Welcome to our community!

Upgrades to Host Pass

Avatar
anonymous
  • updated
  • Completed

Parneters would like additional options for the host pass feature. Capturing suggestions in this ticket.


1. Expand the Lifetime of the host pass or make it configurable. There are times when you'll have extended engagements with vendors and need more than a day for them to complete work.

2. For the permissions, allow the host to pick from a list of existing roles to further limit the permission of hosts using the Host Pass feature.

3. Restrict the ability to use the host pass feature based on role (role-based permission)


Duplicates 4
Ability to customize "Get Host Pass" time

It would be great to have the ability to customize "Get Host Pass" time to a sepcific limit.

Get Host Pass Permission

Is a Big Security Issue if any Hosts can give Host Password to external Tech ! It is a must that one need to restrict with permission who can see and use this feature.

The ability to Allow and control based on Roles who can use the "Get Host Pass" function.

Hi,


Currently the "Get Host Pass" is available to any user that has permission to connect to an Access machine, there is no way to turn this off or control which users are allowed to do this or not. This means potentially someone of basic access to a remote machine can invite and give access to someone that hasn't been authenticated onto the machine.


What I would like to be able to do is control the "Get Host Pass" availability the same way we control other permissions/functions based on Roles similar to Addnotetosession or Removenotefromsession


An extra permission under security like AllowGetHostPass which then makes the function available to users that match that Role.


Regards,

Restrictions for Get Host Pass feature

It's not secure to allow for any user to grant acces to some host for third party. It must be controlled feature because any company has a lot of controls and policies for protection corporate resources (even with ScreenConnect I can apply 2FA) but someone (any SC user) accidentaly or intentionally can send regular link by e-mail and I can't restrict it.

Replies 28
Avatar
0
Simon

Since voting is disabled, here’s my +1 for the ability to restrict the host pass feature by role.

Avatar
0
mhighsmith

i agree. we should be able to control who is able to create a host pass and what options that they can. as in maybe a view only host pass

Avatar
0
Jory van Bakel

I really dont get why Host Pass still isnt a role-based option. Its essential!

Avatar
0
Aaron J. Apap

I agree with Jasper, the option 3 arguably the most important out of them all didn't get included. Whats the go guys?

Avatar
2
Jasper van Tol

I just want some users not to be able to create Host Pass links. This is a security issue. There is an extension that removes Host Pass, but that is to remove it overall for all users. I need it just for some users with specific roles. 

Avatar
2
Jasper van Tol

How about option 3: "Restrict the ability to use the host pass feature based on role (role-based permission)".

Is that something that is still on the roadmap?

Avatar
0
Samuel S

I just updated to 6.5 and I don't currently see this option. Is there documentation on it somewhere, does it need enabled?

Avatar
1
anonymous

In 6.5, we've added 1 week, 2 weeks and 30 days to the lifetime options for a host pass. The ability to revoke all host passes before their time is up is also coming down the pipeline. We'll take a look at adding in a way to select permissions when creating a host pass, for the 6.6-6.7 release. 

Avatar
0
jhardwick

So now that it's completed can we get a run-down of what made it in the request and what didn't?



Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar