Return
-
Title
Enhancement: Ability to configure default password request duration -
Description
Ability to configure default password request duration Currently every password request has a default duration of 2 hours and this cannot be changed. -
Resolution
This was added in TPAM 2.5.916 and above via BFER 7998. From the 2.5.916 Release Notes:
"Added default request duration setting to access policies. The password, session or file request default duration is now pulled from the either the access policy or the account settings."
Further detail:
The 'default duration' will be 2 hours or the 'Maximum Duration'; whichever is less.Beyond this, there is the ability to create a custom 'Access Policy' (via "Management | Access Policies") beyond the default Access Policies - in the Access Policy there is a 'Dflt Duration' value which can over-ride the above.This can be applied to Password, Session, and File requests. The value does not get saved with the request, it is only used to populate the initial Request Duration. For Password and Session requests with multiple accounts the default will be the minimum across all the accounts. For appropriate CLI Request commands that do not specify duration it will still default to 120 (2 hours), unless an Access Policy has a value configured for 'Dflt Duration'. -
Change Request
BFER 7998