Access Duration
Require requestors to specify their desired access duration to ensure leads privilege
Access Duration refers to the amount of time access will be open to requestors.
By turning on the Require duration toggle, admins require requestors to specify the access time they will need out of the maximum allowed.
This enhances security and accountability by requiring users to specify the length of access needed for each request.
When a user submits a request, the approver sees the requested duration along with other request details. Upon approval, the user is granted access for the specified period.
Enabling the Access Duration setting
By default, access duration is disabled. We recommend enabling this setting to keep open access down to the minimum amount of time needed for a specific task.
Follow this step to enable access duration:
On the Settings page, click the Require duration for access request toggle to on. The toggle will turn green.
Once the setting has been enabled, users must specify their access duration, up to the maximum access duration set by the admin. If the requested duration exceeds the limit, an error message will appear. Entering zero or an invalid value prompts the user to reenter a valid duration.
Enabling picking access duration for Access Right Sizing
Apono analyzes your Access Flows and provides right-sizing recommendations.
When access duration is enabled, Apono compares the requested duration to the maximum allowed and suggests shorter duration times for Least Privilege:
Picking the duration in an access request
Once enabled, users requesting access will be asked to enter their desired access duration when making requests:
In Slack
When users create a new request, they will see the Access Duration field:
Users may pick any duration, including fractions, up to the maximum allowed per resource and permission.
If users attempt to request more than the allowed duration, they will receive a warning to pick a shorter duration.
In the web portal
When users create a new request, they will see the Access Duration field:
Users may pick any duration, including fractions, up to the maximum allowed per resource and permission.
If users attempt to request more than the allowed duration, they will receive a warning to pick a shorter duration.
In CLI
When users create a new request, they will see the Duration field:
Users may pick any duration, including fractions, up to the maximum allowed per resource and permission.
If users attempt to request more than the allowed duration, they will receive a warning to pick a shorter duration.
Last updated