Has anyone implemented a solution that changes the Challenge Response “key” on a frequent basis (Ideally daily). We have CyberArk, so theoretically could store in their vault but looking to see what options might be available.
Page 1 / 1
I haven’t implemented it yet, but essentially what you're asking for is more in line with MFA, which was released into EPM Policies not that long ago if I remember correctly.
Going the MFA route would be your rotational key generation and can be setup with OIDC or RADIUS
Documentation reference:
If you are using PM Cloud it may be worth checking out our JIT Application Access feature.
Has anyone implemented a solution that changes the Challenge Response “key” on a frequent basis (Ideally daily). We have CyberArk, so theoretically could store in their vault but looking to see what options might be available.
What’s the problem you are actually trying to solve here Michael?
As Mike and James have noted, there may be some other product features which may offer alternatives, although introduce considerations such as needing internet connectivity.
At the same time, daily C&R key rotations is not without it’s own challenges, as depending upon your management platform and connectivity of your devices, not all machine may receive the updated policy - meaning the ‘latest’ key will not generate a valid responses for every machine.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.