Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: Managing a lifecycle of a shared privileged account via a proxy service which comprises an Identity Management (IdM) system that defines and manages identity services, which in turn manage privileged accounts used to access managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requestor. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requestor uses to access the corresponding managed target. When use of the shared privileged account is ended, the shared privileges module disassociates the requestor with the shared privileged account by deleting the shared ID authorization account.

Abstract: Managing a lifecycle of a shared privileged account via a proxy service which comprises an Identity Management (IdM) system that defines and manages identity services, which in turn manage privileged accounts used to access managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requestor. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requestor uses to access the corresponding managed target. When use of the shared privileged account is ended, the shared privileges module disassociates the requestor with the shared privileged account by deleting the shared ID authorization account.

Abstract: A method, system and computer-usable medium are disclosed for managing the lifecycle of a shared privileged account. A proxy service is implemented with an Identity Management (IdM) system that defines and manages a plurality of identity services, which in turn manage a plurality of privileged accounts used to access a plurality of managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requestor. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requestor uses to access the corresponding managed target.

Abstract: Methods and apparatus are provided for role-based shared access control to a protected system using reusable user identifiers while maintaining individual accountability. Role-based access control is provided for a protected system by receiving a request from an end user to access a given protected system; determining a role of the end user for the access to the given protected system; receiving a privileged reusable user identifier and password for the given protected system and role; and providing the privileged reusable user identifier and password to the given protected system on behalf of the end user. Role-based access control is also provided for a protected system by receiving a request to verify an end user requesting access to a given protected system; determining a role of the end user for the access to the given protected system; and providing a privileged reusable user identifier and password for the given protected system and role.

Abstract: A method, system and computer-usable medium are disclosed for managing the lifecycle of a shared privileged account. A proxy service is implemented with an Identity Management (IdM) system that defines and manages a plurality of identity services, which in turn manage a plurality of privileged accounts used to access a plurality of managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requester. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requester uses to access the corresponding managed target.