Symantec Privileged Access Management

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

Hi Ralf,

My apologies for not being clear. Your first assumption was correct. Is there any way to restrict a PAM account from log in to multiple workstation.
For example, user A access to PAM on machine A and cannot use the same access to log in to PAM on another machine.

Thank you for your advice.

Regards,
Atifah
Original Message:
Sent: Oct 26, 2022 08:52 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

Hi Atifah, PAM doesn't block multiple user logons. What is your concern here?
Original Message:
Sent: Oct 27, 2022 02:58 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

My apologies for not being clear. Your first assumption was correct. Is there any way to restrict a PAM account from log in to multiple workstation.
For example, user A access to PAM on machine A and cannot use the same access to log in to PAM on another machine.

Thank you for your advice.

Regards,
Atifah
Original Message:
Sent: Oct 26, 2022 08:52 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

Hi Ralf,

The objective is to prevent account sharing across multiple workstations. Is there any way to restrict to only one login session at a time?

Thank you,
Atifah
Original Message:
Sent: Oct 27, 2022 02:20 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, PAM doesn't block multiple user logons. What is your concern here?
Original Message:
Sent: Oct 27, 2022 02:58 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

My apologies for not being clear. Your first assumption was correct. Is there any way to restrict a PAM account from log in to multiple workstation.
For example, user A access to PAM on machine A and cannot use the same access to log in to PAM on another machine.

Thank you for your advice.

Regards,
Atifah
Original Message:
Sent: Oct 26, 2022 08:52 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

No. The only restrictions you can impose is limit from where the user can login by defining allowed IP ranges. Access times can be limited as well. If users share their logon credentials, that would be a problem whether or not multiple sessions are allowed. Feel free to raise an idea for an enhancement on the ideation page (Ideas link in the top menu of this community site).
Original Message:
Sent: Oct 27, 2022 10:10 PM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

The objective is to prevent account sharing across multiple workstations. Is there any way to restrict to only one login session at a time?

Thank you,
Atifah
Original Message:
Sent: Oct 27, 2022 02:20 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, PAM doesn't block multiple user logons. What is your concern here?
Original Message:
Sent: Oct 27, 2022 02:58 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

My apologies for not being clear. Your first assumption was correct. Is there any way to restrict a PAM account from log in to multiple workstation.
For example, user A access to PAM on machine A and cannot use the same access to log in to PAM on another machine.

Thank you for your advice.

Regards,
Atifah
Original Message:
Sent: Oct 26, 2022 08:52 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

Thank you, Ralf for your advice!
Original Message:
Sent: Oct 27, 2022 10:47 PM
From: Ralf Prigl
Subject: Query for login session

No. The only restrictions you can impose is limit from where the user can login by defining allowed IP ranges. Access times can be limited as well. If users share their logon credentials, that would be a problem whether or not multiple sessions are allowed. Feel free to raise an idea for an enhancement on the ideation page (Ideas link in the top menu of this community site).
Original Message:
Sent: Oct 27, 2022 10:10 PM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

The objective is to prevent account sharing across multiple workstations. Is there any way to restrict to only one login session at a time?

Thank you,
Atifah
Original Message:
Sent: Oct 27, 2022 02:20 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, PAM doesn't block multiple user logons. What is your concern here?
Original Message:
Sent: Oct 27, 2022 02:58 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

My apologies for not being clear. Your first assumption was correct. Is there any way to restrict a PAM account from log in to multiple workstation.
For example, user A access to PAM on machine A and cannot use the same access to log in to PAM on another machine.

Thank you for your advice.

Regards,
Atifah
Original Message:
Sent: Oct 26, 2022 08:52 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah

Hello Atifah, I forgot to mention the "Concurrent Remote Connections Allowed" setting on the Configuration > Security > Access page, see documentation page Server Access Options Configuration. This option does allow you to restrict user access to PAM to one source IP at a time. It works only per node in a cluster, not cluster-wide, but may be of use to you.
Original Message:
Sent: Oct 28, 2022 01:07 AM
From: Atifah Abdul Latif
Subject: Query for login session

Thank you, Ralf for your advice!
Original Message:
Sent: Oct 27, 2022 10:47 PM
From: Ralf Prigl
Subject: Query for login session

No. The only restrictions you can impose is limit from where the user can login by defining allowed IP ranges. Access times can be limited as well. If users share their logon credentials, that would be a problem whether or not multiple sessions are allowed. Feel free to raise an idea for an enhancement on the ideation page (Ideas link in the top menu of this community site).
Original Message:
Sent: Oct 27, 2022 10:10 PM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

The objective is to prevent account sharing across multiple workstations. Is there any way to restrict to only one login session at a time?

Thank you,
Atifah
Original Message:
Sent: Oct 27, 2022 02:20 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, PAM doesn't block multiple user logons. What is your concern here?
Original Message:
Sent: Oct 27, 2022 02:58 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Ralf,

My apologies for not being clear. Your first assumption was correct. Is there any way to restrict a PAM account from log in to multiple workstation.
For example, user A access to PAM on machine A and cannot use the same access to log in to PAM on another machine.

Thank you for your advice.

Regards,
Atifah
Original Message:
Sent: Oct 26, 2022 08:52 PM
From: Ralf Prigl
Subject: Query for login session

Hi Atifah, I don't quite understand what you are after. Are you asking about restricting the number of logons to PAM by the same PAM user? Or are you concerned with a user opening multiple access sessions to different target devices in general? Or is it a question if you can restrict use of a target account for only one target device at a time? In all cases the answer would be that PAM does not have a configuration for such limitations, but it would be helpful to understand your question better, and the motivation for raising it here.
Original Message:
Sent: Oct 26, 2022 04:35 AM
From: Atifah Abdul Latif
Subject: Query for login session

Hi Experts,

Is there a way in PAM tools to prevent or restrict any concurrent login from the same account to multiple device?

Regards,
Atifah