The master policy enables organizations to permit users to check out a ‘one-time’ password and lock it so that no other users can retrieve it at the same time.
PSM can automatically unlock these exclusive accounts after a PSM session ends.
The enforce check-in\check-out exclusive access master policy rule is activated on the account platform.
- Make sure that your Privilege Cloud Connector (or Connectors in case of multiple PSMs) is version 11.7 or higher.
Configure automatic unlock in the Privilege Cloud Portal
You must have permissions to configure platforms to perform this procedure.
To configure automatic unlock:
In the Privilege Cloud Portal, open the relevant platform for editing. For details, see Edit a platform.
In the left pane, click UI & Workflows > Privileged Session Management, and then set ExclusiveUnlockAfterPSMSession to Yes.
- Save your changes.
Notes and limitations
- When you use an account for several connections , the account is unlocked when the first session terminates.
- Unlocking accounts whose platform was activated for check-in/check-out exclusive access or one-time password access can interfere with these flows.
For details, see Enforce check-in/check-out exclusive access.Be aware of this when configuring platforms with PSM automatic unlock.