How to handle the scenario where authorization/approval has been granted to a privileged session, but the user has now switched roles? They still have access to request the account until their approval has expired.
Another scenario: potential breach has occurred and we want to revoke all existing privileged account approvals? Or for just one account?
How to accomplish as I don't see you can revoke or discontinue approval after it has been completed? I do see you can end session, but in credential rotation that doesn't apply, and monitoring sessions constantly to make sure they are not started is not feasible.
Removing CPAM access is one option, but may not be desirable in certain scenarios.
Solved! Go to Solution.