Usage-based Auto-lock

Usage-based auto-lock allows you to require users to periodically access a Resource in order to maintain access to it. This is helpful to automatically remove access for users who may no longer need it based on their access frequency.

Usage-based auto-lock with Twingate

You can configure usage-based auto-lock from either a Resource or Group page. The auto-lock duration for a particular access right can be set at 30, 60, or 90 days through the Admin Console (with other durations possible when set via API). If a user has not accessed a Resource within that duration, that user will be locked out from accessing that Resource until they are unlocked by an admin.

Changes made to auto-lock duration will appear in the Access category of the Audit Logs reporting available within the Admin Console.

Implementing Usage-based Auto-Lock via a Resource Page:

The auto-lock duration can be configured on a Resource directly and will be applied to all users who have access to the Resource.

You can specify an auto-lock duration when first adding a Group to a Resource. By default, a Group will inherit what’s configured at the Resource level. The auto-lock duration will apply to all users in a group, but auto-locking will be applied on a per user basis.

An auto-lock duration can also be modified for a Group that already has access to a Resource by clicking on the options button for that Group and then setting the applicable expiration time.

Implementing Usage-based Auto-lock via a Group Page:

You can set an auto-lock duration for specific Resources that a Group has access to on the relevant Group page.

Unlocking Access

Admins can unlock a Resource for a user on a specific user’s detail page.

Tracking Access

To see the details of a Policy configuration and the current status of a user’s access, you can download a summary from the Resource, Group, or User page.

The information provided by a report includes:

  • Groups that have access to the Resource and the Policy they use to access the Resource
  • Expiration dates (if configured)
  • Auto-lock duration configured
  • For users, if they’re currently locked and the last time they were unlocked by an Admin (if applicable)

Last updated 12 days ago