Skip to main content

Single Accounts

Bravura Privilege allows you to request temporary privileged access to accounts, for yourself or other users. If approved, you can check out the requested privileged access. On single accounts, privileged access can mean:

  • Access to the ID and password of an administrative account

  • Connection via remote desktop connection

  • Connection via SSH public key authentication

  • Some other means

When you check in, or a certain time expires, your access is revoked. You can check out the privileged access only once for every approved request. In some cases you may be pre-approved to check out privileged access.

Requesting single account access

Unless you have pre-approval to check out privileged account access, you must submit a request to be reviewed by authorizers. If you are pre-approved, you can skip to Pre-approved access .

To request permission to check out privileged single account access:

  1. Click Accounts under the PRIVILEGED ACCESS heading in the Filter panel.

    The Results panel will list the available accounts and their current status.

    26576.png

    Alternatively, you can click Recent to see privileged accounts you have requested before.

  2. Select an account.

    Select the account you want to view details about, request check out, or check out access (if you have been granted access). Depending on the configuration, you may be able to view account access status details and check-out details. Various options may be available in the Actions panel, such as:

    • Request check-out if account access can be requested

    • View request if you have an existing request awaiting approval

    • Check out if there is an existing approved request for this account

    • Configured disclosure plugins if you already have this account checked out

    26577.png

  3. Click Request check-out in the Actions panel to open the request details form.

    26578.png

  4. Enter request details:

    1. Optional : Edit the default Request description.

    2. Enter Requester notes to be displayed to the authorizers.

    3. Enter notification details if needed.

    4. If the request is for another user, click the search icon 3332.png under Recipient to search for the recipient’s ID.

    5. Specify the period that you want the access to be available for check-out.

      • Select the Start time and End time.

        or

      • Select the Calculate end time using check-out duration checkbox, choose a duration unit and type the number of days, hours or minutes.

      The duration is affected by the configured maximum and minimum check-out intervals. It must start later than the current time.

    6. Select an Operation to perform for check-out and check-in.

      Depending on configuration, these authentication types are available for you to choose:

      • Select Password to connect to the account using password authentication.

      • Select SSH key to connect to the account using SSH authentication. If selected, you must also specify a SSH public key (from your profile) to use for SSH public key to add to account.

    7. Enter values for other request attribute fields as required.

  5. Click the Submit button at the bottom of the request details form.

    Bravura Security Fabric issues the request, notifies appropriate authorizers, and displays a summary of the request.

    26580.png

    If you are assigned as an authorizer capable of approving account access check-out requests, the request may be automatically approved, depending on which managed systems you are assigned.

Checking out single account access

Once you have approval you can check out privileged account access, as long as the number of allowable simultaneous check-outs has not been exceeded.

Requested and approved access

To check out account access after your request is approved:

  1. Click Ready to check out under the REQUESTS heading.

    Alternatively, click the Your privileged access request has been approved link on the main menu.

    Select the account you want to check out.

    26581.png

  2. Click Check out.

    The Privileged access app displays available actions in the Actions panel to the right.

    26582.png

    If the account access has already been checked out and the check-out limit has been reached, Bravura Security Fabric notifies you when the access is available for check-out again.

Alternatively, if you already have approved access, you can also:

  1. Search for the account you want to check out under the PRIVILEGED ACCESS heading.

  2. Select the account you want to check out.

  3. Click Check out.

Pre-approved access

To check out pre-approved account access:

  1. Click Accounts under the PRIVILEGED ACCESS heading to see available accounts.

  2. Select an account from the Results panel.

  3. Click Check out in the Actions panel to open the check-out details form.

    26583.png

  4. If you want notification sent to an address other than the one shown, change the value in Send emails to this address with information about the request.

  5. Click the Check out button.

Using single account access

Once you have checked out you can:

  • Use the available access disclosure plugins to access the privileged account within the time given. For information about each access disclosure plugin see Access disclosure plugins .

  • Depending on your permissions, you may be also be able to:

  • Override or randomize passwords

  • Access password history.

To view your own check-outs, click Mine under the CHECK-OUTS heading in the Filter panel on the left.

You can also access your check-outs under the PRIVILEGED ACCESS heading, by searching and selecting the account you have access to.

Your access is revoked once your check-out time expires, or you check in your access.

Checking in single account access

To check on the expiry time and check in an account:

  1. Click Mine under the CHECK-OUTS heading.

    Alternatively, click Active to find the checked out account.

    The details of your check-outs are displayed in the Results panel, including the expiration time.

    26584.png

  2. Select an account from the Results panel to display the check-out details in the Actions panel.

  3. Click Check in when you no longer need the account.

    If you need to access the account again, you must submit another request.

Accounts can also be checked in by searching and selecting the checked out account under the PRIVILEGED ACCESS heading.

Use case: Checking out a single account

This use case demonstrates the typical workflow steps followed when a regular user requests to check out a managed account.

Request the check-out

  1. Log into the Front-end (PSF) as a regular user.

  2. Click Privileged access to open the Privileged access app.

  3. Click Accounts under the PRIVILEGED ACCESS heading to display the available accounts in the Results panel.

    26585.png

  4. From the Results panel select the account you want to check out.

  5. Click Request check-out in the Actions panel.

  6. Review the required information for the request.

  7. Enter a request reason in the "Requester notes" field to be displayed to the authorizers.

  8. Click Submit at the bottom of the form.

    Bravura Security Fabric issues the request, notifies the appropriate authorizers, and displays the a summary of the details in the Actions panel.

    You can click on the various links under the REQUESTS heading in the Filter panel to view your request status.

    26586.png
Authorize the request

To authorize the request:

  1. Log into the Front-end (PSF) as an authorized user.

    In this example, you can see in the details of the request, the authorizer is Abbie Lester.

  2. Click You have 1 request(s) awaiting your approval.

    This opens the Requests app.

  3. Click Active under the REQUESTS heading to display the active request.

  4. Select the request you want to review from the Results panel.

    The details appear in the Actions panel for you to review.

    26587.png

  5. Click Approve.

    You have the option to include some notes in the approval.

  6. Click Approve again.

Check out the managed account

Once the request has been approved, you can check-out the account:

  1. Log into the Front-end (psf) as the requester again.

  2. Click the link Your privileged access request has been approved.

    The Privileged access app opens.

  3. Select the request from the Results panel if it is not already pre-selected.

  4. Click Check out in the Actions panel.

    The Privileged access app displays the available access disclosure plugins you can choose from.

    26588.png

  5. To view the password, click Display, and then click View.

Check the account back in

Once you have finished using the account, click Check in on the Actions panel. The password will be randomized and the account checked back in.

Use case: Using SSH keys to check out a single account

This example demonstrates the typical workflow steps followed when regular users request to check out a managed account using their SSH keys.

Request the check-out

  1. Log into the Front-end (psf) as a regular user.

    The user should already have SSH public keys in the profile .

  2. Click Privileged access to open the Privileged access app.

  3. Click Accounts under the PRIVILEGED ACCESS heading to display the available accounts in the Results panel.

  4. From the Results panel select the account you want to check out.

  5. Click Request check-out in the Actions panel.

  6. Review the required information for the request.

  7. Select ’SSH key’ for Operation to perform for check-out and check-in.

    26589.png

  8. Select a SSH public key file from your profile for SSH public key to add to account.

  9. Click Submit at the bottom of the form.

    Bravura Security Fabric issues the request, notifies the appropriate authorizers, and displays the a summary of the details in the Actions panel.

    You can click on the various links under the REQUESTS heading in the Filter panel to view your request status.

    26590.png
Authorize the request

To authorize the request:

  1. Log into the Front-end (PSF) as an authorized user. In this example, you can see in the details of the request, the authorizer is Abel Malone.

  2. Click You have 1 request(s) awaiting your approval. This will open the Requests app.

  3. Click Active under the REQUESTS heading to display the active request.

  4. Select the request you want to review from the Results panel.

    The details will appear in the Actions panel for you to review.

    26591.png

  5. Click Approve.

    You have the option to include some notes in the approval.

  6. Click Approve again.

Check out the managed account

Once the request has been approved, you can check-out the account:

  1. Log into the Front-end (PSF) as the requester again.

  2. Click the link Your privileged access request has been approved.

  3. Select the request from the Results panel if it is not pre-selected.

  4. Click Check out in the Actions panel. Wait for the check-out operation to finish. During this time, Bravura Security Fabric is attempting to add your SSH public key to the SSH server.

    26592.png

  5. If the check-out operation failed, Bravura Security Fabric will automatically attempt to check out the account again after a certain amount of time. Alternatively, you can click Check-out retry to try checking it out again now.

    26593.png

  6. Once the check-out operation is successful, the Privileged access app will display the PuTTY over SSH access disclosure plugin.

    26594.png

  7. To connect to the SSH server and access the managed account, click PuTTY over SSH.

    The user is connected using SSH key authentication.

Check the account back in

Once you have finished using the account, check it back in.

Click Check in in the Actions panel.

Bravura Security Fabric removes your SSH public key from the SSH server and checks the account back in.

In this section: