Back to resources
How Multi-Profile Checkouts Empower Users and Enforce Security
January 2021 / 3 min. read /
Multi-Profile Checkout for AWS, Azure, GCP, & OCI
We’re pleased to announce an exciting new feature to Britive’s Multi-Cloud Privilege Management Platform: multi-profile checkouts for Just-In-Time (JIT) access.
Multi-profile checkouts allow users to access more than one profile concurrently to get their jobs done faster.
Why We Did It
A Britive customer came to us with a problem. The customer used our JIT model and was pleased with its security and management capabilities, but because of their system's structure, users often needed to access more than one profile to complete tasks. Rather than a user checking out a single profile that bundled all of the privileges they needed together, the user would have to complete a task under one profile and complete a different task under another. This slowed productivity overall and impeded the user’s ability to get their job done on time.
With the Britive console, multi-profile checkouts allow the same user to access the profiles they need without having to check-in and out again. We introduced the feature in October, and it is now compatible with all key cloud service platforms (CSPs), including Amazon (AWS), Microsoft Azure, Google Cloud (GCP), and Oracle Cloud (OCI).
How It Works
The screenshot above shows the My Access console before multi-profile checkouts. Checkout, Checkin, Programmatic, and Console Access buttons are highlighted with text.
In the case of the customer cited in this blog post, users needed to check out and check-in repeatedly to complete their tasks.
When particular tasks are assigned to specific profiles, users needed to access those profiles to do their jobs. This approach is acceptable, but required a customized refinement if we were going to meet the customer’s needs.
Now let’s look at the My Access console after the multi-profile feature update.
This screenshot shows the My Access console for an end-user with the latest release of multi-profile checkout capability. Console and Programmatic Access have separate menus with one button under each menu to Checkout and Checkin access.
Of note: the multi-profile feature only applies to console access. Programmatic access (CLI) supports checking out only one profile at a time. For end-users, however, console access is sufficient and enables them to complete tasks efficiently.
Advanced Cloud Security & Management Capabilities
Britive recommends using a single profile that bundles all the permissions a user needs to complete their job. However, if your organization prefers to associate permissions with different profiles, our multi-profile checkout feature delivers the capabilities you need.
Related: 4 Advantages of Just In Time Privileged Access Management