Requesting and Granting Roles, Passwordless Access
This tutorial illustrates how users can request roles, how administrators can grant them and how roles grant passwordless access to target hosts.
- Multi-Factor Authentication (MFA) (Steps 1-2)
- Requesting roles (Steps 3-4)
- Granting roles (Steps 5-7)
- Passwordless access (Steps 8-9)
- Our example user chris.hall logs in to PrivX.
- This PrivX instance has Multi-Factor Authentication (MFA) active, so Chris checks the pin code from his authenticator application, for example Google Authenticator app.
- In this example, Chris needs SSH-based access to certain target hosts. The desired access is governed by role ssh-user, which he does not (yet) have.
- He clicks Request a new role, fills in the required information and submits his request for role ssh-user.
The pending request is shown under My Requests. An approver (a member of privx-admin in this example) needs to approve the request.
- An Administrator logs in and sees the pending role request from Chris on his home page.
- The administrator reviews the request and grants the role.
- The request status changes also on Chris's My Requests and the new role is listed on his My Roles.
- Chris decides to take his new role for a spin, so he navigates to Connections and checks out his newly available SSH target hosts. He clicks PrivXDemo Linux-3 ...
- ... and is granted passwordless access as user ubuntu.
Updated about 2 years ago