Privileged account plug-in framework-step-up validation
First Claim
1. A system, comprising:
- a memory storing computer-executable instructions;
a privileged access management server that provides a privileged access management service configured with a plug-in framework for accessing at least a first secure resource and a second secure resource;
a plug-in server that is isolated from the privileged access management server by a firewall; and
a processor of the privileged access management server configured to access the memory and execute the computer-executable instructions to at least;
receive, from an administrator associated with an administrative account that manages the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access the first secure resource, the user associated with a user account;
receive, from the administrator, a request to deploy the plug-in code on the plug-in server that is isolated from the privileged access management server by a firewall in order to solve a security risk;
generate instructions for implementing the workflow on the plug-in server that is isolated from the privileged access management server based at least in part on the received plug-in code;
receive, from a computing device of the user, a log-in request including at least authentication information for authenticating the user with the privileged access management service;
securely log the user into the privileged access management service based at least in part on the authentication information;
provide access to the second secure resource after the user is securely logged into the privileged access management service and based at least in part on the authentication with the privileged access management service;
receive, from the computing device of the user, a request to access the first secure resource while the user is still logged into the privileged access management service;
based at least in part on the request to deploy the plug-in code on the plug-in server that is isolated by the firewall, transmit the instructions, to the plug-in server, to implement the workflow for performing the step-up validation to enable access of the user to the first secure by resource, the plug-in server configured to;
provide an automated message via a telephone call to a device of the administrator associated with the administrative account, the automated message identifying the request of the user to access the first secure resource, the administrative account being separate from the user account of the user and not part of another account with the user account of the user;
receive a selection, from the device of the administrator, of an option for allowing or denying the user to access the first secure resource, the selection made via a button of the device of the administrator; and
transmit the option selected by the administrator to the privileged access management server;
receive, from the plug-in server, the option selected by the administrator; and
provide access to the first secure resource based at least in part on the option selected by the administrator while the user is still logged into the privileged access management service.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, plug-in code for implementing a workflow that includes step-up validation associated with a user attempting to access at least one secure resource may be received. Access to the at least one secure resource may be provided when the user is authenticated with respect to the service. In some examples, a request to access a second secure resource may be received. Additionally, in some examples, the workflow to perform the step-up validation may be implemented at least in response to the request to access the second secure resource. The workflow implemented based at least in part on an attribute associated with the request.
-
Citations
11 Claims
-
1. A system, comprising:
-
a memory storing computer-executable instructions; a privileged access management server that provides a privileged access management service configured with a plug-in framework for accessing at least a first secure resource and a second secure resource; a plug-in server that is isolated from the privileged access management server by a firewall; and a processor of the privileged access management server configured to access the memory and execute the computer-executable instructions to at least; receive, from an administrator associated with an administrative account that manages the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access the first secure resource, the user associated with a user account; receive, from the administrator, a request to deploy the plug-in code on the plug-in server that is isolated from the privileged access management server by a firewall in order to solve a security risk; generate instructions for implementing the workflow on the plug-in server that is isolated from the privileged access management server based at least in part on the received plug-in code; receive, from a computing device of the user, a log-in request including at least authentication information for authenticating the user with the privileged access management service; securely log the user into the privileged access management service based at least in part on the authentication information; provide access to the second secure resource after the user is securely logged into the privileged access management service and based at least in part on the authentication with the privileged access management service; receive, from the computing device of the user, a request to access the first secure resource while the user is still logged into the privileged access management service; based at least in part on the request to deploy the plug-in code on the plug-in server that is isolated by the firewall, transmit the instructions, to the plug-in server, to implement the workflow for performing the step-up validation to enable access of the user to the first secure by resource, the plug-in server configured to; provide an automated message via a telephone call to a device of the administrator associated with the administrative account, the automated message identifying the request of the user to access the first secure resource, the administrative account being separate from the user account of the user and not part of another account with the user account of the user; receive a selection, from the device of the administrator, of an option for allowing or denying the user to access the first secure resource, the selection made via a button of the device of the administrator; and transmit the option selected by the administrator to the privileged access management server; receive, from the plug-in server, the option selected by the administrator; and provide access to the first secure resource based at least in part on the option selected by the administrator while the user is still logged into the privileged access management service. - View Dependent Claims (2)
-
-
3. A non-transitory computer-readable storage memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
instructions that cause the one or more processors to receive, from an administrator associated with an administrative account that manages the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access a first secure resource, the user associated with a user account; instructions that cause the one or more processors to receive, from the administrator, a request to deploy the plug-in code on a plug-in server that is isolated from a privileged access management server by a firewall in order to solve a security risk; instructions that cause the one or more processors to receive, from a computing device of the user, a log-in request including at least authentication information for authenticating the user with a privileged access management service provided by the privileged access management server; instructions that cause the one or more processors to securely log the user into the privileged access management service based at least in part on the authentication information; instructions that cause the one or more processors to provide access to a second secure resource after the user is securely logged into the privileged access management service and based at least in part on the authentication with the privileged access management service; instructions that cause the one or more processors to receive, from the computing device of the user, a request to access the first secure resource while the user is still logged into the privileged access management service; instructions that cause the one or more processors to transmit, to the plug-in server, the instructions to implement the workflow for performing the step-up validation to enable access of the user to the first secure resource based at least in part on the request to deploy the plug-in code on the plug-in server that is isolated by the firewall, the plug-in server configured to; provide an automated message via a telephone call to a device of the administrator associated with the administrative account, the automated message identifying the request of the user to access the first secure resource, the administrative account being separate from the user account of the user and not part of another account with the user account of the user; receive a selection, from the device of the administrator, of an option for allowing or denying the user to access the first secure resource, the selection made via a button of the device of the administrator; and transmit the option selected by the administrator to the privileged access management server; instructions that cause the one or more processors to receive, from the plug-in server, the option selected by the administrator; and instructions that cause the one or more processors to provide access to the first secure resource based at least in part on the option selected by the administrator while the user is still logged into the privileged access management service. - View Dependent Claims (4, 5, 6)
-
-
7. A computer-implemented method, comprising:
-
receiving, from an administrator associated with an administrative account that manages the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access a first secure resource, the user associated with a user account; receiving, from the administrator, a request to deploy the plug-in code on a plug-in server that is isolated from a privileged access management server by a firewall in order to solve a security risk; generating instructions for implementing the workflow on the plug-in server that is isolated from the privileged access management server based at least in part on the received plug-in code; receiving, from a computing device of the user, a log-in request including at least authentication information for authenticating the user with a privileged access management service provided by the privileged access management server; securely logging the user into the privileged access management service based at least in part on the authentication information; providing access to a second secure resource after the user is securely logged into the privileged access management service and based at least in part on the authentication with the privileged access management service; receiving, from the computing device of the user, a request to access the first secure resource while the user is still logged into the privileged access management service; based at least in part on the request to deploy the plug-in code on the plug-in server that is isolated by the firewall, transmitting the instructions, to the plug-in server, to implement the workflow for performing the step-up validation to enable access of the user to the first secure resource, the plug-in server configured to; provide an automated message via a telephone call to a device of the administrator associated with the administrative account, the automated message identifying the request of the user to access the first secure resource, the administrative account being separate from the user account of the user and not part of another account with the user account of the user; receive a selection, from the device of the administrator, of an option for allowing or denying the user to access the first secure resource, the selection made via a button of the device of the administrator; and transmit the option selected by the administrator to the privileged access management server; receiving, from the plug-in server, the option selected by the administrator; and providing access to the first secure resource based at least in part on the option selected by the administrator while the user is still logged into the privileged access management service. - View Dependent Claims (8, 9, 10, 11)
-
Specification