Approval Management

Admins configure managerial approval for device connections, command executions, and SAPM password retrievals. Managerial approval can be configured either for all connections towards a device group, for all connections of a user group, or for a specific device group realm.

As a PAM service, Kron PAM enables the management of approvals for authentication and authorization. Users may have privileged rights defined to connect to specific devices or be privileged, commanding in-session policies by having approval from a more privileged user.

Authentication and authorization requests for approval are managed from the Approval Management page. There are three types of approvals managed from this page: SAPM, Connection, and Command.

Device connections, command executions, and SAPM password retrieval requests that require managerial approval can be managed from a single page. Managers can approve or reject received requests from this page. The administrators can also trigger escalation manually after defining escalation settings as described in the Approval Workflow steps. Users who approved a request earlier can revoke their approvals by clicking the Cancel button.