Search

US-12621306-B1 - Providing secure access to an organization for support and partner management

US12621306B1US 12621306 B1US12621306 B1US 12621306B1US-12621306-B1

Abstract

A device may receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, and may provide the request for support to a support user. The device may receive, from the support user, credentials of the support user and a login request to access the cloud computing environment, and may determine whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check. The device may selectively deny the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check, or may approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check.

Inventors

  • Akash Agrawal
  • Ramesh Ramanathapuram Neelakantan
  • Sanjeev Kumar Mishra

Assignees

  • JUNIPER NETWORKS, INC.

Dates

Publication Date
20260505
Application Date
20240221

Claims (20)

  1. 1 . A method, comprising: receiving, by a device and from an organization user, a request for support associated with a cloud computing environment utilized by the organization user; providing, by the device, the request for support to a support user; receiving, by the device and from the support user, credentials of the support user and a login request to access the cloud computing environment; determining, by the device, whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check, wherein the domain check is performed based at least in part on an email address of the support user and wherein the secure group check is performed based at least in part on whether a secure group associated with the support user has approval to access the cloud computing environment; and selectively: denying, by the device, the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check; or approving, by the device, the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check.
  2. 2 . The method of claim 1 , wherein approving the login request comprises: providing the login request to an organization super user based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check; receiving approval of the login request from the organization super user; and approving the login request based on receiving the approval of the login request from the organization super user.
  3. 3 . The method of claim 1 , further comprising: providing, to the support user, information for accessing the cloud computing environment based on approving the login request.
  4. 4 . The method of claim 3 , further comprising: providing, to an organization super user, an indication that the support user is accessing the cloud computing environment and providing the support.
  5. 5 . The method of claim 1 , wherein the support is associated with executing a set of commands or with accessing a specific resource.
  6. 6 . The method of claim 1 , further comprising: enabling the support user to access the cloud computing environment and provide the support based on approving the login request; and receiving, from the support user, an indication that the support is complete.
  7. 7 . The method of claim 6 , further comprising: providing, to an organization super user, the indication that the support is complete; receiving, from the organization super user, a revocation request to revoke access to the cloud computing environment for the support user; and revoking, based on the revocation request, access to the cloud computing environment for the support user.
  8. 8 . A device, comprising: one or more memories; and one or more processors to: receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user; provide the request for support to a support user; receive, from the support user, credentials of the support user and a login request to access the cloud computing environment; determine whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check, wherein the domain check is performed based at least in part on an email address of the support user and wherein the secure group check is performed based at least in part on whether a secure group associated with the support user has approval to access the cloud computing environment; and selectively: deny the login request and access of the support user to the cloud computing environment based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check; or approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check.
  9. 9 . The device of claim 8 , wherein the one or more processors are further to: provide, to the support user, time-limited access to the cloud computing environment based on approving the login request.
  10. 10 . The device of claim 9 , wherein the one or more processors are further to: generate an audit entry associated with the support user and the time-limited access to the cloud computing environment.
  11. 11 . The device of claim 8 , wherein the support is associated with executing a set of commands or with accessing a specific resource.
  12. 12 . The device of claim 8 , wherein the request for support includes information identifying one or more of an identifier of an organization, a name of the organization, a target device identifier, or a cloud resource identifier.
  13. 13 . The device of claim 8 , wherein the cloud computing environment is associated with an organization that is associated with the organization user and an organization super user.
  14. 14 . The device of claim 8 , wherein the one or more processors are further to: deny the support user access to the cloud computing environment based on denying the login request.
  15. 15 . A non-transitory computer-readable medium storing a set of instructions, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the device to: receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, wherein the request for support includes information identifying one or more of an identifier of an organization, a name of the organization, a target device identifier, or a cloud resource identifier; provide the request for support to a support user; receive, from the support user, credentials of the support user and a login request to access the cloud computing environment; determine whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check, wherein the domain check is performed based at least in part on an email address of the support user and wherein the secure group check is performed based at least in part on whether a secure group associated with the support user has approval to access the cloud computing environment; and selectively: deny the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check; or approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check.
  16. 16 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, that cause the device to approve the login request, cause the device to: provide the login request to an organization super user based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check; receive approval of the login request from the organization super user; and approve the login request based on receiving the approval of the login request from the organization super user.
  17. 17 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions further cause the device to: provide, to the support user, information for accessing the cloud computing environment based on approving the login request; and provide, to an organization super user, an indication that the support user is accessing the cloud computing environment and providing the support.
  18. 18 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions further cause the device to: enable the support user to access the cloud computing environment and provide the support based on approving the login request; and receive, from the support user, an indication that the support is complete.
  19. 19 . The non-transitory computer-readable medium of claim 18 , wherein the one or more instructions further cause the device to: provide, to an organization super user, the indication that the support is complete; receive, from the organization super user, a revocation request to revoke access to the cloud computing environment for the support user; and revoke, based on the revocation request, access to the cloud computing environment for the support user.
  20. 20 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions further cause the device to: provide, to the support user, time-limited access to the cloud computing environment based on approving the login request.

Description

BACKGROUND While many cloud computing environments attempt to eliminate a need for human access, there often remain cases where human access is required. For example, unexpected issues might require human intervention to diagnose or fix, or legacy technologies of a cloud computing environment may require manual configuration. SUMMARY Some implementations described herein relate to a method. The method may include receiving, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, and providing the request for support to a support user. The method may include receiving, from the support user, credentials of the support user and a login request to access the cloud computing environment, and determining whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check. The method may include selectively denying the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check, or approving the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check. Some implementations described herein relate to a device. The device may include one or more memories and one or more processors. The one or more processors may be configured to receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, and provide the request for support to a support user. The one or more processors may be configured to receive, from the support user, credentials of the support user and a login request to access the cloud computing environment, and determine whether the credentials of the support user satisfy a domain check, a VPN check, a role check, and a secure group check. The one or more processors may be configured to selectively deny the login request and access of the support user to the cloud computing environment based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check, or approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check. Some implementations described herein relate to a non-transitory computer-readable medium that stores a set of instructions. The set of instructions, when executed by one or more processors of a device, may cause the device to receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, wherein the request for support includes information identifying one or more of an identifier of an organization, a name of the organization, a target device identifier, or a cloud resource identifier. The set of instructions, when executed by one or more processors of the device, may cause the device to provide the request for support to a support user, and receive, from the support user, credentials of the support user and a login request to access the cloud computing environment. The set of instructions, when executed by one or more processors of the device, may cause the device to determine whether the credentials of the support user satisfy a domain check, a VPN check, a role check, and a secure group check. The set of instructions, when executed by one or more processors of the device, may cause the device to selectively deny the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check, or approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check. BRIEF DESCRIPTION OF THE DRAWINGS FIGS. 1A-1E are diagrams of an example associated with providing secure access to an organization for support and partner management. FIG. 2 is a diagram of an example environment in which systems and/or methods described herein may be implemented. FIG. 3 is a diagram of example components of one or more devices of FIG. 2. FIG. 4 is a flowchart of an example process for providing secure access to an organization for support and partner management. DETAILED DESCRIPTION The following detailed description of example implementations refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. For higher-risk human access scenarios, an organization utilizing a cloud computing environment may enable access to the cloud computing environment by implementing temporary elevated access. A goal of temporary elevated access is to ensure that each time a user invokes access to the cloud computing environment, there is an appropriate business reason for the access (e.g., to correct a specific issue or deploy a cha