| 摘要 |
Methods and credential systems for use in controlling access to a computer system are disclosed. One example method includes receiving a request for a temporary single-factor credential associated with a user account, modifying the user account to allow single-factor authentication to permit access to the computer system, issuing the temporary single-factor credential, wherein the password includes a lifetime, disabling the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated, and modifying the user account associated to require multi-factor authentication for access to the computer system. |
| 主权项 |
1. A method for controlling access to a computer system, said method is implemented by a credential server computing device, said method comprising:
receiving, by the credential server computing device, a first request from a workstation computing device, for a temporary single-factor credential associated with a user account; receiving, by the credential server computing device, a reason selection transmitted from the workstation computing device, wherein the reason selection specifies a reason for requesting the temporary single-factor credential; generating, by the credential server computing device, a plurality of selectable lifetimes in a list for the temporary single-factor credential based on the reason selection transmitted from the workstation computing device; transmitting, by the credential server computing device, the plurality of selectable lifetimes to the workstation computing device; modifying, at a computing device, the user account from requiring multi-factor authentication to permitting single-factor authentication for access to the computer system; issuing, from the credential server computing device to the workstation computing device, the temporary single-factor credential; receiving a second request to extend the lifetime of the temporary single-factor credential through a web-based user interface and extending the lifetime of the temporary single-factor credential in response to the request; receiving, at the credential server computing device, the temporary single-factor credential; upon receiving the temporary single-factor credential, generating a hash value and associating the hash value with the user account to permit access to the computer system; disabling, at the computing device, the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated; and modifying, at the credential server computing device, the user account to require multi-factor authentication for access to the computer system. |
