cancel
Showing results for 
Search instead for 
Did you mean: 
DarylY
Level 2
Status: Reviewed

Many security policies these days do not allow the same set of credentials to be used concurrently. ie. different sessions, same credentials. 

We need a configure so that the number of concurrent login sessions can be controlled or disabled to comply with security.

7 Comments
sastharpa
MVP
chris.strong
Staff
Staff

Hello @DarylY

I understand the request, so I’ve changed the status to More Info as I think we’ve already got a built-in solution for this.

If I’ve understood correctly, you can already achieve this with Blue Prism 7.2 by using the built-in Environment Locking mechanism, which lets you “lock” a resource such as a Credential, preventing other process runs (sessions) from trying to use the same Credential.  The use of Locks, lets you manage the logic such as if Credential X isn’t available [because another process has acquired it first], then try to use Credential Y.

Tip: See Online Help Blue Prism 7.2 - Environment locking for further information.

Questions: 

  1. Does this give you the capability you were looking for?
  2. I understood this as a Digital Worker usage of a Credential / Session, rather than a human user.  Was that correct?

Kind regards

Chris Strong

Senior Product Manager

SS&C | Blue Prism

DarylY
Level 2

Hello @chris.strong 

I added this idea post ticket #254993 and understand that "We do not have this function to limit the multiple login using the native authentication if AD authentication is not being considered".

We are still on v6.x so that env locking mechanism cannot be tested. We will explore it as soon as we upgrade to v7.2 

This idea/request is arising from a typical application requirement of not allowing concurrently login access ("Single user logon session shall be implemented") from various sessions. Could refer to human user login as well.

Thanks for looking into this and I understand that some community users have the same requirement.

chris.strong
Staff
Staff

Hello @ Daryl Ye

 

Thank you for your reply.

 

I responded with a solution on the basis that you were attempting to limit the Digital Workers to only use a Credential once. The Environment Locks I described is also available is Version 6, we started publishing the Online help from Blue Prism 6.7, so this is the earliest version I can link to for you: Blue Prism 6.7 Environment Locking.

 

Assuming it’s the human users you are referring to, the people who login to the various clients, we do not currently limit this and I find it help to have numerous clients open, one for Studio and a process I’m updating plus another for Control Room. 

 

Therefore, assuming this is for Human Users logging into the software, then I’ll leave this request open and mark it as Reviewed.

 

Kind regards

Chris Strong

Senior Product Manager

SS&C | Blue Prism

DarylY
Level 2

Noted. Thanks Chris!

Walter.Koller
Level 11

I am not sure if this comment will be read or considered since the idea was already reviewed but I want to add some thoughts on @chris.strong comment.

I completely agree with what you wrote, having several BP Clients open at the same time can come very handy.

However, there are serious security concerns of possible user/password sharing, which might only be mitigated by restricting concurrent logins.

In my opinion the best approach is to allow concurrent logins on the same machine and also provide the option to restrict concurrent logins on different machines. 

However, this in turn will limit the capabilities of running robots in parallel. The same process might be run under the same robot user on different machine at the same time. 

This could be controlled with having a new permission in BP like 'restrict concurrent logins' that can be assigned to user roles. 

Additionally the concurrency of robot users may be also controlled by already existing options in Credentials where I can specify for which machines a credential can be used. 

To summarize my thoughts:

  • add new permission 'restrict concurrent login' that can be assigned to user role but still allow logging in to BP client on the same machine
  • complimentary use the Credentials/Resources to limit concurrent logins of robot users. This could be implemented in combination with mentioned permission or could be stand-alone.
chris.strong
Staff
Staff

Hello @Walter Koller

 

I’ve read your comment, thank you.  It certainly helps us serve you better by sharing your thoughts, so thank you very much for that.

 

Your suggestion of limiting the human user concurrent session across machines (but allowing on same machine) is interesting and would solve the issue I foresaw.

 

I’ll leave in the status of Reviewed.

 

Kind regards

Chris Strong

Senior Product Manager

SS&C | Blue Prism