Audience: Cyberark Administrator, Cyberark engineers, Cyberark Consultants
The challenge
When using dual-control approval workflow in cyberark, users can request to access the critical privilege accounts. One or multiple managers must approve to access the privileged account between a time which manager approved.
When the user establishes the sessions, the session continues even when the session is past the requested timeframe. Of course, the users will not be able to connect again if they disconnect the session. For the audit team, this raises the concern that users can work on critical accounts beyond their approved time.
The solution
Our team worked on this challenge and build a software which will monitor the sessions and send warning for the users if they need to extend the approval and access critical accounts. Below are the functionalities the software will do to manage the sessions.
- PSM Disconnect software (PDS) will monitor all the request received by the system.
- PDS will compare the live session to identify the matching violation.
- PDS will alert the user before 15 minutes of their session end time. At this point user can request approval to continue the session.
- When the time violation occurs the PDS will alert the users that his session will get disconnect after 15 minutes grace period.
- If the PDS founds the session is live after grace period it will disconnect the session.
- All the activities on the session performed by PDS is logged in database for reporting.
