Approval Workflows

Configure Fast, Delegated Access to Privileged Accounts

ERPM helps you configure password check out workflows that save management time while granting faster access to authorized IT staff whenever needed for routine service or emergency firecall repairs.

Enterprise Random Password Manager (ERPM) makes it easy for you to configure workflows that quickly provide authorized users audited access to privileged logins – from any allowed location, at approved times, while automating the approval steps to save your IT managers' time. 

With ERPM you can configure checkout rules for any user or role. For example, you can grant a specific group of IT managers the ability to access a particular group of systems – with the option to always be alerted to each access – while requiring all other groups to get explicit approvals before gaining access. 

ERPM Password Grant Notification

ERPM Password Grant Notification
(Click to Enlarge)


Fast Approval Process

As a workflow approver, you'll receive notification whenever it's time to grant or deny a request. As soon as you take action, the user receives an email alerting them that their request has been approved or denied. If the request has been approved, the user can immediately check out the password from a secure web console.

You can configure ERPM to re-randomize recovered passwords after use to prevent sharing of privileged logins, and to ensure there's an authoritative audit trail that shows precisely who had access to each account, when and for what purpose.

ERPM also supports integration with external workflow systems through its Event Sink functionality. This makes it easy to integrate ERPM with any existing workflow systems that you may already have in place. ERPM can also send alerts by email, SMS, phone and more. 

Double Safekeeping Support

ERPM can be configured for double safekeeping, or the two-man rule, to help ensure high levels of security during critical operations that may require approvals of two or more authorized personnel when accessing sensitive resources. ERPM can break up static and dynamic privileged account passwords into as many different segments as required by an organization's IT policies. Each password segment is assigned to an authorized user (or group) at the appropriate time, in a fully audited manner.

In practice, an IT manager might recover one segment of the password, while an IT administrator may obtain another segment separately. Together both parties have the entire password, but neither individual can access the resource alone, and neither needs to disclose their portion of the password to anyone else. Delegation, along with the splitting and assembly of passwords, is accomplished automatically and configured on an account-by-account basis for all types of passwords, including privileged passwords.

Contact us to learn more about how Lieberman Software can help you secure your organization's privileged accounts.