and more in a single search tool across platforms. Read the announcement here. |
on 04/11/2023 06:56 AM
A company wants to ensure the security of their endpoints by configuring out of band access detection. SSM provides an out-of-band access detection functionality that detects and revokes accesses that are assigned by the target system and not SSM. For example, an access that does not have a Task ID associated with account to entitlement mapping. This functionality ensures that out-of-band access assigned directly in the system or through a co-existing IAM system is not assigned without an audit trail. You can set the out-of-band access detection configuration at the endpoint level.
You can assign access to accounts in one of the following ways:
N/A
Perform the following steps to activate the out of band access:
The Deprovisioning tasks will be created for the entries for whom the Taskkey is empty in the Account Entitlements Table. If the Taskkey exists in the Account Entitlements table, the Deprovisioning tasks will not be created.
Note:-SSM enables you to create Deprovision Access or Deprovision Access and Re-create Access Request for the access that is not provisioned through SSM by executing the Revoke Out of Band Access job based on the option selected in the Action for Out of Band Access Detection configuration from the Endpoint Details tab (ADMIN > Identity Repository > Security Systems > Endpoints).