Privileged account manager, access management
First Claim
1. A system, comprising:
- a memory storing a plurality of instructions; and
one or more processors of a service provider computer, wherein the one or more processors are configured to access the memory and to execute the plurality of instructions to;
receive, from a target system including a target computer, identification of a user-accessible account of the target system to be managed, the user-accessible account being accessible by a user of a user device, the user-accessible account being hosted on the target computer, and the user-accessible account being configured to manage a password associated with the user-accessible account;
associate the user-accessible account with a security account of the service provider computer, the security account configured to access the user-accessible account without the password and to modify the password while accessing the user-accessible account;
receive, from the user device, a request for the password, the password for providing the user with access to the user-accessible account of the target system;
check out the password to the user;
enable the user to log into the user-accessible account using the checked-out password;
identify that the user, while logged into the user-accessible account, has changed the checked-out password to a second password different from the checked-out password; and
automatically log into the user-accessible account, using the security account without the checked-out password, and modify the user-accessible account in response to the user checking the checked-out password back into the system such that the second password is no longer associated with the user-accessible account.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.
-
Citations
17 Claims
-
1. A system, comprising:
-
a memory storing a plurality of instructions; and one or more processors of a service provider computer, wherein the one or more processors are configured to access the memory and to execute the plurality of instructions to; receive, from a target system including a target computer, identification of a user-accessible account of the target system to be managed, the user-accessible account being accessible by a user of a user device, the user-accessible account being hosted on the target computer, and the user-accessible account being configured to manage a password associated with the user-accessible account; associate the user-accessible account with a security account of the service provider computer, the security account configured to access the user-accessible account without the password and to modify the password while accessing the user-accessible account; receive, from the user device, a request for the password, the password for providing the user with access to the user-accessible account of the target system; check out the password to the user; enable the user to log into the user-accessible account using the checked-out password; identify that the user, while logged into the user-accessible account, has changed the checked-out password to a second password different from the checked-out password; and automatically log into the user-accessible account, using the security account without the checked-out password, and modify the user-accessible account in response to the user checking the checked-out password back into the system such that the second password is no longer associated with the user-accessible account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method, comprising:
-
receiving, by a service provider computer, from a target system including a target computer, information associated with an account to be managed by the service provider computer, the account being accessible by a user of a user device, the account being hosted on the target computer, and the account being configured to manage a password associated with the account; associating, by the service provider computer, the account to be managed with a security account of the service provider computer, the security account not being accessible by the user and being configured to access the account without the password and to modify the password while accessing the account; receiving, from the user device, a request for the password, the password for providing the user with access to the account to be managed; in response to a user request, received by the computer system, to access the account to be managed, checking out the password to the user; enabling the user to log into the account using the checked-out password; identifying that the user, while logged into the account, has changed the checked-out password to a second password different from the checked-out password; and automatically logging into the account, using the security account without the checked-out password, and modifying the second password to a third password in response to the user checking in the checked-out password, the third password at least different from the second password. - View Dependent Claims (12, 13)
-
-
14. A computer-readable memory storing a plurality of instructions executable by one or more processors of a service provider computer, the plurality of instructions comprising:
-
instructions that cause the one or more processors to receive, from a target system including at least one target computer, identification of an account of a plurality of accounts of the target system to be managed, the account being accessible by a user of a user device, the account being hosted on the at least one target computer, and the account being configured to manage a password for logging into the account; instructions that cause the one or more processors to associate the account to be managed with a security account of the service provider computer, the security account not being accessible by the user and being configured to access the account without the password and to modify the password while accessing the account; instructions that cause the one or more processors to receive, from the user device, an authentication request and a request for the password associated with the account to be managed; instructions that cause the one or more processors to check out the password to the user based at least in part on successful authentication of the user; instructions that cause the one or more processors to enable the user to log into the account using the checked-out password; instructions that cause the one or more processors to identify that the user, while logged into the account, has changed the checked-out password to a second password different from the checked-out password; and instructions that cause the one or more processors to automatically log into the account, using the security account, and modify the second password after the checked-out password is checked into the security account by the user. - View Dependent Claims (15, 16, 17)
-
Specification