Best use of Microsoft PAM

Allow the management of all users, including Service Accounts.

Allow for management of all groups from all domains from all forests, including Bastion Forest itself

Any user can make a request subject to approvals

USE CASES:

  • Create privileged user in Bastion AD
    1. Subject to approvals
    2. Business Defines number of approvals
    3. User represents a privileged account in any of the domains
  • Create group in Bastion AD
    1. Subject to approvals
    2. Business Defines number of approvals
    3. Group represents a privileged group in any of the domains
  • Create role in Bastion AD
    1. Subject to approvals
    2. Business Defines number of approvals for role creation
    3. Add Groups to the role. You can add groups from multiple domains
    4. Define number of approvals required for Just In Time access to this role
  • Add user to a role
    1. Subject to approvals
    2. Business Defines number of approvals
    3. User is added to the respective groups in Bastion and grants access to their respective domains
  • Add group to Role
    1. Subject to approvals
    2. Business Defines number of approvals
    3. Add groups from any domains\forest making roles cover multiple domains\forests
  • Remove user from Role
    1. Subject to approvals
    2. Business Defines number of approvals
  • Remove group from Role
    1. Subject to approvals
    2. Business Defines number of approvals
  • Delete a user
    1. Subject to approvals
    2. Business Defines number of approvals
    3. User is also deleted from Bastion AD
  • Delete a group
    1. Subject to approvals
    2. Business Defines number of approvals
    3. User is also deleted in Bastion AD
  • Delete role
    1. Subject to approvals
    2. Business Defines number of approvals
  • Request Just in time access
    1. Any user can request for any user subject to approvals defined in Role Creation
    2. Have 3 tier approvals for different types of access
      1. 0 approvals for low level access, daily operational tasks
      2. 1 approval for medium access
      3. 2 approvals for highly sensitive accounts
      4. Include request in PROD Cut-over planning and requests
  • Automatically delete users upon their termination in HR
  • Provide Emergency Termination Mechanism

Let us know if you want to know more info@mernacaj.com