Policy-driven approach to managing privileged/shared identity in an enterprise
First Claim
1. A method to manage privileged accounts associated with an enterprise, comprising:
- determining that an entity is attempting to logon to a privileged account associated with a resource;
if the entity is attempting to logon to the privileged account, prompting the entity to provide additional identifying information;
verifying, based on additional identifying information received following the prompt and a policy, that the entity is authorized to login to the privileged account; and
providing the entity access to the privileged account.
1 Assignment
0 Petitions
Accused Products
Abstract
Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user'"'"'s identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.
-
Citations
24 Claims
-
1. A method to manage privileged accounts associated with an enterprise, comprising:
-
determining that an entity is attempting to logon to a privileged account associated with a resource; if the entity is attempting to logon to the privileged account, prompting the entity to provide additional identifying information; verifying, based on additional identifying information received following the prompt and a policy, that the entity is authorized to login to the privileged account; and providing the entity access to the privileged account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method to manage privileged accounts associated with an enterprise, the method comprising; determining that an entity is attempting to logon to a privileged account associated with a resource; if the entity is attempting to logon to the privileged account, prompting the entity to provide additional identifying information; verifying, based on additional identifying information received following the prompt and a policy, that the entity is authorized to login to the privileged account; and providing the entity access to the privileged account. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product in a computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method to manage privileged accounts associated with an enterprise, the method comprising:
-
determining that an entity is attempting to logon to a privileged account associated with a resource; if the entity is attempting to logon to the privileged account, prompting the entity to provide additional identifying information; verifying, based on additional identifying information received following the prompt and a policy, that the entity is authorized to login to the privileged account; and providing the entity access to the privileged account. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification