Most systems have a small number of day-to-day administrators, who work during normal business hours to manage configuration, patches, security, storage, etc. If a problem arises during the normal work-day, these administrators are called and they fix the problem promptly.

If production systems experience problems at night or on weekends, stand-by staff need to be able to login and make corrective changes. At other times, stand-by staff should not have administrative access.

These requirements are contradictory: stand-by staff should get administrative access to systems in an emergency, but not normally.

• Privileged Password Manager includes a workflow engine, designed to allow people who do not have regular administrative access to systems to request such access.
• Users who want to see a particular password can ask for disclosure using the Privileged Password Manager web UI. This triggers an e-mail to one or more authorizers, such as application owners, asking for approval.
• Authorizers click on an embedded URL, sign in and approve or reject requests.
• Approved requests trigger another e-mail, to the password recipient.
• The recipient clicks on an embedded URL, signs in and displays the password.
• The process is expedited by naming multiple authorizers -- more than the minimum number required.
• Reminders, automatic escalation and delegation also ensure prompt response.

Using Privileged Password Manager, one-time disclosure of passwords is convenient and secure.