Automatically unlock accounts

The master policy enables organizations to permit users to check out a ‘one-time’ password and lock it so that no other users can retrieve it at the same time. For details, see Enforce check-in/check-out exclusive access. After the user has used the password, the user checks the password back into Privilege Cloud. This ensures exclusive usage of the privileged account, enabling full control and tracking for the password.

PSM can automatically unlock these exclusive accounts after a PSM session ends.


  • The enforce check-in\check-out exclusive access master policy rule is activated on the account platform.

  • Make sure that your Privilege Cloud Connector (or Connectors in case of multiple PSMs) is version 11.7 or higher.

Configure automatic unlock in the Privilege Cloud Portal

You must have permissions to configure platforms to perform this procedure.

To configure automatic unlock:

  1. In the Privilege Cloud Portal, open the relevant platform for editing. For details, see Edit a platform.

  2. In the left pane, click UI & Workflows > Privileged Session Management, and then set ExclusiveUnlockAfterPSMSession to Yes.

  3. Save your changes.

Notes and limitations

  • When you use an account for several connections , the account is unlocked when the first session terminates.
  • Unlocking accounts whose platform was activated for check-in/check-out exclusive access or one-time password access can interfere with these flows.For details, see Enforce check-in/check-out exclusive access. Be aware of this when configuring platforms with PSM automatic unlock.