+33
Completed

Upgrades to Host Pass

Michael Bannerman 4 years ago updated by Simon (Annet) 7 months ago 28 4 duplicates

Parneters would like additional options for the host pass feature. Capturing suggestions in this ticket.


1. Expand the Lifetime of the host pass or make it configurable. There are times when you'll have extended engagements with vendors and need more than a day for them to complete work.

2. For the permissions, allow the host to pick from a list of existing roles to further limit the permission of hosts using the Host Pass feature.

3. Restrict the ability to use the host pass feature based on role (role-based permission)


Available in Version:
6.5

Duplicates 4

Pending Review

also with the feature set ShouldRevalidateAccessToken to True


unless there is another fix.

+6

1. I would like to see a GetSessionHostPass permission to only allow certain security roles to use the Get Host Pass command.


2. I agree that there should be an interface to enumerate, configure, and/or revoke existing host passes, both at a session level or across the entire SC system.


3. A nice security feature would be to have the ability to require MFA or at least specify password protection for the host pass URL at the time of creation. Anything is better than a free-for-all URL.

+1

Partners should be able to set the duration of host pass. As long as we also have the option to end the pass early if needed.

+5

Would like it to be a security feature. not all users should be able to create / send out a Host Pass.

+3

Add fields to Get Host Pass for audit purposes. Our company is SOX compliant and we need to be able to track activities from the host passes but also why they were awarded, so when creating a host pass the user could have a few custom questions added to the host pass creation such as: Name, Company, Reason for the pass, etc.

+2

Add the possibility to globally deactivate features in host passes such as but not limited to:
- Block guest input
- Blank screen
- Reboot computer in safe mode
- Reboot computer in Normal mode
- Prompt / Store for credentials

- Disable Toolbox

- Screenshots and videos


Also need the possibility to revoke any Host pass without killing the session




I found that the name of the host doesn't change on the console, logs etc even if the user who got the host past link add his own name when he launch the link. Is that possible to solve that too ?

Under Review
Roadmapped
Under Review
Roadmapped

+1 for "1. Expand the Lifetime of the host pass or make it configurable. There are times when you'll have extended engagements with vendors and need more than a day for them to complete work."


At a minimum a "no expire" option should be implemented ASAP.

-1
Completed

So now that it's completed can we get a run-down of what made it in the request and what didn't?

+1

In 6.5, we've added 1 week, 2 weeks and 30 days to the lifetime options for a host pass. The ability to revoke all host passes before their time is up is also coming down the pipeline. We'll take a look at adding in a way to select permissions when creating a host pass, for the 6.6-6.7 release. 

I just updated to 6.5 and I don't currently see this option. Is there documentation on it somewhere, does it need enabled?

+2

How about option 3: "Restrict the ability to use the host pass feature based on role (role-based permission)".

Is that something that is still on the roadmap?

+2

I just want some users not to be able to create Host Pass links. This is a security issue. There is an extension that removes Host Pass, but that is to remove it overall for all users. I need it just for some users with specific roles. 

I agree with Jasper, the option 3 arguably the most important out of them all didn't get included. Whats the go guys?

I really dont get why Host Pass still isnt a role-based option. Its essential!

i agree. we should be able to control who is able to create a host pass and what options that they can. as in maybe a view only host pass

Since voting is disabled, here’s my +1 for the ability to restrict the host pass feature by role.