Skip to main content

What are the best practices for configuring managed accounts for non-privileged access?

For example, 200 developers who need access to multiple servers.

What is the recommended best practice in this scenario?

Specifically: Should each developer have an individual non-privileged domain account?

Is there a better approach for managing a large number of non-privileged users accessing multiple servers (e.g., using groups, role-based access, PAM, etc.)?

Very important: We do not want one developer’s session to be accessible or “stealable” by another developer.

Looking for guidance on how organizations typically handle this setup securely and efficiently.

Every organization will have its own requirements and process, we don’t have a best practice but there are some smart rules example. You can review the smart rules examples on granting access to assets, Link a Managed Account to a Managed System, Granting access, Granting access to Managed Systems. 

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0019021

 

To ensure there’s no session hijacking for RDP session you can configure the access policies to prevent these from happening and limit the number of concurrent session.

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017978

Badge Earners

Show all badges
Terms & ConditionsCookie settingsAccessibility statement