Reference Guide

Approval Management

Admins configure managerial approval for device connections, command executions, and SAPM password retrievals. Managerial approval can be configured for all connections towards a device group, for all connections of a user group, or for a specific device group realm.

As a PAM service, Kron PAM enables the management of approvals for authentication and authorization. Users may have privileged rights defined to connect to specific devices or be privileged, commanding in-session policies with approval from a more privileged user.

Authentication and authorization requests for approval are managed from the Approval Management page. There are three types of approvals managed from this page: SAPM, Connection, and Command.

Device connections, command executions, and SAPM password retrieval requests that require managerial approval can be managed from a single page. Managers can approve or reject received requests from this page. Administrators can also manually trigger escalation after defining escalation settings described in the Approval Workflow steps. Users who approved a request earlier can revoke their approvals by clicking the Cancel button.

  1. Click on the KronPAM logo. (The screen is shown when you first open the new interface.)
  2. Click the request’s Action button to approve, reject, escalate, or cancel the request.
  3. If users select the approve or reject options, the approver or rejecter can also enter comments in the pop-up.