Policy-driven approach to managing privileged/shared identity in an enterprise

Assignee

• International Business Machines Corporation · US

Inventors

• Kaushal Kiran Kapadia · Pune, IN
• Gaurav Gupta · San Francisco, US
• Rohit Jaiswal · Bengaluru, IN
• Gaurang Sudhakar Tapase · Pune, IN
• Sachin Sanjay Gujar · Bellevue, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/082
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.