Admins configure managerial approval for device connections, command executions, and SAPM password retrievals. Managerial approval can be configured either for all connections towards a device group, for all connections of a user group, or for a specific device group realm.
As a PAM service, Kron PAM enables the management of approvals for authentication and authorization. Users may have privileged rights defined to connect to specific devices or be privileged, commanding in-session policies by having approval from a more privileged user.
Authentication and authorization requests for approval are managed from the Approval Management page. There are three types of approvals managed from this page: SAPM, Connection, and Command.
Device connections, command executions, and SAPM password retrieval requests that require managerial approval can be managed from a single page. Managers can approve or reject received requests from this page. The administrators can also trigger escalation manually after defining escalation settings as described in the Approval Workflow steps. Users who approved a request earlier can revoke their approvals by clicking the Cancel button.
- Navigate to Policy Control > Approval Management.
- Click the Search button to list all requests.
- Click the request’s Options button to approve, reject, escalate, or cancel the request.
- If users select the approve or reject options, the approver or rejecter can also enter comments in the pop-up.