Is there the feature to get the approval later than the timing to access when the user needs to urgently access the target server? (Break Glass feature)

book

Article ID: 16884

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



Is there the feature as follows. It means like the Break Glass feature of the Shared Account Manager(SAM) in the CA Privileged Identity Manager.

  • It needs to provide the privileged account to the end user immediately because of urgent business matter.
  • The end user cannot wait for the approval by the workflow of PAM.
  • The end user would like to access the target server by the privileged account by receiving the approval on PAM later than the access the target server.

Environment

CA Privileged Access Manager 3.0.1, 3.0.2

Resolution

The former SAM breakglass was nothing more than a view password with acknowledgement after the fact. It still had to provision the user with a role and assign access to the account.

Similarly, in PAM, it is possible to provide the ability to view a credential however there is not after the fact approval or acknowledgement. The review of them would need to be an operational procedure.

In short, there is not like the breakglass feature of SAM in PAM.