Sectona Privileged Access Management system can allow you to enforce workflow actions based on allowing access to passwords or access via system. The system works on a concept of request types ( or can be referred to as a transaction). Two request types in the systems are password and access. Workflow system leverages emails to provide notifications to requestor & approvers. Approvers have a choice to approve requests over Sectona Web Console or directly over emails. For email based approval Sectona must have POP3 emails configured to receive approval via email. Ensure you have setup SMTP & POP3 settings in Email Gateway configurations.

POP3 emails settings and function points Email Approval workflow must be activated to activate email approval methods.

Systems support up to 15 levels of approvals and rules based on attributes for easy configurations. Attributes help to filter requests and define multiple approval flows. Workflow requests work on a principle of attribute-based scoring. Rules matching maximum attributes to an object of requests are applied for a workflow request.

Request types in the workflow system can be defined as objects you would like to control and monitor. System supports options of controlling password requests & access requests workflow.

  • Password: A request is made to have access to the password. It may be a single level of approval or multilevel.

  • Access: An access type request is made when the user needs a password less access.

Procedure for configuring workflow rule

Workflows are enforced for enabling need based access to passwords and direct access. Its important to define a scope of what a user can view to request for an access. Limiting a scope can be defined by leveraging Access Request Scope feature of User Access Policy. For example a vendor user who may need access to only windows servers should not be bale to raise an access request for unix or databases. Steps to configure a workflow rules are listed below.

  • Navigate to the "Policies" option in the navigation bar.

  • Select the "Configure" from the sidebar.

  • Click on the "+ Add Workflow Rule" button.

  • Rule name: Specify an appropriate name for the rule which will define your workflow. The name should be unique and instance-specific.

  • Description: Enter a unique descriptive title for your workflow rule.

  • Rule type: Select as Workflow.

  • Levels: Define the number of levels required for an approval workflow.

  • Request type: Select password or access-based workflow.

  • Schedule time: Select any if you would like a rule enforced any time of the day or select time window you want to enable. the 

  • Attributes: *Important* Select the attributes where you would like to apply this workflow. If workflow attributes are left blank, workflow rules are applied to all transactions initiated for the selected attributes. You can also add levels for multiple approvals.

  • Status: By default, any workflow rule request is enabled as Active.

In case of conflicting workflow rules for a particular transaction, preference is given to the latest rule.

Overriding workflow-based access

In a situation where a user belonging to a specific workflow can also belong to another workflow. It might happen that the user will have to wait for the previous request to be approved which gives rise to a deadlock situation. Here, the administrator will have to manually delete or terminate the request raised by the user. This will override the workflow that has been stuck due to the pending request. User can override the access only when the Access Type is selected as Once. 

This section consists of all the log & pending requests to checkout a password of an account or require access of an asset to perform a certain task. The procedure to terminate a request is

  • Navigate to the "Policies" option in the navigation bar.

  • Select the "All request" from the sidebar.

  • Click on the terminate option of the request you wish to terminate.

  • A pop-up box will be displayed. Click on 'Yes' to terminate the request.

You can check the information Request ID, Type, Requested By, Requested On, Comment, Ticket No, Current Status