In our last blog, we went through the steps to discover machines/accounts and protect them via secrets. In this edition, we bring to you how we can incorporate approval process before any user tries to access the servers using Admin credentials. This will make the end users as well as the approvers accountable for their actions.

NOTE: If you are interested to know about the user story where this implementation can be applied, please read our PAM Simplified - Blog Series - Part 2.

Any user who needs to access a secret or login to a server via PAM, needs to go via a mandatory approval process. The process can be single level or multi-level.

• Navigate to Admin->Workflows 

• In addition to the approval workflow, build a secret policy, specifying the enforcement of approval process.

• Once the above steps are completed, attach the workflow to the secret with which you desire to incorporate the approval process.

One can configure automated email notifications; whenever a request is created, approved/rejected at a given stage, request completed, etc., an intimation would be sent to the admin.

OOB email notification template above; the notifications are customisable based on the requirements.

Watch the video to understand the request approval process in ISVPV

Request Approval Process in IBM Security Verify Privilege Vault

Curious to know about other features? Have a further read on our next blog.

Learn More at:
IBM Security Verify Privilege Vault Product Details
IBM Security Verify Privilege Vault Technical Documentation

For any queries, contact @Sushmita Das / @Sivapatham Muthaiah