Secret Server Feature

Request Access

Control Privileged Account Access Through Workflow
Require access approval and ticket validation for privileged credentials

The challenge

There are occasions when IT users or contractors should not have continuous access to your privileged accounts. This may be due to the sensitivity of your environment, or compliance mandates that require segregation of duties for privileged access.

Why it's important

To prevent gaps in your privileged account security these users should only be able to access a privileged account if they have a legitimate reason, such as a change request. Workflows should be enforced on accounts used by 3rd parties to ensure that internal users are aware of access, and that privileges aren’t being misused.

How we solve it

Secret Server’s workflows require that a user is granted approval to access a password or Secret. Once the control is applied, users must request access for a set amount of time and cannot use the Secret until approved.

This can be tied into ticket systems such as ServiceNow or BMC to ensure that the user has a valid change or incident number that they are responding to. Requiring approval with a reason maintains accountability and guarantees that approvers know why a user needs access.

Additional Information

Enforcing approval

All requests, approvals, and denials are fully audited for reporting and compliance. Enforcing approval and auditing who requested and who approved is a key control for many insider threat and risk management programs because it requires two different users to complete a task. This helps prevent abuse of privilege or the prospect of an insider using sensitive accounts to sabotage systems or exfiltrate data.

Ticket number validation can be included in the approval request or can be a standalone workflow, along with a reason for access.

For more information on configuring ticket systems with Secret Server refer to this Knowledge Base topic.

Access can be requested ad hoc or ahead of time if a user knows they will need a credential during a maintenance window. Email notifications are customizable to include company-specific policy information.



4Passwords
Secret Server Hosting

Security Solutions as a service.
Maximize your password security,
Minimize your security risks.