Lock and release an account
This topic describes how to lock an account when you connect to it so that no other user can connect to the account at the same time.
Some auditing and control requirements demand full identification and monitoring of users who access privileged accounts. In addition, there might also be a requirement to guarantee accountability, so each user who accesses a privileged account must be the only one to do so.
Privilege Cloud admins can activate this rule in the Master Policy (or as an exception). For details, see Enforce check-in/check-out exclusive access.
How does it work
The password to the account can be retrieved by one user at a time. Once the user connects to the account, the account is locked and cannot be accessed by other users. When the user releases the account, the account is unlocked and can be used by a different user.
Locked accounts have a lock icon next to them. If you have the View Safe Members authorization, you can see who locked an account by hovering on the icon. For details on viewing accounts, see Search for an account.
Releasing an account
Once you are done with an account, you need to release it. If you do not release it manually, then it will be released automatically after a period of time (configured by your admin).
To release an account you locked:
- In the Privilege Cloud Portal Accounts View, click Additional details & actions in classic interface.
- In the Accounts classic interface, click Locked Accounts and select the account to release.
From the Manage drop-down menu, click Release.
To release an account as an admin:
You must have the Unlock accounts permission to perform this task.
In the Privilege Cloud Portal Accounts View, from the Accounts list, select the account, click More actions and then click Edit.
On the Edit Accounts page, click Show advanced section, and then click Release.