Managing Requests

Day to day management of Keeper Privilege Manager elevation requests

Managing Elevation Requests

As end-users generate elevation requests, administrators can efficiently manage these requests through the Keeper Admin Console. This interface provides a streamlined process for approving or denying requests in real-time, ensuring that legitimate user needs are met while maintaining security.

Accessing the Requests Dashboard

To manage elevation requests:

  1. Log in to the Keeper Admin Console

  2. Navigate to Endpoint Privilege Manager > Requests tab

Working with the Request Queue

The requests dashboard displays all pending elevation requests across your environment. By default, requests are sorted by wait time and priority, ensuring that users are processed in the order received.

Endpoint Privilege Manager Requests Dashboard

Reviewing Request Details

To review a specific request:

  1. Click on any request in the queue to open its details

  2. Review the detailed information provided:

    • Application information

    • User's justification message

    • Endpoint details (IP address, device name, operating system)

    • Request timestamp and duration

    • Associated policies

Detailed View of an Elevation Request

Taking Action on Requests

For each request, administrators can:

  • Approve: Grant temporary elevated privileges for the requested process

  • Deny: Reject the elevation request with an optional explanation

Managing Request Volumes

For organizations with high volumes of elevation requests:

  • Delegation: Configure multiple approvers across different teams or regions

  • Auto-Approval Rules: Set up policies to automatically approve routine requests

  • Generate Alerts: Keeper's Advanced Reporting & Alerts module can send real-time alerts.

Alert Setup

From the Keeper Admin Console, go to Reporting & Alerts > Alerts > and create a new Alert.

Select "Agent created approval request" from the event types and then choose the recipients.

The recipient can be an email address, SMS text message, or Webhook to any automation platform or ITSM such as Slack, Jira, ServiceNow, etc.

Automation with Commander

Keeper Commander supports request automation through our command-line interface, Service Mode REST API and Python SDK. Learn more about Endpoint Privilege Manager commands.

Approvals

The pedm approval command provides management over approvals.

My Vault> pedm approval -h
pedm command [--options]

Command    Description
---------  -----------------------------
list       List PEDM approval requests
action     Modify PEDM approval requests

Approve or deny a request with pedm approval --approve or pedm approval --deny

My Vault> pedm approval action -h
usage: action [-h] [--approve APPROVE] [--deny DENY] [--remove REMOVE]

Modify PEDM approval requests

options:
  -h, --help         show this help message and exit
  --approve APPROVE  Request UIDs for approval
  --deny DENY        Request UIDs for denial
  --remove REMOVE    Request UIDs for removal. UID, @approved, @denied, @pending
PreviousFile Access Policy TypeNextBest Practices

Last updated

Was this helpful?