Abstract: One embodiment provides event handling in a cloud based multi-tenant identity management system. Embodiments receive a plurality of individual events and a request to create a group from the individual events. Embodiments publish the group as a composite event and persist the composite event in a composite queue. Embodiments then dispatch the composite event to a composite handler, parse the composite event and persist the individual events in respective event queues.

Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.

Abstract: A privileged account management system is provided that controls the management and access of resources within the organization. Resources may include target systems and accounts of the organization. In an embodiment, the privileged account management system is configured to enable the creation of one or more resource groups. A resource group includes a subset of a plurality of resources provided by the organization. In certain embodiments, the privileged account management system is configured to define one or more groups of administrative entities within the organization and assign to each administrative entity in a group of administrative entities, a set of privileges on a resource group. In certain embodiments, the privileged account manager system may be configured to enable an administrative entity from a group of administrative entities to delegate a subset of privileges associated with a resource group to a user entity not in the group of administrative entities.

Abstract: A cloud based identity management system that handles a plurality of published events that are published and consumed by microservices provides a dynamic queue that includes one or more active queues and one or more inactive queues. Embodiments create selectors for all of the active queues and the inactive queues and binds subscribers to each active queue. Embodiments dynamically cause at least one of the inactive queues to become one of the active queues when a number of published events increases.

Abstract: A cloud based identity management system that handles a plurality of published events that are published and consumed by microservices provides a dynamic queue that includes one or more active queues and one or more inactive queues. Embodiments create selectors for all of the active queues and the inactive queues and binds subscribers to each active queue. Embodiments dynamically cause at least one of the inactive queues to become one of the active queues when a number of published events increases.

Abstract: A system and method can monitor one or more user sessions on a target system in a computing environment. An account managing system can capture a plurality of user session screen captures that are associated with said one or more user sessions on the target system. Furthermore, the account managing system can compare a user session screen capture, which is captured at a time during said one or more user sessions, with one or more user session screen captures that are recorded before the time. Then, the account managing system can record said user session screen capture if the target system is determined to be active at the time when said user session screen capture is captured.

Abstract: One embodiment provides event handling in a cloud based multi-tenant identity management system. Embodiments receive a plurality of individual events and a request to create a group from the individual events. Embodiments publish the group as a composite event and persist the composite event in a composite queue. Embodiments then dispatch the composite event to a composite handler, parse the composite event and persist the individual events in respective event queues.

Abstract: A system and method can support user account management in a computing environment. The computing environment can include a video encoding pool to support load balancing and a managing server, such as a privileged account manager server. The video encoding pool includes a set of nodes that are able to perform one or more video processing tasks for another node. Furthermore, the managing server can receive a request from a managed node in the computing environment for delegating a video processing task, and can select one or more nodes from the video encoding pool to load balance and to perform the video processing task.

Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.

Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.

Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, plug-in code for implementing a workflow that includes step-up validation associated with a user attempting to access at least one secure resource may be received. Access to the at least one secure resource may be provided when the user is authenticated with respect to the service. In some examples, a request to access a second secure resource may be received. Additionally, in some examples, the workflow to perform the step-up validation may be implemented at least in response to the request to access the second secure resource. The workflow implemented based at least in part on an attribute associated with the request.

Abstract: Techniques for managing network-connected objects are provided. In some examples, code for accessing a network-connected object may be received. The code may be configured to enable generation of an application programming interface method. In some aspects, account information associated with a user may be stored. A particular method call corresponding to the application programming interface method may be received from a computer device of the user. The particular method call may include a request to access the network-connected object. In some examples, the request to access the network-connected object may be authenticated based at least in part on the account information. Additionally, in some examples, an instruction to the network-connected object may be provided over a network if the request is authenticated.

Abstract: Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.

Abstract: Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.

Abstract: Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.

Abstract: A privileged account management system is provided that controls the management and access of resources within the organization. Resources may include target systems and accounts of the organization. In an embodiment, the privileged account management system is configured to enable the creation of one or more resource groups. A resource group includes a subset of a plurality of resources provided by the organization. In certain embodiments, the privileged account management system is configured to define one or more groups of administrative entities within the organization and assign to each administrative entity in a group of administrative entities, a set of privileges on a resource group. In certain embodiments, the privileged account manager system may be configured to enable an administrative entity from a group of administrative entities to delegate a subset of privileges associated with a resource group to a user entity not in the group of administrative entities.

Abstract: A system and method can monitor one or more user sessions on a target system in a computing environment. An account managing system can capture a plurality of user session screen captures that are associated with said one or more user sessions on the target system. Furthermore, the account managing system can compare a user session screen capture, which is captured at a time during said one or more user sessions, with one or more user session screen captures that are recorded before the time. Then, the account managing system can record said user session screen capture if the target system is determined to be active at the time when said user session screen capture is captured.

Abstract: A system and method can support user account management in a computing environment. The computing environment can include a video encoding pool to support load balancing and a managing server, such as a privileged account manager server. The video encoding pool includes a set of nodes that are able to perform one or more video processing tasks for another node. Furthermore, the managing server can receive a request from a managed node in the computing environment for delegating a video processing task, and can select one or more nodes from the video encoding pool to load babalance and to perform the video processing task.

Abstract: A system and method can monitor one or more user sessions on a target system in a computing environment. An account managing system can capture a plurality of user session screen captures that are associated with said one or more user sessions on the target system. Furthermore, the account managing system can compare a user session screen capture, which is captured at a time during said one or more user sessions, with one or more user session screen captures that are recorded before the time. Then, the account managing system can record said user session screen capture if the target system is determined to be active at the time when said user session screen capture is captured.

Abstract: A system and method can support user account management in a computing environment. A managing server, such as a privileged account manager server, can use an agent to manage a target system in the computing environment. The agent on the target system can initiate a video processing task based on a plurality of user session screens recorded on the target system, wherein the video processing task encodes the plurality of user session screens into a video. Furthermore, the agent can determine whether a resource usage for performing the video processing task on the target system exceeds a threshold. Then, the agent can dynamically offload the video processing task to a managing server that operates to manage the target system, if the resource usage for performing the video processing task on the target system exceeds the threshold.