Managing temporary changes to user access control policy
Securely manage temporary changes to all users’ network access rights. Manage changes to how employees, contractors or partners access the network.
Published June 16, 2015Here's how IT can strengthen user access control policy with the ability to securely manage temporary changes to users’ network access rights.
To secure sensitive information, an organization may need to restrict the amount of time employees, contractors or external partners can access certain systems.
Users need access rights to fully perform their tasks, but not for more time than is necessary. IT administrators can easily make these changes in access restrictions but often forget to revoke or remove access when no longer required. By leaving access open to users once they are done with their temporary assignments, the organization leaves a window open for a security breach to occur.
Temporary access control policies can help minimize that window and reduce the risk of a breach.
With UserLock, administrators can easily set temporary access rules for a user, user group or organizational unit. The rules have the same access restriction options as a permanent account, but for a time period that the IT administrator deems appropriate for the user.
IT administrators can set policies on:
The number and type of authorized sessions (including Wi-Fi, VPN and IIS session control)
The location where a user may log in to the network
The hours or day that users can access systems or a temporary adjustment to an automatic logout time for working long hours. The system automatically activates the temporary changes, and automatically deactivates the changes once the user exceeds the defined time period.
The organization now has the ability to increase or reduce access restrictions normally in force for one or more users, without having to edit or remove existing original rules, and then return to the original rules automatically after the exception period. This can be also be helpful if you need to manage secure network access for temp staff.
To further protect access to an enterprise network, administrators can use UserLock’s temporary accounts to set a network connection ban for any employee on vacation.
These updates to UserLock help to protect company data while freeing up time for administrators, leaving them secure in the knowledge that no access modifications are left beyond their immediate need. UserLock continues to ensure everyone has sufficient access rights to fully perform their tasks without restriction, but no more.