Hi community,
I have an integrated PASM environment deployed in Pathfinder. I have a group of dedicated admin accounts that I want to make available to a specific group of users.
I configured requester permissions for this user group over the dedicated admin account smart group. The access policy is configured for auto-approval.
I want to prevent users from requesting the password directly from the Password Safe user console, so they cannot access the servers without using PRA. To achieve this, I enabled the “API Only Access” option in the access policy, but the users are still able to request the accounts through Password Safe.
I verified that:
- The users belong to only one user group.
- The only smart group with configured permissions is the one described above.
Am I missing something, or is there another way to restrict managed account access?
Thank you.
