You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Background: Administrators often use shared privileged accounts instead of their personal accounts when performing sensitive operations. A typical workflow is as follows:
Login to the IdP: The administrator signs into the Identity Provider (IdP).
SSO to the PAM Application: From the IdP, the administrator SSO's into the PAM system (e.g., CyberArk, BeyondTrust).
Password Checkout: Within the PAM application, the administrator retrieves the password for a shared privileged account.
Access Critical Systems: The administrator uses the shared account credentials to access servers and systems to perform their tasks.
Problem: When the IdP issues a command to terminate all sessions associated with an administrator—perhaps due to security policy or detected anomalies—only sessions authenticated via the IdP are closed. Sessions initiated within the PAM application using a checked-out shared account remain active. This creates a security gap where an administrator’s privileged session may continue even after a termination signal is sent, potentially leaving critical systems exposed to unauthorized access.
Recommended Fix: We should introduce a dedicated “recommendations” section for PAM applications within our guidelines. Specifically, if a PAM solution acts as the Relying Party (RP) and receives a termination request for an administrator’s session, it should automatically rotate or invalidate any passwords currently checked out by that administrator. This integration would ensure that, upon session termination, any residual privileged access is promptly disabled.
The text was updated successfully, but these errors were encountered:
Background: Administrators often use shared privileged accounts instead of their personal accounts when performing sensitive operations. A typical workflow is as follows:
Problem: When the IdP issues a command to terminate all sessions associated with an administrator—perhaps due to security policy or detected anomalies—only sessions authenticated via the IdP are closed. Sessions initiated within the PAM application using a checked-out shared account remain active. This creates a security gap where an administrator’s privileged session may continue even after a termination signal is sent, potentially leaving critical systems exposed to unauthorized access.
Recommended Fix: We should introduce a dedicated “recommendations” section for PAM applications within our guidelines. Specifically, if a PAM solution acts as the Relying Party (RP) and receives a termination request for an administrator’s session, it should automatically rotate or invalidate any passwords currently checked out by that administrator. This integration would ensure that, upon session termination, any residual privileged access is promptly disabled.
The text was updated successfully, but these errors were encountered: