Password Safe Use Cases

Request Access to a Linux Account - Password Retrieval

In this use case, you log in to the web portal and request access to a privileged account password. The system gives you access to the password after verifying in the policy that you are authorized and do not require approval. If you request the password again, the process repeats. However, you will see that every time, Password Safe gives you a different and unique password to allow proper usage tracking.

Scroll down lserver01

  1. Log in to the web portal.
  2. Scroll to the system lserver01, find the mdavis_uadmin account, and click to open.

 

Enter a date, time, and duration; set the request type to password; enter a reason

  1. Enter a date, time, and duration.
  2. Select the Password check box and enter a reason for the request.
  3. Click Submit Request.

 

View the active request

  1. Depending on your access policy, the request may be auto-approved. If so, you should have an active request immediately available. Otherwise, wait for approval.
  2. Select the active request.

 

Retrieve the password

  1. Click Retrieve Password.

 

Reveal the password or copy it to clipboard

  1. Click the blue reveal password button to view the password, or click the green clipboard button to copy the password.

 

Open a PuTTY connection to the lserver01 host

  1. Open PuTTY on the BeyondInsight host, and open a connection to the lserver01 host.

 

Log in to lserver01

  1. Log in to lserver01 as mdavis_uadmin and right-click to paste the password from the clipboard. You will be logged in directly.

  2. When finished, close the SSH session, and click the Check-in Request to release the mdavis_uadmin account.

Request RDP Access to a Windows Account - Session Management

In this use case, you log in to the web portal and request access to a privileged account. You choose RDP to provide a proxy session, allowing you to access the account without requiring direct password retrieval.

Scroll to dc01 and select the helpdesk account without a configured application

  1. Log in to the web portal.
  2. Scroll to the system dc01 and find the helpdesk account that does not have an application configured, then click to open.

 

Enter a date, time, and duration; set RDP Sesion as the request type, and enter a reason

  1. Enter a date, time, and duration.
  2. Check the RDP Session box and enter a reason for the request.
  3. Click Submit Request.
  4. Depending on your access policy, the request may be auto-approved. If so, you should have an active request immediately available. Otherwise, wait for approval.
  5. Select the active request.

 

Select a screen resolution and open the RDP session

  1. Select a Screen Resolution.
  2. Click Open RDP Session to download an RDP connection file.

 

Run the RDP file to access dc01

  1. Run the file to directly access dc01 as the helpdesk account, using Password Safe as a proxy.

 

Click Check-in Request to release the account

  1. When finished, close the RDP window and click Check-in Request to release the helpdesk account.

The session terminates when you click on Check-in Request, even if you leave the RDP session open.

Request Access to a Microsoft SQL Account - Remote Applications

In this use case, you request access to a Microsoft SQL Server. However, you need the SQL Server privileged account just to access Microsoft SQL Server Management Studio. You do not need the password or a full RDP session.

Scroll down to bi01 and open the sa2 account

  1. Log in to the web portal.
  2. Click the Databases tab.
  3. Scroll to the system bi01, find the sa2 account associated with SQL Management Studio, and click to open.

 

Enter a date, time, and duration; set Application Session as the request type; enter a reason

  1. Enter a date, time, and duration.
  2. Select the Application Session check box and enter a reason for the request.
  3. Click Submit Request.

 

View the active request

  1. Depending on your access policy, the request may be auto-approved. If so, you should have an active request immediately available. Otherwise, wait for approval.
  2. Select the active request.

 

Select a screen resolution; download the RDP connection file

  1. Select a Screen Resolution.
  2. Click Application Session to download an RDP connection file.

 

Run the RDP connection file to connect to the bi01 host

  1. Run the file to connect to the bi01 host, with your connection limited to using SQL Server Management Studio only.
  2. When finished, close the application session, and click the Check-in Request to release the sa2 account.

 

Delegating access based on applications allows you to restrict what certain users can do in your environment. For instance, instead of granting a semi-skilled user a full session to a critical server, you may want to delegate access only to the applications they need to do their job. This helps to avoid incidents caused by someone restarting or deleting something in error.