Skip to main content

Grant and revoke process

The granting and revoking of access by Knocknoc occurs on a number of events, including:

  • User login
  • Interactive 'click to grant' activity
  • Interactive 'click to revoke' activity
  • User login/session timeout
  • Grant timeout (device/back-end specific)
  • User logout

External factors such as the flushing of lists/policies on the orchestrated system (e.g., an unrelated firewall reboot) may also cause the granted access to be revoked, however this depends on the orchestrated system or device persistence settings.

Grants may unintentionally persist if:

  • The Agent loses the ability to contact the orchestrated device (e.g., active API integration to a commercial firewall / a network level outage/connectivity fault) to remove access as part of a logout/revocation.
  • The Agent is taken offline/the host machine loses power or network connectivity to the Knocknoc server is severed.

In these cases, when the Agent is brought back online or otherwise re-establishes connectivity, it will reconcile the granted trust and revoke/establish any missing entries on the underlying orchestrated device(s).

Where an orchestrated back-end supports an expiry time, these will be automatically dissolved/revoked by the device even if Agent<->Device/network access is severed.

Back to top