Access expiration policy

The access expiration policy helps ensure that only legitimate users retain access to SEA. This policy enhances security by managing user access validity.

Default expiration settings

By default, the maximal access duration for each user role is unlimited. This means that users will have access to SEA indefinitely. However, you can set specific expiration times (60, 90, or 180 days) for each user role other than SEA System Admin. For SEA System Admins, the unlimited access is permanent.

Modify the default policy

Change the maximum access duration for user roles to meet security requirements.

SEA allows you to limit the length of time different user roles retain access by adjusting the expiration policy.

Before you begin

Ensure you have administrator privileges in SEA.

Follow these steps to modify the default policy:

  1. Click Configuration > Policies.

    The Policies page displays the default access expiration policies for different user roles.

  2. On the Policies page, click Edit.

  3. In the Edit Maximum Access Expiration dialog box, locate the field for the user role whose policy you want to modify.

  4. Select a value from the drop-down list, and click Save.

The new settings do not apply immediately to existing users. Changes are processed during the nightly system check based on the following logic:

  • If the current expiration time is shorter than the new setting: No changes are made.
  • If the current expiration time is longer than the new setting: The expiration will be reduced to match the new value.

Notification schedule

Users are notified via email about impending access expiration according to the following schedule:

  • 7 days before expiration
  • 3 days before expiration
  • 1 day before expiration

You (System or Access Admin) can review these extension requests and either approve or reject them based on the provided justification.

Request access extensions

Request more time before your SEA access is revoked.

If you have a legitimate business reason, you can request an extension of your access directly in SEA.

Before you begin

  • Verify that your access is nearing its expiration date.

Follow these steps to request an access extension:

  1. Log in to SEA.

  2. Navigate to the Remote Sessions page.

A banner will indicate that your access is nearing its revocation date.

  1. Click Request an access expiration extension, and provide a justification in the provided text box.

  2. Click Request.

This action will trigger a request to all administrators in your organization. Your access might be extended upon their approval.

Manage access extension requests

Review and approve or reject users’ requests for more access time.

Administrators can view and manage all pending access extension requests in the Access Management interface.

Before you begin

Ensure you have administrator access.

Follow these steps to manage access extension requests:

  1. From the left service panel, select Secure Equipment Access > Access Management.

  2. On the Access Management page, click Pending Requests > Access expiration requests.

  3. Select the request you wish to review, and then click Approve in the Action column.

  4. In the Approve Request dialog box, choose one of these options:

    • Reset to maximum - This option resets the expiration value to the default value defined in the Policy tab.
    • Set access expiration date - Choose this to pick a specific expiration date from the calendar.

  5. Click Save.

Once you approve (or reject) the requests:

  • An email notification goes to users, informing them of your decision.
  • The requests will be moved to the Request History > Access extension requests tab for auditing.

Extend access expiration without user requests

Proactively extend user access without waiting for a request.

SEA administrators can directly extend access for users who require it longer, even if the user did not request the extension.

Before you begin

Ensure you have privileges to modify user access in SEA.

Follow these steps to extend access expiration:

  1. From the left service panel, select Secure Equipment Access > Access Management.

  2. On the Access Management page, click the Users tab.

  3. From the table, select the users whose access you want to extend.

  4. In the User details section, click Edit Expiration.

  5. In the Edit Access Expiration dialog box, choose one of these options:

    • Reset to maximum - This option resets the expiration value to the default value defined in the Policy tab.
    • Set access expiration date - Choose this to pick a specific expiration date from the calendar.

  6. Click Save.

Notes:

  • If users are blocked for reasons other than access expiration, you can unblock them when extending their access by clicking Unblock user.
  • If users are blocked because their access expired, you can't immediately set an expiration date. When you unblock them, their access expiration will automatically reset to the default value defined in the Policy tab. After this automatic reset, you can then set a specific access expiration date.

Best practices

  • Regularly review and update expiration policies to reflect current security needs.
  • Document all manual extensions and their justifications for audit purposes.
  • Communicate policy changes and notification schedules to users to ensure awareness.