Password Safe Use Cases
Request Access to a Linux Account - Password Retrieval
In this use case, you log in to the web portal and request access to a privileged account password. The system gives you access to the password after verifying in the policy that you are authorized and do not require approval. If you request the password again, the process repeats. However, you will see that every time, Password Safe gives you a different and unique password to allow proper usage tracking.
- Log in to the web portal.
- Scroll to the system lserver01, find the mdavis_uadmin account, and click to open.
- Enter a date, time, and duration.
- Select the Password check box and enter a reason for the request.
- Click Submit Request.
- Depending on your access policy, the request may be auto-approved. If so, you should have an active request immediately available. Otherwise, wait for approval.
- Select the active request.
- Click Retrieve Password.
- Click the blue reveal password button to view the password, or click the green clipboard button to copy the password.
- Open PuTTY on the BeyondInsight host, and open a connection to the lserver01 host.
- Log in to lserver01 as mdavis_uadmin and right-click to paste the password from the clipboard. You will be logged in directly.
-
When finished, close the SSH session, and click the Check-in Request to release the mdavis_uadmin account.
Request RDP Access to a Windows Account - Session Management
In this use case, you log in to the web portal and request access to a privileged account. You choose RDP to provide a proxy session, allowing you to access the account without requiring direct password retrieval.
- Log in to the web portal.
- Scroll to the system dc01 and find the helpdesk account that does not have an application configured, then click to open.
- Enter a date, time, and duration.
- Check the RDP Session box and enter a reason for the request.
- Click Submit Request.
- Depending on your access policy, the request may be auto-approved. If so, you should have an active request immediately available. Otherwise, wait for approval.
- Select the active request.
- Select a Screen Resolution.
- Click Open RDP Session to download an RDP connection file.
- Run the file to directly access dc01 as the helpdesk account, using Password Safe as a proxy.
- When finished, close the RDP window and click Check-in Request to release the helpdesk account.
The session terminates when you click on Check-in Request, even if you leave the RDP session open.
Request Access to a Microsoft SQL Account - Remote Applications
In this use case, you request access to a Microsoft SQL Server. However, you need the SQL Server privileged account just to access Microsoft SQL Server Management Studio. You do not need the password or a full RDP session.
- Log in to the web portal.
- Click the Databases tab.
- Scroll to the system bi01, find the sa2 account associated with SQL Management Studio, and click to open.
- Enter a date, time, and duration.
- Select the Application Session check box and enter a reason for the request.
- Click Submit Request.
- Depending on your access policy, the request may be auto-approved. If so, you should have an active request immediately available. Otherwise, wait for approval.
- Select the active request.
- Select a Screen Resolution.
- Click Application Session to download an RDP connection file.
- Run the file to connect to the bi01 host, with your connection limited to using SQL Server Management Studio only.
- When finished, close the application session, and click the Check-in Request to release the sa2 account.
Delegating access based on applications allows you to restrict what certain users can do in your environment. For instance, instead of granting a semi-skilled user a full session to a critical server, you may want to delegate access only to the applications they need to do their job. This helps to avoid incidents caused by someone restarting or deleting something in error.