Idea Details

Disconnect User from All Sessions When PAM Account is Checked In

Last activity 01-10-2017 05:22 PM
GaryPurvin81982621's profile image
11-18-2016 02:27 PM

Enhance Privileged Access Manager (PAM) to disconnect a target account from all current sessions where it is being used when the account is"checked in".  A user should not be able to continue utilizing a credential that is no longer assigned by PAM to him. A PAM administrator who sees malicious activity in process using one of the target accounts could quickly prevent further system damage by checking i the account.


01-10-2017 05:22 PM

Can you elaborate a little more?  If the User is connected to the Target server out-of-band from CA PAM, we would have no control.  This sounds like the cases we were attempting to solve with recently introduced (2.8.1) features  Please take a look at the docops wiki for 2.8.1