Iraje Time Based Access manual version 8

Introduction

Iraje PAM supports Time Based Access module. Time Based Access is a special process in which user requests for access at a scheduled time of the day or within a scheduled time interval, which is then granted by the PAM admins if the request is valid and appropriate.

Purpose

By providing users enough access at just the right times,organizations can reduce the attack surface by providing privileged access for no longer than necessary and also reduce operational overhead and management.

Target Audience

End Users | Admins Using Iraje PAM

Category of Time-Based Access

Iraje PAM offers two types of Time-Based Access module:

Iraje PAM provides facility where Super or Group admin PAM users are notified for below activities:

TBA for Devices or Connections:

Time Based Access for devices is the process where the user sends request through Access Control Directory to access a particular device which is not allocated to him/her. It is the decision of the PAM admin whether to grant or reject the access to the user. If request is granted, then the user will be able to access the device for that time interval.

TBA for Users on the PAM Portal:

Time Based Access to users on the portal, is the method where the PAM admin defines a time period for the user to access the Iraje PAM dashboard.

Request flow for Time Based Access for a Device

Step 1: Go to ‘Access Control Directory’

Step 2: Click on 'Directory Access'

Step 3: Select the 'Group' and Click on ‘Connection Request’

Step 4: Enter the required details in the fields and click on ‘Request’

Step 5: Click on 'Request' and then on 'OK'

Step 6: Email or SMS alert is sent to the PAM Admins to approve the User request

Step 7: Once the PAM Admins approves the request, user will be able to view the connection & access the same via PAM

Request flow for Time Based Access for a Portal

Step 1: Go to ‘Access Control Manager’

Step 2: Click on ‘Directory Access’

Step 3: Select on ‘ADMIN ‘and click on ‘Connect’

Step 4: Click on ‘Manage User’ Option

Step 5: To enable TBA for Iraje Portal, we need to define 4 things