Make managed accounts with JIT-priviledge elevation able to get disabled in Active Directory when unused
1 vote
Hello Devolution-community,
my company is currently testing the PAM-module of the DVLS and the experience so far was great. In an discussuion about the implementation we came up with the question if it wouldn`t be better to keep currently unused (checked-in PAM-credentials in form of persistant AD-accounts) also deactivated in Active Directory?
Whould it be possible to add an configuration option within the Account lifecycle policies of the PAM-module in DVLS?
Our currently used PAM-system from an competitor is able to do just that and i belive securitywise that this would be good improvement for your product.
Let me know how you think about that,
Best regards,
Markus
Hi @markusburkhardt,
Thank you for reaching out. This is already on our roadmap and we are currently on track for delivering this in the later part of the year.
I'll link this thread to our internal ticket and we'll let you know when this is available for you to try out.
Cheers,
Luc Fauvel
Hi @Luc Fauvel,
thanks for the feedback. I am happy that you guys are already working on that.
Regards,
Markus