Checkout policies
The Checkout policies section found in Administration – Modules – Privileged access – Checkout policies allows administrators to create and edit separate policies for Privileged Access Management (PAM) checkout. Checkout policies can then be applied to specific entries and folders (right-click, then Properties – Common – Checkout policies), or configured to be applied by default to everything.
Name
Set a name for the checkout policy.
Is default
Apply the checkout policy to every PAM entry/folder by default.
Checkout mode
Enable or disable checkouts altogether.
Approval mode
Define which requests require approval, if any.
Users can approve their own checkout requests
Choose whether users can approve their own requests, and under which condition.
MFA on checkout
Require multifactor authentication when checking out an entry. The options are: Default, None, Mandatory, or Mandatory on JIT elevation only. Users must have MFA enabled in the Devolutions Portal under Sign-in & security for MFA to be enforced on checkout.
Checkout reason
Choose under which conditions users need to provide a reason for checking out an entry.
Check out time (minutes)
Set a default checkout duration in minutes.
Max check out time (minutes)
Set a maximum checkout duration, after which no time extensions are allowed.
Terminate sessions on check in
Force session termination when the account is checked in.
Last updated
Was this helpful?