What are offline endpoints?
Securden EPM works according to the architecture explained below.
- The EPM admin console is installed on a central server in on-premises deployments. The EPM server resides in the cloud in SaaS deployments.
- The agents are deployed on the endpoints to handle privilege management operations in accordance with the policies dictated by the central server.
- The agents communicate with the central server in short intervals to update the server on activities and fetch latest policy updates and approval status updates for privilege elevation requests.
The endpoints are typically confined to that network and are in constant contact with the servers according to the configurations set by the IT administrators.
However, the privilege management agent can stop communicating with the central EPM server in many situations. Here are some examples:
- The central server is down for maintenance purposes.
- Loss of connectivity due to firewall misconfigurations.
- Loss of internet connectivity on the endpoint. (In SaaS deployments)
- The employee needs to work remotely. (In on-prem deployments)
Similarly, many other scenarios cause loss of communication between the Securden agent and the EPM server.
How to manage privileges on these offline endpoints?
To handle privilege management in such scenarios, Securden provides a code-based privilege elevation mechanism which the users can use to get permissions to run applications and elevate privileges.
Offline access codes can be used in two ways. The administrator can enable/disable each of the options if needed.
- Codes are generated by users for themselves.
- Codes are generated by Admins for users.
Users can make use of these codes to elevate applications or gain temporary full-local admin rights in accordance with the preferences set by the Securden EPM administrator.
How to configure offline access code?
The Administrator in Securden can configure the preferences to control how users can use offline access codes.
Each of the option below can be enabled/disabled to control how offline codes are used.
- Accessing applications that are not allowlisted
- Elevating individual applications
- Getting temporary full-admin rights
Every privilege elevation activity performed using offline access codes gets tracked by the Securden Agent. Once the connectivity between the agent and the server is restored, then all these activities are populated in the audit trails.
Securden EPM helps enforce accountability for actions even on offline endpoints.
