Providing secure dynamic role selection and managing privileged user access from a client device
First Claim
1. A computer-implemented method comprising:
- receiving a first role selection from a client device, wherein the first role selection is selected from a plurality of roles, and wherein each of the roles includes one or more user accounts provisioned to access one or more software applications;
notifying an authorization service of the first role selection;
receiving, from the authorization service, a first authentication challenge that is based upon the first role selection received from the client device;
transmitting the first authentication challenge to the client device;
receiving a first authentication submission from the client device;
authenticating the first authentication submission; and
in response to authenticating the first authentication submission;
granting the client device access to one or more of the software applications using the provisioned user accounts included in the first role selection; and
recording audit data of usage of the software applications by the client device, wherein the audit data includes identification of the provisioned user accounts used to access the software applications using the first role selection, and wherein the recording further comprises;
receiving, from the authorization service, an audit level that is based on the received first role selection; and
gathering the audit data based on the received audit level.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
-
Citations
18 Claims
-
1. A computer-implemented method comprising:
-
receiving a first role selection from a client device, wherein the first role selection is selected from a plurality of roles, and wherein each of the roles includes one or more user accounts provisioned to access one or more software applications; notifying an authorization service of the first role selection; receiving, from the authorization service, a first authentication challenge that is based upon the first role selection received from the client device; transmitting the first authentication challenge to the client device; receiving a first authentication submission from the client device; authenticating the first authentication submission; and in response to authenticating the first authentication submission; granting the client device access to one or more of the software applications using the provisioned user accounts included in the first role selection; and recording audit data of usage of the software applications by the client device, wherein the audit data includes identification of the provisioned user accounts used to access the software applications using the first role selection, and wherein the recording further comprises; receiving, from the authorization service, an audit level that is based on the received first role selection; and gathering the audit data based on the received audit level. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An information handling system comprising:
-
one or more processors; a memory accessible by at least one of the processors; a nonvolatile storage medium accessible by at least one of the processors; a network adapter that connects the information handling system to a client device a set of instructions stored in the memory and executed by at least one of the processors in order to perform steps of; receiving, at the network adapter, a first role selection from the client device, wherein the first role selection is selected from a plurality of roles, and wherein each of the roles includes one or more user accounts provisioned to access one or more software applications; notifying an authorization service of the first role selection; receiving, from the authorization service, a first authentication challenge that is based upon the first role selection received from the client device; transmitting the first authentication challenge to the client device; receiving a first authentication submission from the client device; authenticating the first authentication submission; and in response to authenticating the first authentication submission; granting the client device access to one or more of the software applications using the provisioned user accounts included in the first role selection; and recording audit data of usage of the software applications by the client device, wherein the audit data includes identification of the provisioned user accounts used to access the software applications using the first role selection, and wherein the recording further comprises; receiving, from the authorization service, an audit level that is based on the received first role selection; and gathering the audit data based on the received audit level. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product stored in a computer readable storage device, comprising functional descriptive material that, when executed by an information handling system, causes the information handling system to perform actions comprising:
-
receiving a first role selection from a client device, wherein the first role selection is selected from a plurality of roles, and wherein each of the roles includes one or more user accounts provisioned to access one or more software applications; notifying an authorization service of the first role selection; receiving, from the authorization service, a first authentication challenge that is based upon the first role selection received from the client device; transmitting the first authentication challenge to the client device; receiving a first authentication submission from the client device; authenticating the first authentication submission; and in response to authenticating the first authentication submission; granting the client device access to one or more of the software applications using the provisioned user accounts included in the first role selection; and recording audit data of usage of the software applications by the client device, wherein the audit data includes identification of the provisioned user accounts used to access the software applications using the first role selection, and wherein the recording further comprises; receiving, from the authorization service, an audit level that is based on the received first role selection; and gathering the audit data based on the received audit level. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification