Privileged account plug-in framework—usage policies
First Claim
1. A system, comprising:
- a memory storing computer-executable instructions; and
a processor that accesses the memory and executes the computer-executable instructions to at least;
receive plug-in code for implementing runtime privileges;
receive, from a first user, a log-in request to start a session, the log-in request including at least first authentication information;
establishing the session for the first user; and
during the session;
receive, from a computing device of the first user, a request to perform an action associated with at least one secure network resource; and
perform the action for the first user based at least in part on a second user being authenticated and being logged in to share the session with the first user.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.
-
Citations
20 Claims
-
1. A system, comprising:
-
a memory storing computer-executable instructions; and a processor that accesses the memory and executes the computer-executable instructions to at least; receive plug-in code for implementing runtime privileges; receive, from a first user, a log-in request to start a session, the log-in request including at least first authentication information; establishing the session for the first user; and during the session; receive, from a computing device of the first user, a request to perform an action associated with at least one secure network resource; and perform the action for the first user based at least in part on a second user being authenticated and being logged in to share the session with the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage memory storing a plurality of instructions executed by one or more processors to:
-
receive plug-in code for implementing runtime privileges; receive, from a first user, a log-in request to start a session, the log-in request including at least first authentication information; establishing the session for the first user; and during the session; receive, from a computing device of the first user, a request to perform an action associated with at least one secure network resource; and perform the action for the first user based at least in part on a second user being authenticated and being logged in to share the session with the first user. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method, comprising:
-
receiving, by a computer system, plug-in code for implementing runtime privileges; receiving, from a first user, a log-in request to start a session, the log-in request including at least first authentication information; establishing the session for the first user; and during the session; receiving, from a computing device of the first user, a request to perform an action associated with at least one secure network resource; and performing, by the computer system, the action for the first user based at least in part on a second user being authenticated and being logged in to share the session with the first user.
-
-
17. The computer-implemented method of 16, wherein the at least one secure network resource is a privileged account of a privileged access management service.
-
18. The computer-implemented method of 17, wherein the runtime factor includes at least one of a time, a locality, a client, a number of requests, or a privilege granted to the first user.
- 19. The computer-implemented method of 17, wherein the privileged access management service is implemented by a first virtual machine and a plug-in framework is implemented by a second virtual machine.
Specification