Enable ticket validation and dual control

This topic describes how to enable ticket validation and dual control.

Overview

You can configure dual control together with ticketing integration so that users can only access privileged accounts after ensuring that they have a valid open ticket and/or receiving manual confirmation from authorized managers. This enforces validations of requests against an open ticket as well as enforcing a dual control approval workflow.

Users can access accounts with the following methods:

Method	Description
Standard: Combined ticketing system integration and dual control	Before accessing a privileged account, users are required to specify a ticketing system and the ID of a ticket that will be validated against the ticketing system in addition to creating a dual control request. According to configuration, tickets can be validated before the request is sent, after confirmation has been received from authorized managers, or at both stages. After the ticket has been validated and the user has received request confirmation, they can access the account. This workflow supports all operations for accounts, including Show, Copy and Connect and PSM.
Emergency: Ticketing system integration and dual control based on ticket type	In this workflow, users are required to specify a ticketing system and the ID of a ticket that will be validated against the ticketing system. Depending on the type of ticket that has been specified, users may or may not be required to create a dual control request. For example, the system can allow users to access a privileged account after they provide a valid open incident ticket, while enforcing an approval workflow when the user provides a valid open change ticket. If dual control is not implemented for this ticket type, the ticket is immediately validated against the ticketing system and the account can be accessed.

Method

Description

Standard: Combined ticketing system integration and dual control

Before accessing a privileged account, users are required to specify a ticketing system and the ID of a ticket that will be validated against the ticketing system in addition to creating a dual control request. According to configuration, tickets can be validated before the request is sent, after confirmation has been received from authorized managers, or at both stages. After the ticket has been validated and the user has received request confirmation, they can access the account. This workflow supports all operations for accounts, including Show, Copy and Connect and PSM.

Emergency: Ticketing system integration and dual control based on ticket type

In this workflow, users are required to specify a ticketing system and the ID of a ticket that will be validated against the ticketing system. Depending on the type of ticket that has been specified, users may or may not be required to create a dual control request. For example, the system can allow users to access a privileged account after they provide a valid open incident ticket, while enforcing an approval workflow when the user provides a valid open change ticket. If dual control is not implemented for this ticket type, the ticket is immediately validated against the ticketing system and the account can be accessed.

Ticketing system integration and dual control are configured separately, and can be enforced independently of each other. These new workflows allow you to enforce different validation workflows for various ticketing systems and/or ticket types. This flexibility enables you to manage and audit multiple workflows, according to specific enterprise standards.

Before you begin

Configure each validation flow separately:

Configure dual control. For details, seeSet up dual control for connecting to a target device
Configure your ticketing system. See Integrate with enterprise ticketing system

After each validation flow is configured, perform the procedures below.

Enable dual control based on ticket type

In the Privilege Cloud Portal, go to Administration > Configuration Options.
In the Options pane, expand Configurations > Ticketing Systems, and then click ServiceNow.

In the Properties pane, define the following properties:

Property	Description
IncidentTicketIdentification	Defines a regular expression that identifies incident tickets. If the ticketing system you are configuring only handles incident tickets, specify .* to match all ticket IDs that are specified for this ticketing system. If the ticketing system you are configuring only handles other ticket types, leave this parameter empty
ChangeTicketIdentification	Defines a regular expression that identifies change tickets. If the ticketing system you are configuring only handles change tickets, specify .* to match all ticket IDs that are specified for this ticketing system. If the ticketing system you are configuring only handles other ticket types, leave this parameter empty

If the ticket ID specified by the user matches both regular expressions, the ticket will be considered an Incident

Click OK.

Activate dual control together with ticketing system integration

In the Privilege Cloud Portal, go to Administration > Configuration Options.
In the Options pane, under Configurations , click Dual Control.
In the Properties pane, set AllowDualControlWithTicketingIntegration to Yes.
Click OK.