Day to day management of Keeper Privilege Manager elevation requests
As end-users generate elevation requests, administrators can efficiently manage these requests through the Keeper Admin Console. This interface provides a streamlined process for approving or denying requests in real-time, ensuring that legitimate user needs are met while maintaining security.
To manage elevation requests:
Log in to the Keeper Admin Console
Navigate to Endpoint Privilege Manager > Requests tab
The requests dashboard displays all pending elevation requests across your environment. By default, requests are sorted by wait time and priority, ensuring that users are processed in the order received.
To review a specific request:
Click on any request in the queue to open its details
Review the detailed information provided:
Application information
User's justification message
For each request, administrators can:
Approve: Grant temporary elevated privileges for the requested process
Deny: Reject the elevation request with an optional explanation
For organizations with high volumes of elevation requests:
Delegation: Configure multiple approvers across different teams or regions
Auto-Approval Rules: Set up to automatically approve routine requests
Generate Alerts: Keeper's Advanced Reporting & Alerts module can send real-time alerts.
From the Keeper Admin Console, go to Reporting & Alerts > Alerts > and create a new Alert.
Select "Agent created approval request" from the event types and then choose the recipients.
The recipient can be an email address, SMS text message, or Webhook to any automation platform or ITSM such as Slack, Jira, ServiceNow, etc.
Keeper Commander supports request automation through our command-line interface, Service Mode and Python SDK. about Endpoint Privilege Manager commands.
The pedm approval command provides management over approvals.
Approve or deny a request with pedm approval --approve or pedm approval --deny
Endpoint details (IP address, device name, operating system)
Request timestamp and duration
Associated policies
My Vault> pedm approval -h
pedm command [--options]
Command Description
--------- -----------------------------
list List PEDM approval requests
action Modify PEDM approval requestsMy Vault> pedm approval action -h
usage: action [-h] [--approve APPROVE] [--deny DENY] [--remove REMOVE]
Modify PEDM approval requests
options:
-h, --help show this help message and exit
--approve APPROVE Request UIDs for approval
--deny DENY Request UIDs for denial
--remove REMOVE Request UIDs for removal. UID, @approved, @denied, @pending
