On-Call Access Management

On-Call access management is about applying the principle of least privilege during on-call schedules, ensuring that the right people have the right level of access for the right amount of time

What is an On-Call Access Management?

An on-call schedule is a schedule that specifies which employee or team member is responsible for responding to incidents or emergencies outside of normal working hours. On-call schedules are typically managed using a scheduling tool or software, which allows managers or supervisors to easily create and manage schedules, assign on-call duties, and track response times and performance metrics. These tools can also be used to automate the scheduling process, reducing the administrative burden and ensuring that schedules are created fairly and equitably. Popular on-call providers include PagerDuty and Opsgenie.

However managing access during on-call is really difficult. Not having the required permissions to triage urgent issues has forced many companies to provision engineers permanent admin access to production systems – often through birthright access. This significantly increases the risk of compromised engineers because they have privileged access all of the time – even when they don’t need it. On the other end of the spectrum, companies can choose to revoke all access to production systems.  Anyone who requires access must make a request, which will be manually triaged. Although this practice guarantees a much stronger security posture, it also greatly increases the operational overhead and can severely impact response times if there are any errors.

How to Automate On-Call Access Management

Revisiting the principles of least privilege – granting the right level of access to the right people for the right amount of time – on-call access management requires customers to adopt both security and agility. Opal has partnered with the leading on-call provider, PagerDuty, to provide a new solution.

This new approach highlights the least privilege - granting the right level of access to the right people for the right amount of time.

1. Right level of access: Instead of granting full admin access to engineers, Opal can grant fine-grained resources as a bundle

2. To the right people: Rather than granting access to engineers based on static job functions, Opal can grant privielged access based on dynamic needs, such as whether an engineer is assigned to a Pagerduty on-call schedule or not

3. For the right amount of time: Instead of granting permanent access - Opal's pagerDuty integration will grant access when engineers are on-call and revoke it when they are off-call

You can learn more about Opal's integration with PagerDuty through the official documentation.

About Opal:

Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. With the product, enterprises can discover anomalous identity risks and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.

Want to see it yourself? Contact sales@opal.dev or book a meeting here for a personalized demo.


Interested in Opal?

Get in touch with our team to learn more!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.