1. CyberArk Privileged Access Security Documentation - "Master Policy": In the section describing policy settings
the "Require dual control password access approval" rule is detailed. The documentation specifies that when this rule is active for session connections
"Users will be able to connect to the target machine only after their request is confirmed by an authorized user." This confirms the necessity of a request and approval cycle before a connection can be launched.
Source: CyberArk Privileged Access Security Documentation
"Master Policy settings
" section on "Requiring dual control password access approval."
2. CyberArk Privileged Access Security Documentation - "Request access to accounts": This section outlines the general workflow for requesting access
which is the mechanism underlying Dual Control. It states
"When the Master Policy enforces dual control for retrieving passwords or accessing files
users must request access... After the request has been confirmed
the user who requested access is notified and can retrieve the password or file." This same principle and workflow are applied to initiating PSM sessions.
Source: CyberArk Privileged Access Security Documentation
"Request access to accounts."
3. CyberArk Privileged Session Manager (PSM) Documentation - "Connect to a target machine": The user workflow section explains the user experience when connecting to a target. It details that if a workflow requiring confirmation is in place
the user's action to connect will trigger a request. The documentation clarifies that the connection is only possible post-approval.
Source: CyberArk Privileged Session Manager Documentation
"Connect to a target machine
" subsection on "Privileged Single Sign-On."
