Access expiration policy

The access expiration policy helps ensure that only legitimate users retain access to SEA. This policy enhances security by managing user access validity.

By default, the system automatically sets expiration times for each user role, which vary based on the role.

Default expiration settings

The system assigns default access expiration periods based on user roles:

  • Access Admin: 180 days
  • Access Manager: 90 days
  • Remote User: 60 days

*Note: For SEA System Admins, access is permanent. Similarly, SEA Access Admins can also have indefinite access if their access expiration time is set to "unlimited."

Users other than System and Access Admins will lose access to SEA after these periods unless their access is extended. You can adjust these default values to align with your organization's specific needs or security requirements.

Users receive email notifications before their access expires, prompting them to submit an extension request with a justification.

Notification schedule

Users are notified via email about impending access expiration according to the following schedule:

  • 7 days before expiration
  • 3 days before expiration
  • 1 day before expiration

You (System or Access Admin) can review these extension requests and either approve or reject them based on the provided justification.

Modify the default policy

  1. Click Configuration > Policies.

    The Policies page displays the default access expiration policies for different user roles.

  2. On the Policies page, click Edit.

  3. In the Edit Maximum Access Expiration dialog box, locate the field for the user role whose policy you want to modify.

  4. Type a new value or select a value from the drop-down list, and click Save.

Note: If you change any default policy values, the new settings won't immediately apply to existing users. They'll only take effect when you explicitly reset each user's expiration time after receiving an access extension request.

Request access extensions

The Remote Sessions page shows details about your current access expiration. If you have a business reason to keep your access for a longer period, you can request an extension there.

  1. Log in to SEA.

  2. Navigate to the Remote Sessions page.

A banner will indicate that your access is nearing its revocation date.

  1. Click Request an access expiration extension, and provide a justification in the provided text box.

  2. Click Request.

This action will trigger a request to all administrators in your organization. Your access might be extended upon their approval.

Manage access extension requests

You can review the expiration time of each user in the Access Expiration column within the Users tab.

  1. From the left service panel, select Secure Equipment Access > Access Management.

  2. On the Access Management page, click Pending Requests > Access expiration requests.

  3. Select the request you wish to review, and then click Approve in the Action column.

  4. In the Approve Request dialog box, choose one of these options:

    • Reset to maximum - This option resets the expiration value to the default value defined in the Policy tab for that user role.
    • Set access expiration date - Choose this to pick a specific expiration date from the calendar.

  5. Click Save.

Once you approve (or reject) the requests:

  • An email notification goes to users, informing them of your decision.
  • The requests will be moved to the Request History > Access extension requests tab for auditing.

Extend access expiration without user requests

If you know in advance that certain users need access to SEA for a longer period, you don't have to wait for them to request an extension. You can easily extend their access directly from the User details page.

  1. From the left service panel, select Secure Equipment Access > Access Management.

  2. On the Access Management page, click the Users tab.

  3. From the table, select the users whose access you want to extend.

  4. In the User details section, click Edit Expiration.

  5. In the Edit Access Expiration dialog box, choose one of these options:

    • Reset to maximum - This option resets the expiration value to the default value defined in the Policy tab for that user role.
    • Set access expiration date - Choose this to pick a specific expiration date from the calendar.

  6. Click Save.

Notes:

  • If users are blocked for reasons other than access expiration, you can unblock them at the same time you extend their access. Just click Unblock user.
  • If users are blocked because their access expired, you can't immediately set an expiration date. When you unblock them, their access expiration will automatically reset to the default value defined in the Policy tab for their user role. After this automatic reset, you can then set a specific access expiration date.

Best practices

  • Regularly review and update expiration policies to reflect current security needs.
  • Document all manual extensions and their justifications for audit purposes.
  • Communicate policy changes and notification schedules to users to ensure awareness.