Hitachi ID Systems, Inc.

Hitachi

Features Concurrent Access
Hitachi ID Systems Web Feeds Follow Us on Twitter Follow us on LinkedIn
certification

Product Sites

Concurrent Access

Hitachi ID Privileged Password Manager can be configured to track and control the number of people to whom a given password is disclosed at any given time. This is done using the concept of password checkout and checkin -- in a manner similar to checking a book out of a library and checking it back in later.

  1. Rather than simply granting access to a privileged account, a user may be required to check out access. Checkout is subject to policy control:
    1. A counter is incremented whenever access is checked out, indicating that one more person is allowed to sign into the account in question.
    2. The number of users who may concurrently access an account is limited -- for example, up to two at a time.
    3. The time interval during which a user may be allowed to sign into an account is limited -- for example, no more than two hours.

  2. Users are asked to check-in access rights when they are done using a privileged account.
    1. The account's checkout counter is decremented.

  3. If the maximum allowed checkout time has elapsed, Privileged Password Manager may automatically perform a checkin. This normally causes the account's password to be re-randomized.

  4. Checkin and checkout supports coordination among IT workers:
    1. Privileged Password Manager can notify users who have already checked out an account of new checkouts (e.g., via e-mail or SMS).

    2. Privileged Password Manager can notify users who are newly checking out an account of existing checkouts (e.g., on the web UI).

  5. Passwords are normally randomized whenever the checkout counter returns to zero.