring, and the maximum number of concurrent sessions allowed on a specific computer.
Approval Policies for Privileged Sessions
Administrators can use Access Request policies to set up Approval Policies, ensuring that privileged session access requests are authorized by an approved user before being granted. By default, EmpowerID Access Request policies for computer credentials are configured with the Owner Approval policy, which requires the owner of a computer credential to approve access requests prior to a user initiating a session. However, organizations can choose other approval flows as desired.
Pre-configured Access Request Policies for Computer Credentials
EmpowerID provides several pre-configured Access Request policies for computer credentials, each featuring its own PSM-specific settings:
1. Computer Creds - Allow Multi-Check-Out - No Password Reset
This policy is applicable for computer credentials initiating an RDP or SSH session where multiple sessions (credential checkouts) are allowed, and password reset upon user check-in isn't required by EmpowerID.
2. Computer Creds - No Multi-Check-Out - Password Reset
This policy is applicable for computer credentials initiating an RDP or SSH session where multiple sessions aren't permitted, and you want EmpowerID to reset the account password when the user checks in the credentials.
3. MFA - Computer Creds - Allow Multi-Check-Out - No Password Reset
This policy is applicable for computer credentials initiating an RDP or SSH session requiring multi-factor authentication, allowing multiple sessions (credential checkouts), and when you want EmpowerID to reset the account password upon user check-in.
By leveraging these pre-built Access Request policies and configuring them according to your organization's security requirements, administrators can effectively manage privileged sessions and ensure secure access to critical resources. Regularly reviewing and updating these policies will help maintain compliance with relevant regulations and internal policies and enhance overall security.