OTP Elevation
2 min
for managerial approval, if an application has an otp elevation policy, when the end user clicks it below the time limit is asked no reason is required for the otp elevation, just a time limit is required when a time limit is chosen, the end user needs to enter otp from the kron pam mobile client or kron pam gui the end user has 3 rights to enter otp when otp is approved a notification pops up to the end user which tells otp is approved and another notification specifies time limit for usage of application the application is also started automatically by the agent; there is no need for the end user to launch it manually maximum allowed time limit is 24 hours or 1440 minutes if custom is chosen managerial approval elevation is an online feature if the client is offline, this feature is not going to work for managerial approval elevation, the reason entered by the end user is seen on the approval list of the manager otp elevation has offline feature, so if the agent cannot establish a connection with kron pam and has to run offline, otp elevation still works and verifies the token locally to use this function on the agent group level, “offline aa” (offline authentication and authorization) has to be enabled