Skip to main content

Application-Key Signoff Task Flow

The following list describes the high-level task flow for setting up a PrivX Key Manager system with application-key signoff and access-request capabilities.

  1. An installation expert sets up the Key Manager system. For more information about setting up Key Manager components, see the PrivX Key Manager Installation Manuals.

  2. To enable application-key signoff features in the Key Manager system, an installation expert sets up Key Manager User Portal components. This includes granting User Portal access to application owners, either via local User Portal accounts or via Active Directory accounts.

After the necessary systems have been set up, Key Manager administrators and application owners can cooperatively sign off application keys as follows:

  1. Using Key Manager, Key Manager administrators assign user keys to applications, specifying what application(s) each key belongs to. Key Manager administrators then assign application owners to review these application keys.

  2. Using User Portal, application owners review the user keys belonging to their applications. Application owners then submit action requests for keys, which describe what actions (if any) are needed to sign off the key. For example, application owners can submit action requests for deleting unused user keys, or submit action requests for setting existing authorizations with usage restrictions.

  3. If application policies require action requests to be approved by application owners, Key Manager administrators assigns application owners to approve action requests submitted for the keys belonging in their respective applications.

  4. Back in the Key Manager system, Key Manager administrators review the submitted action requests (if required by application policy).

  • After the action request has gathered all the necessary approvals, Key Manager automatically modifies the target authorization according to the actions specified in the request, and the associated application keys are then considered to be successfully signed off.

  • If a Key Manager administrator denies an action request, nothing is done to the key. Application owners are required to submit another action request.

At any time after the systems are set up, access requests can be processed as follows:

  1. Key Manager administrators or other administrative personnel configure the access-request workflow in User Portal.

  2. If application policies require access requests to be approved by application owners, Key Manager administrators assigns application owners to approve access requests submitted for their respective applications.

  3. Application owners use User Portal to create and approve access requests.

  4. In the Key Manager system, Key Manager administrators review the submitted requests (if required by application policy). Once the access request is approved, Key Manager automatically creates the requested authorizations to any managed accounts. Key Manager administrators must manually add authorizations to any external destinations.

Detailed instructions for User Portal setup, application-key signoff, and access-request management are provided in the later sections of this User Portal Manual.