Enable checkout

Security admins can define which accounts have checkout enabled and set the maximum checkout time. They can also override the max checkout time when creating a policy and force a checkin on one or many accounts during a threat detection.

Before you begin

  • A resource group is already created.

  • You must have the Okta Privileged Access security admin role.

  • The account is added to Privileged Accounts in the Project Settings.

  • Review Requirements and limitations.

Enable checkout

  1. Open the Okta Privileged Access dashboard.

  2. Click Resource Management.

  3. Select the resource group that contains the project you want to configure.

  4. If you haven't already, create a project or select an available project.

  5. Go to the Settings tab.

    Action Task
    Checkout Limit access to shared accounts for a single user and control the maximum amount of time they're allowed to access the resources.

    Under Enable Checkout for, complete the following steps:

    1. Select one of the following options:

      • Include managed resources

      • Exclude resources

      • Include resources

    2. If you select Include managed resources, checkout applies to all resources in the project. If you select Exclude resources or Include resources, some additional steps are required.

    3. If you click Exclude resources, select the resources you want to exclude.

    4. If you click Include resources, select the resources you want to include.

    5. Select the maximum checkout time. By default the checkout time is set to 30 minutes.

  6. Click Save.

Related topics