New Just-in-time Access Capabilities in Session Management

March 13, 2024 Lilach Faerman Koren

Session Management

CyberArk announces the release of a new method for isolating and monitoring privileged sessions, enabling just-in-time (JIT) access permissions for use of vaulted credentials.

The main objective, in alignment with the CyberArk Blueprint, is to reduce the risk of credential theft when using standing privileges. As previously announced, CyberArk supports the provisioning of access to target systems by creating an ephemeral local user with time-bound permissions to access resources tagged with attribute-based access controls (ABAC).

At CyberArk, we know that this approach is not suitable for all customers and use cases, because some users must access targets with a personal privileged domain account that is stored in a vault.  The new capability addresses this use case by allowing customers to limit the access rights of a personal privileged domain account, enabling it only when needed with just-in-time provisioning.

Now, customers can connect to Windows targets with credentials that are managed in the CyberArk Privilege Cloud vault with little or no associated permissions. Upon connecting to a target system, users receive only a selected range of relevant permissions defined in the appropriate policy. At the end of the session, these permissions are automatically revoked.

With this new workflow, users can access Windows targets on a just-in-time basis, while maintaining the existing user profiles of an account, including key credential management and rotation policies. This also helps customers address audit and compliance requirements as it enhances the principle of least privilege by restricting access permissions to the minimum necessary. 

This capability adds to the existing CyberArk session management capabilities, allowing users to access targets with zero standing privileges, reducing the risk and operational burden of a standing account or credential.

Learn more about JIT connection to targets with vaulted credentials and elevated permissions.


To learn more about the CyberArk session management capabilities, please visit:
Session management capabilities in CyberArk PAM.
 

Previous Article
New Secrets Management Capabilities: CyberArk Secrets Hub, CyberArk Conjur Cloud, CyberArk Conjur Enterprise, CyberArk Credential Providers
New Secrets Management Capabilities: CyberArk Secrets Hub, CyberArk Conjur Cloud, CyberArk Conjur Enterprise, CyberArk Credential Providers

Secrets Management, Secrets Hub, Conjur, AWS Secrets Manager, Azure Key Vault, Kubernetes

Next Article
CyberArk Privilege Cloud version 14.1 Release
CyberArk Privilege Cloud version 14.1 Release

CyberArk Privilege Cloud v14.1 enhances the discovery service with new onboarding rules and the connector m...