New Just-in-time Access Capabilities in Session Management

March 13, 2024 Lilach Faerman Koren

Session Management

CyberArk announces the release of a new method for isolating and monitoring privileged sessions, enabling just-in-time (JIT) access permissions for use of vaulted credentials.

The main objective, in alignment with the CyberArk Blueprint, is to reduce the risk of credential theft when using standing privileges. As previously announced, CyberArk supports the provisioning of access to target systems by creating an ephemeral local user with time-bound permissions to access resources tagged with attribute-based access controls (ABAC).

At CyberArk, we know that this approach is not suitable for all customers and use cases, because some users must access targets with a personal privileged domain account that is stored in a vault. The new capability addresses this use case by allowing customers to limit the access rights of a personal privileged domain account, enabling it only when needed with just-in-time provisioning.

Now, customers can connect to Windows targets with credentials that are managed in the CyberArk Privilege Cloud vault with little or no associated permissions. Upon connecting to a target system, users receive only a selected range of relevant permissions defined in the appropriate policy. At the end of the session, these permissions are automatically revoked.

With this new workflow, users can access Windows targets on a just-in-time basis, while maintaining the existing user profiles of an account, including key credential management and rotation policies. This also helps customers address audit and compliance requirements as it enhances the principle of least privilege by restricting access permissions to the minimum necessary.

This capability adds to the existing CyberArk session management capabilities, allowing users to access targets with zero standing privileges, reducing the risk and operational burden of a standing account or credential.

Learn more about JIT connection to targets with vaulted credentials and elevated permissions.

To learn more about the CyberArk session management capabilities, please visit:
Session management capabilities in CyberArk PAM.

New Secrets Management Capabilities: CyberArk Secrets Hub, CyberArk Conjur Cloud, CyberArk Conjur Enterprise, CyberArk Credential Providers

Secrets Management, Secrets Hub, Conjur, AWS Secrets Manager, Azure Key Vault, Kubernetes

CyberArk Privilege Cloud version 14.1 Release

CyberArk Privilege Cloud v14.1 enhances the discovery service with new onboarding rules and the connector m...

Up Your Security I.Q. by Checking Out Our Collection of Curated Resources.

New Just-in-time Access Capabilities in Session Management

Previous Article

Next Article

STAY IN TOUCH

New Just-in-time Access Capabilities in Session Management

Previous Article

Next Article

Recommended for You

Footprint reduction, TCO saving and enhanced security in session management with CyberArk Privilege Cloud.

Secrets Management, Secrets Hub, Conjur, AWS Secrets Manager, Azure Key Vault, Kubernetes

CyberArk Privilege Cloud v14.1 enhances the discovery service with new onboarding rules and the connector management service with improvements to Privileged session manager upgrade.

Secrets Management, Conjur, AWS Secrets Manager (ASM), Azure Key Vault (AKV), cloud workloads, cloud security, multi-cloud, Kubernetes Security, DevOps

New session management capabilities in CyberArk PAM include TCO reductions and VPN-less, native access to Windows, Linux, databases and Kubernetes, with zero standing privileges or vaulted credentials

Explore CyberArk PAM SH V14’s new features: Increased risk reduction, SAML for PSM for SSH sessions, advanced threat analytics and improved mobile experience.

CyberArk DPA adds Sydney data center, offering improved RDP connections with robust account policies, simplified TLS support and enhanced SSH audit on Linux.

CyberArk Privilege Cloud v14.0 introduces improved operational efficiency and security with enhancements to the solution, which is part of the CyberArk Identity Security Platform.

The CyberArk Identity 23.11 release includes extended passwordless authentication capabilities with passkeys, setting stronger controls for user sessions and scheduling access termination.

CyberArk Identity Security Platform now features automatic discovery of local privileged accounts on endpoints using CyberArk Endpoint Privilege Manager and CyberArk Privilege Cloud.

The CyberArk Identity 23.10 release offers support for Azure Government and includes significant updates improving user experience and extensibility.

Introducing the new CyberArk Privilege Cloud license capacity reporting tool, now available in the CyberArk Marketplace.

CyberArk Identity 23.9 release supports a better end-user experience, new Splunk integration, import of secure notes and enhancements for Secure Web Sessions

The latest CyberArk Dynamic Privileged Access (DPA) release includes support for just-in-time access to Linux machines in GCP and rapid onboarding of AWS accounts

CyberArk Identity 23.8 release supports YubiKey one-time-password for passwordless authentication, additional event types that trigger automated webhooks and email responses.

CyberArk Privilege Cloud v13.2 includes Bring Your Own Key, enhances Privileged Session Manager (PSM) and better UX to Central Policy Manager (CPM) via Connector Management.

The CyberArk Identity 23.7 release allows end users to specify preferred pronouns, simplifies rights needed to run compliance reports and supports custom folder creation for business apps and secured

CyberArk is introducing new UK Data Centers and Audit Reports for Dynamic Privileged Access (DPA), helping customers provide JIT Privileged Access.

The CyberArk Identity 23.6 release supports new user interface (UI) enhancements and CyberArk Workforce Password Management capabilities.