If you are granted permission to checkout the password for a target system, you can access the system for the period specified. You can continue to use the session on the target system after the approved period of time expires as long as you don't exit the session. If you exit the session, however, and attempt to check out the password to start a new session after the temporarily approved period expires, you must submit a new Checkout access request.
Although you can check out local system account passwords on registered mobile devices, you cannot check out the password if the account has workflow enabled. If the password checkout for a local system account requires an approver, the Checkout feature on the mobile device is not supported.
To request a password checkout:
- In the Admin Portal, click Resources, then click Systems, Domains, Databases, or Accounts to locate the account for which you want to check out a password.
- Click Systems if you want to check out the password for an account with access to a specific system name or system type.
- Click Domains if you want to check out the password for an account with access to a specific domain.
- Click Databases if you want to check out the password for an account with access to a specific database.
- Click Accounts if you want to search or filter the accounts listed by account name or check the account health before requesting access to the password.
Select the account and open the Actions menu, then click Request Checkout.
Note: If Workflow is enabled on the account, the password can only be checked out during the time period specified by the admin. For example between 1pm - 2pm. This adjusts the checkout duration to ensure the password is checked back in by the end of the time period. For example 2pm.
Type the business reason for requesting permission to check out the password.
Select whether you are requesting permanent access or access during a specific window of time.
If you select Windowed access, specify the start date and time and the end data and time. For example:
An email notification of your request is sent directly to the designated approver and your request will be displayed on the Requests tab in the Admin Portal.
Click the Requests tab to see the status of your request.
You will also receive an email notification when you request is approved or denied. If your request is approved and you have been granted temporary access, you will have a limited time to select the Checkout action. If the temporary approval period expires before you check out the password, you can submit a new request. Keep in mind that the request approval period is separate from the maximum password checkout time, which is controlled by a global- or object-specific policy.