Account Lifecycle Management
This section provides information about managing lifecycle and operations of privileged accounts, key concepts and workflow.
It is necessary to control their access permissions on information assets to maintain security and adhere to compliance terms. Whenever a privileged access request is made to the IT operations, manually checking all attributes and grant access might consume much time. If the IT admin supplies the access credentials personally to a user, it might be prone to internal security risks. Tools with inconsistent processes can lead to the loss of sensitive data and compromise their privileged assets. IAM & PAM systems not integrated together may not provide desired security benefits.
Sectona's Account Lifecycle Management enables managing and monitoring privileged account's lifecycle within PAM system context. Sectona provides account ownership and helps to set custodian of an account at time of provisioning. This section covers:
Advantages
Using inbuilt Account Lifecycle capabilities within Sectona Security Platform allows ease of use for IT Operations team.
Account Ownership - Use Sectona to assign account ownership upon creation without manual intervention & support future governance tasks.
Ease in managing logs - All the details of account lifecycle, date of creation, their permissions, roles, assets assigned, grouping, membership every minor detail of the account are stored in PAM's account lifecycle logs.
Secured - Often IT teams communicate credentials personally to a privileged user or using cumbersome processes which might get flagged as an internal security risk. Allowing passwords & secrets directly to a user using same platform ensures risks of credential theft while communication.
Time-saving - Account Lifecycle Management gives a secure framework, saves an ample amount of time, and helps in focusing the organization's productivity.
Getting started
For executing Account Lifecycle operations, make sure “AccountsLifecycleService” should be enabled in PAM. For System App services, refer Monitoring System Health & Service Status.
Management account should be configured and verified in Account Defaults with valid username and password. For configuring Account Defaults, refer Configuring management account.
Make sure that you use common ports to establish connection between PAM and target server.
Communication Protocol used by PAM are as follows:
Asset Type | Communication Protocol |
|---|---|
Windows | WMI |
Unix | SSH |
Database Assets | ODBC (Standard Database) |
Active Directory | LDAP |
Supported Devices
Following are the list of per-defined role provided by Sectona
Category | Type | Method |
|---|---|---|
Operating System | Windows Server | WMI |
Unix Based | SSH Command | |
Database | Microsoft SQL | Microsoft SQL Query |
Oracle | Oracle Query | |
MySQL | MySQL Query | |
Active Directory Server | Windows Active Directory | WMI |
How it works
Account Lifecycle Manager (ALM) leverages core platform services of User Management, Asset Management, Vaulting, workflow management & device communication. Platform administrator with account lifecycle privilege role can access ALM to provision accounts & manage provisioned accounts. Assets managed via platforms are available.
When a create user event is triggered a typical flow is
ALM verifies the status of the Asset in the platform
Validates management account availability & configuration for processing the trigger
Collect role information & password policy information applied to asset at platform level
Execute the job and collect & store logs