Grant and Revoke process

The granting and revoking of access by Knocknoc occurs on a number of events, including:

• User login
• Interactive 'click to grant' activity
• Interactive 'click to revoke' activity
• User login/session timeout
• Grant timeout (device/back-end specific)
• User logout

External factors such as the flushing of lists/policies on the orchestrated system (eg: an unrelated firewall reboot) may also cause the granted access to be revoked, however this depends on the orchestrated system or device persistence settings.

Grants may unintentionally persist if:

• The Agent loses the ability to contact the orchestrated device (eg: active API integration to a commercial firewall / a network level outage/connectivity fault) to remove access as part of a logout/revocation.
• The Agent is taken offline/the host machine loses power or network connectivity to the Knocknoc server is severed.

In these cases, when the Agent is brought back online or otherwise re-establishes connectivity, it will reconcile the granted trust and revoke/establish any missing entries on the underlying orchestrated device(s).

Where an orchestrated back-end supports an expiry time, these will be automatically disolved/revoked by the device even if Agent<->Device/network access is severed.