Session Recording at the Folder level¶
You can switch ON the session recording feature at the folder level. Doing this records a video copy of remote sessions launched from all accounts that are a part of the folder.
Note
Switching this feature ON is a second step of configuring session recording in Securden. You need to configure preferences in Admin >> Remote Sessions and Recordings >> Session Recording before you can turn this feature ON for the folder of your choice.
Expired Password Rotation¶
When passwords expire or are about to expire, Securden can automatically rotate them for you without manual intervention. You can indicate the number of days until the password expires after which password rotation will be tried, as well as the number of attempts.
You don't have to change passwords manually anywhere because the new password is updated in both the end machine as well as the Securden database.
If you only want to configure password rotation for the accounts contained within a folder, you may do it from Folders >> Settings >> Expired Password Rotation.
You can set password rotation for remote machine accounts across the entire Securden database by navigating to Admin >> Automated Remote Password Rotation.
Important
You can configure password rotation only for the accounts for which the credentials for remote access have been provided. To configure remote credentials, navigate to Admin >> Device Level Configurations.
You can configure Securden to carry out password changes either On Expiration Date or a few days Prior to Expiration date.
If you choose On Expiration Date
- You need to provide the frequency of password reset, which can be as low as a minute.
- You should also specify the maximum number of attempts to be made to reset a password in the field named Number of retries.
- You can choose to Reset the already expired passwords. Securden will try to reset the expired passwords at the time of configuration.
If you choose Prior to Expiration,
- You need to provide the frequency of password reset, which can be as low as a minute.
- You should also specify the maximum number of attempts to be made to reset a password in the field named Number of retries.
- You should specify how many days before the expiration date the reset attempts should be made.
- You can choose to make reset attempts in accounts whose passwords are about to expire and the passwords that have already expired by clicking on the respective checkboxes.
Precedence of user-level privilege¶
When a user is part of a group, and if an account is shared with different levels of privileges with that group, and as well as the individual user, the privilege granted on the user-level will take precedence over the privilege granted on a group-level.
For example, let us say there is an account, user, and group named Account1, UserA, and Group1 respectively.
Consider,
- UserA is a member of Group1
- Account1 is shared with ‘Open Connection’ permission individually to UserA
- Account1 is shared with Modify permission to Group1
Then, the UserA will only have Open Connection access to Account1, and not Modify access.
Precedence of least privilege¶
When an account/folder is shared with many groups with different privileges, and if same user is a member of all those groups, the user can access the account/folder only with the ‘least level of privilege’ given amongst the groups.
For example, let us say there is an account, folder, user, and groups named Account1, Folder1, UserA, Group1, and Group2 respectively.
Consider,
- UserA is a member of both Group1 and Group2.
- Account1 is shared with ‘Manage’ permission to Group1 and ‘Modify’ permission to Group2.
Now, the UserA will only have ‘Modify’ access over Account1, and not ‘Manage’ permission.
Precedence of account-level access over the folder-level¶
If a folder and an account has been shared with different levels of privileges to a user, and even if the same account is present within that folder, the user will still have account-level access over that folder and will not be able to access it with folder-level permission.
For example, let us say there is an account, folder, user, and groups named Account1, Folder1, UserA, Group1, and Group2 respectively. Consider,
- Account1 is a part of Folder1.
- UserA is a part of both Group1 and Group2.
- Group1 has ‘Manage’ (folder-level) permission over Folder1, and Group2 has ‘View’ (account-level) permission over Account1, which is inside Folder1.
Now, the UserA will only have account-level View access to Account1 and will not be able to access the account with folder-level Manage access.