In this step, users will be configuring child processes. When an application is launched it may be required to run some child processes to make the application function. Since not every application requires this and it could be used as an attack vector, system admins can decide whether this application will be permitted to call and execute child processes or not. If this is not configured with care, it can prevent applications from running normally. 

In the last step, the user is expected to configure a just-in-time access configuration. When an agent blocks an application users can ask for an elevation to access the blocked application. Users can configure the required security steps to grant access to the user. This can be configured separately for admins and standard users. To get access depending on the configuration users can be asked for MFA and Managerial approval via email.

Upon creating an application group successfully, the user is supposed to assign applications to that group. When the user clicks on the settings icon on the application policy group a menu will be opened. From this menu, a user can edit existing attributes of an application group, add a new application to the group, or delete the application group. Clicking on edit will prompt the exact same flow while creating a group with existing attributes. 

Upon clicking add a new application button, Kron PAM will ask for application attributes. As said earlier, the user can either manually input these attributes or select discovered applications as shown in the figure below. Application name is mandatory while adding a new application, but users can choose to add its hash or not. 

While adding a policy if the application or process has the parameters it can be written in the application name section.

After selecting the application name or other values, the user can optionally select the child process configuration of this application. Since this is also selected while creating an application policy group, users’ choice here will overwrite that configuration is a different choice is made. After clicking the save button application will add to the group successfully.

Learn how to configure child processes and just-in-time access for applications with our comprehensive document. Take control of which applications are allowed to call and execute child processes, and configure security measures for granting access to blo

Block Policy Group

Elevate Policy Group

Allow

Block

Elevate

Advance Policy for Applications

Advance Policy for Windows Services

Advanced Policy

Kron PAM - Agent Reference Guide

KronPAM- Agent Reference Guide

Installation

Agent Dashboard

Application Catalog

Application Discovery

Multi-Factor Authentication

Session and Authentication Logs

Realm Check for Windows Agent

Windows Agent

Linux Agent

Single Mode Installation for Linux

Hybrid Mode Installation for Linux

Agent Installation for macOS

Multitenancy Enabled Installation

Linux/Unix Agent

Creating Device Groups

Creating Device Realms

Adding a Device from the Device Inventory

Device Management

Agent Management

Creating White/Black Policy Keys

Creating Policy Groups

Creating Policy Realms

Policy Management

System Configurations

Agent Logs

Agent Reference Guide