Requesting and Granting Roles, Passwordless Access
This tutorial illustrates how users can request roles, how administrators can grant them and how roles grant passwordless access to target hosts.
Key Concepts
- Multi-Factor Authentication (MFA) (Steps 1-2)
- Requesting roles (Steps 3-4)
- Granting roles (Steps 5-7)
- Passwordless access (Steps 8-9)
Steps
- Our example user chris.hall logs in to PrivX.

- This PrivX instance has Multi-Factor Authentication (MFA) active, so Chris checks the pin code from his authenticator application, for example Google Authenticator app.

- In this example, Chris needs SSH-based access to certain target hosts. The desired access is governed by role ssh-user, which he does not (yet) have.

- He clicks Request a new role, fills in the required information and submits his request for role ssh-user.

The pending request is shown under My Requests. An approver (a member of privx-admin in this example) needs to approve the request.

- An Administrator logs in and sees the pending role request from Chris on his home page.

- The administrator reviews the request and grants the role.

- The request status changes also on Chris's My Requests and the new role is listed on his My Roles.


- Chris decides to take his new role for a spin, so he navigates to Connections and checks out his newly available SSH target hosts. He clicks PrivXDemo Linux-3 ...

- ... and is granted passwordless access as user ubuntu.

Updated over 2 years ago