PRIVILEGED ACCOUNT MANAGER, DYNAMIC POLICY ENGINE
First Claim
1. A system, comprising:
- a memory storing a plurality of instructions; and
one or more processors configured to access the memory, wherein the one or more processors are further configured to execute the plurality of instructions to;
receive information associated with a plurality of accounts associated with a target system, the plurality of accounts for accessing resources used by the associated target system;
organize one or more of the plurality of accounts together in a group based at least in part on a role for each of the one or more of the plurality of accounts; and
assign a grant to the group.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.
-
Citations
20 Claims
-
1. A system, comprising:
-
a memory storing a plurality of instructions; and one or more processors configured to access the memory, wherein the one or more processors are further configured to execute the plurality of instructions to; receive information associated with a plurality of accounts associated with a target system, the plurality of accounts for accessing resources used by the associated target system; organize one or more of the plurality of accounts together in a group based at least in part on a role for each of the one or more of the plurality of accounts; and assign a grant to the group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method, comprising:
-
receiving, by a computer system, information associated with a plurality of accounts associated with a plurality of target systems, at least a first target system of the plurality of target systems being different from at least a second target system of the plurality of target systems; receiving, by the computer system, role information for at least one of the plurality of accounts; forming, by the computer system, a group of the plurality of accounts based at least in part on the role information; and assigning, by the computer system, a grant policy to the group of the plurality of accounts. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
instructions that cause the one or more processors to receive information associated with a plurality of accounts associated with a plurality of target systems, at least a first target system of the plurality of target systems being different from at least a second target system of the plurality of target systems; instructions that cause the one or more processors to receive, from an administrative account of an account management service configured to manage the plurality of accounts associated with the plurality of target systems, role information for at least one of the plurality of accounts; instructions that cause the one or more processors to form a group of the plurality of accounts based at least in part on the role information; instructions that cause the one or more processors to assign a grant policy to the group of the plurality of accounts; and instructions that cause the one or more processors to update the grant policy of each of the plurality of accounts in the group based at least in part on triggering event. - View Dependent Claims (18, 19, 20)
-
Specification