Managerial Approval for RDP Proxy Connections
A privileged user’s RDP connection to target devices can be limited with a managerial approval requirement. To enable a managerial approval request via email for users connecting to devices, the approvalRequiredForConnection property must be set as true on the device group with the target devices. The managerial approval mechanism for connections is addressed in the Approval Management section. Please refer to the section Managerial Approval for Connections To configure Managerial Approval for RDP connections:
- Navigate to Device Management > Device Groups.
- Right-click the device group and select the Show Properties option.
- Set approvalRequiredForConnection as true.
When managerial approval for a user is set as true, an approval email is sent to the user’s group manager. For each attempt, a new approval email is generated and sent to the manager’s email address. A parameter can be configured to limit the amount of emails sent to the manager, for each repeated connection attempt. For example, let‘s assume this parameter is set to 300 seconds and a user attempts to connect a device more than one time in five minutes - only one email approval request will be sent to the manager. If you would like to have only one email to be sent for each connection attempt, the default value of this parameter (”0”) can be used.
- Navigate to Administration > System Config. Man.
- Add the parameter below: aioc.approval.email.timeout = 0 (default value is “0” and the value label is in seconds)
- After the parameters are set, restart netright-tomcat by establishing an SSH connection to the Kron PAM server and running the command: systemctl restart netright-tomcat