Vendor Access, also known as access.work, is a feature of Secure Remote Access that allows users to connect to devices through their browsers without needing access to the Admin By Request Portal.
To quickly start using access.work, follow these essential steps:
| Step | Action | Requirement |
|---|
| 1. Enable Unattended Access | Choose between managed service or self-hosted implementation | Managed service recommended for quicker setup |
| 2. Configure SSO | Set up users for Single Sign-On in the portal | Navigate to Logins > Single Sign-on Setup |
| 3. Access Vendor Portal | Navigate to access.work in browser and sign in with SSO | Valid SSO credentials required |
Ideal for: Organizations seeking rapid deployment without requiring users to access the main AdminByRequest portal.
Note: At the time of writing, if you want to use access.work alongside on-premise gateways in a self-hosted implementation, these gateways need to be running Unattended Access v2.1.0 or later.
These steps provide comprehensive information for analyzing inventory, configuring remote access gateways, and setting up users with correct access permissions.
| Task | Location | Action |
|---|
| Computer Inventory Check | Admin Portal main interface | Review and verify all endpoint devices |
| Gateway Configuration | SRA > Settings > Unattended Access Settings > Gateways > CLOUD | Correlate inventory with accessible computers |
| Network Scope Validation | Gateway settings | Ensure proper network segmentation and access |
| Task | Location | Key Considerations |
|---|
| User Login Setup | Logins > User Logins | Configure appropriate access levels and gateway assignments |
| Scope Creation | User profile > SCOPE tab | Define which computers each user can access |
| Access Preview | User list > Preview link | Verify users can only access expected computers |
Important: The Preview link appears only if a scope is created for the user (SCOPE tab). If no scope is created, the user will have access to all computers controlled by the gateway.
| Step | Action | Expected Result |
|---|
| Test User Login | Navigate to access.work in browser | Successful SSO authentication |
| Computer List Verification | Browse available computers | List matches expected scope from Phase 2 |
| Access Testing | Attempt connection to authorized computers | Successful connection without errors |
When connecting to remote computers, different icons indicate the access status:
| Icon | Status | Meaning |
|---|
| Key Icon | Credentials Required | User must provide login credentials for the target system |
| Locked Icon | Approval Required | Access request must be approved before connection |
| Unlocked Icon | Pre-Approved Access | Immediate connection available without additional approval |
| Feature | Implementation | User Experience |
|---|
| In-Browser Notifications | All notifications and data input handled within browser interface | Seamless experience without external dependencies |
| Email Notifications | Optional notifications via email client if running | Additional awareness for users not actively in browser |
| Admin Approval Interface | Requests appear under Requests menu (PENDING tab) | Consistent approval process for all access types |
| Capability | Location | Function |
|---|
| Activity Monitoring | Portal > Auditlog | Real-time tracking of all remote access sessions |
| Session Recording | SRA > Settings > Unattended Access Settings, RECORDING tab | Optional video recording of all user actions |
| Video Playback | Auditlog > Expand relevant session > Request video | Post-session review for compliance and training |
| Setting | Option | Business Impact |
|---|
| Recording Status | On/Off | Enables/disables session video capture |
| Video Quality | Adjustable settings | Balance between storage requirements and detail level |
| Retention Period | Configurable timeframe | Compliance with data retention policies |
| Configuration | Setting | Security Benefit |
|---|
| Network Segmentation | Define specific network ranges | Limits access to authorized network segments |
| IP Whitelisting | Restrict access by IP address | Prevents unauthorized location access |
| Time-Based Access | Set access windows | Reduces risk of after-hours unauthorized access |
| Access Level | Permissions | Use Case |
|---|
| Full Access | Connect to all assigned computers | Standard vendor access requirements |
| View-Only Access | Monitor without control capabilities | Support scenarios where control is not needed |
| Temporary Access | Time-limited permissions | Short-term support or project-based work |
| Issue | Possible Cause | Resolution |
|---|
| No Computers Visible | Incorrect scope configuration | Review and adjust user scope settings |
| Connection Failed | Gateway connectivity issues | Verify gateway status and network connectivity |
| Approval Delays | Approvers not receiving notifications | Check notification settings and approver availability |
| Recording Not Working | Recording feature disabled | Enable recording in Unattended Access settings |
| Practice | Implementation | Benefit |
|---|
| Regular Scope Reviews | Periodic audit of user access permissions | Maintains security hygiene |
| Gateway Monitoring | Continuous monitoring of gateway status | Ensures high availability |
| Session Recording | Enable recording for all vendor sessions | Provides audit trail and compliance documentation |
| User Training | Educate vendors on proper access procedures | Reduces support requests and improves security |
Key Takeaway: Vendor Access (access.work) provides a streamlined, secure method for external users to connect to organizational resources without requiring access to the main AdminByRequest portal, while maintaining comprehensive security controls and audit capabilities.
Here is a 3-minute overview of Vendor Access capabilities and setup procedures.
Note: Demo video link should be inserted here when available.
