How Does Elevated Access Work? Follow
Interested in Elevated Access, but curious how it works at Evo? Refer to this mock scenario to get a better idea of a use case.
You are an MSP, and you have set up a client and their users with an On-Prem Directory. In order for you to conduct any administrative responsibilities on these endpoints your client uses, you have a super admin user called "SuperAdmin". This user has all of the permissions and access to do any and all changes to the machine. However, "SuperAdmin" has specific credentials, and your techs all share these credentials whenever they need to log-in as "SuperAdmin". This is not safe and secure, and sharing credentials is dangerous.
Enter "Elevated Access". With Elevated Access, your techs will no longer need to share those credentials, and will be able to Access "SuperAdmin" using their own personal credentials! On the Evo Portal, You will add "SuperAdmin" as a "shared account". You can do this by either syncing that user directly from the directory (recommended in this scenario) or adding this user manually. This is the user that is "shared" by your techs. Once "SuperAdmin" has been added as a shared account, you can now create an "Elevated Access Assignment Group", where you can assign specific users to have access to that shared account. Your techs, Joe, Billy, and Susan, all share "SuperAdmin's" credentials, so you add Joe, Billy, and Susan to the Elevated Access Assignment Group that "SuperAdmin" is now a part of.
Once these assignments have been created, you'll need to create an Access Token/Secret to be attached to the Evo Credential Provider installed on the end-point in question (refer to https://support.evosecurity.com/hc/en-us/articles/10117446354971-Access-Tokens for more information about access tokens), but that is the final piece of the puzzle. Once this has been configured correctly, you'll now notice a new "Elevated Access" Checkbox on the credential provider. Clicking that checkbox, Joe will be prompted to enter your personal e-mail and password combination, receive a push notification or enter the OTP from his own device, and then be able to login as "SuperAdmin!" That's really all there is to it!
If you have any questions or concerns about Elevated Access, do please reach out and we would be happy to speak on it further.
Please sign in to leave a comment.