Case 3: Users who need to elevate multiple applications within a short span of time¶
To cater to the special needs of developers and technicians who might need to elevate multiple applications simultaneously to test their code or troubleshoot issues on computers, Securden allows users to gain temporary full administrator access.
These administrator sessions are strictly monitored and tracked through text-based audit trails. If the user creates new admin accounts using the permission granted in these sessions, they will be tracked, and their actions can be reversed. To test the request-release workflow for temporary full-admin access, follow the steps below.
Step 1: Raising a request for time-limited, full-admin privileges¶
1) Go to an endpoint with the Securden agent.
2) Open the Securden tray icon and click on Request Admin Privilege.
3) In the window that opens, choose Time-limited full admin access.
4) Provide the start and end time or the duration based on your requirement and submit the request after providing a reason.
5) You have successfully placed a time-limited, temporary full admin access request.
Step 2: Approving/rejecting the request for time-limited, full-admin privileges¶
1) In the Securden EPM web-interface, log in as a user with the Administrator role.
2) In the Admin section, navigate to the Requests section.
3) Ensure the Request Filter is set to To Be Approved and find the request placed from the endpoint.
4) Click on Approve.
5) In the window that appears, specify the start and end time or the duration of elevated access you want to grant to the user.
6) Provide a reason before clicking on Approve.
Step 3: Using the elevated access on the endpoint¶
Note
Verify whether the temporary access permission is still valid, i.e, the Securden server time must be between the approved start and end time of the access request. For duration-based privilege elevation, the time of the Securden server doesn’t have a bearing on the validity of the request.
1) On the endpoint, open the Securden tray icon and click on Get Latest Changes from Server. 2) The Securden agent pop-up will be displayed stating that your request was approved. You may start the temporary admin access session by clicking on Start Admin Access.
3) Once you have temporary full admin access, you can elevate any application by any of the options discussed in Case 1 >> Step 2. 4) The count-down timer will be displayed in the bottom-right corner. Once the timer runs out, all open applications running with admin rights will be terminated automatically. You can surrender the elevated access well before the time runs out by clicking on the close button on the timer.
