PAM360 enables administrators to configure self-service privilege elevation on target endpoints using an agent-based approach. With access control enabled for accounts in resources where self-service privilege elevation agents are configured, self-service privilege elevation will take precedence over password access control. This means users can log in to their target resources and run specific types of applications (CMD, EXE, MSI, MSC, and BAT) as a PAM360 privileged account with elevated privileges without requiring privileged account credentials.
Self-service privilege elevation enables users to perform special administrative actions on applications by auto-approving their requests and elevating their privileges temporarily to carry out their intended tasks. Once the requested activity is completed, their application privileges will be revoked and the credentials to the target resources will be rotated automatically.
This is different from the regular just-in-time privilege elevation, as JIT includes a time-based request-release mechanism to elevate users into respective security groups automatically and demote them.
A couple of good use cases pertaining to this feature include, but not limited to:
With appropriate privileges, administrators and users can generate custom reports on self-service privilege elevation events. Learn more about enabling and configuring self-service privilege elevation on target systems.
Watch video