In the previous post, we were discussing how to manage emergency access to IT resources when an administrator is away. The ‘Super-Administrator’ role in Password Manager Pro (with the privilege to access all passwords) comes in handy to tackle this.

In the latest release (v 6.6), an option has been provided to keep the super-administrator role purely as a break-glass account for emergency access to passwords.  So far, any administrator could change the role of another administrator (not himself) as super-administrator. PMP now provides the option to prevent administrators from creating super-administrators. The objective is to have only one super-administrator for emergency access.

Super-administrator role can be used as break glass account as explained below:

  • Create a new administrator account in PMP and designate the new account as the Super-Administrator
  • The new super-administrator will login and enforce the option of denying other administrators from creating super-administrators. Once this restriction is enforced, super-administrators cannot be created further.
  • The login credentials of this super-administrator will be sealed and kept in a safe to be opened only for emergency access

This way, when you need access to a critical IT resource when the administrator concerned is away, you may request your management for access to the password. The IT head could login as ‘super-administrator’, share and release you the password, which could be automatically reset after your use.

Try Password Manager Pro now!

Bala
ManageEngine Password Manager Pro
Quick Video
| Free Trial Download | White Papers | Success Stories

Related posts :