Is there the feature to get the approval later than the timing to access when the user needs to urgently access the target server? (Break Glass feature)
Article ID: 16884
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Is there the feature as follows. It means like the Break Glass feature of the Shared Account Manager(SAM) in the CA Privileged Identity Manager.
- It needs to provide the privileged account to the end user immediately because of urgent business matter.
- The end user cannot wait for the approval by the workflow of PAM.
- The end user would like to access the target server by the privileged account by receiving the approval on PAM later than the access the target server.
Environment
CA Privileged Access Manager 3.0.1, 3.0.2
Resolution
The former SAM breakglass was nothing more than a view password with acknowledgement after the fact. It still had to provision the user with a role and assign access to the account.
Similarly, in PAM, it is possible to provide the ability to view a credential however there is not after the fact approval or acknowledgement. The review of them would need to be an operational procedure.
In short, there is not like the breakglass feature of SAM in PAM.
Feedback
Yes
No
Powered by
