Enabling Multi-Domain in SecureChange

Overview

MSSPs and large enterprises commonly must control the provisioning process for many network domains, such as customers, business partners, or departments. In some organizations the domains are interconnected with communication between the domains, and in other organizations communication between domains is prohibited.

When you enable multi-domain, you must choose either:

  • Segregated domains: Customers are separated from each other and each connection can only include resources from one customer.

    • Assign users to domains so that each user can only see devices and objects in their domains

    • Restrict a ticket to handlers that are in the domain that the requester created the ticket in

    • Restrict handlers so that they can only select targets and objects from that domain

    • Restrict Target Suggestion, Designer, and Verifier to analyze access requests only within domain of the ticket

  • Interconnected domains: Customers are all in one environment and each connection can include resources from multiple customers.

    • Define access requests from resources in one domain to resources in another domain

    • Use the Target Suggestion, Designer, and Verifier to analyze access requests across domains

The Clone Network Object Policy workflow supports only single domain mode and Segregated Domains mode.
  1. SecureApp supports interconnected domains only
  2. SecureApp connection discovery is available in single domain mode only

Enabling Multi-Domain Modes

  1. Check with the SecureTrack administrator to make sure that there are domains configured in SecureTrack.

  2. Select one of the following options:

    • Segregated domains: Design and automation of connections and change requests is allowed only within a domain/customer

    • Interconnected domains: Design and automation of connections and change requests is allowed across domain/customer boundaries

      Multi-domain mode applies to both SecureChange and SecureApp, and the selection cannot be undone.

      Once the Multi-Domain option has been set, it cannot be undone.

  3. Click one of the following:

    • Update Domains (Recommended): Retrieve the domain list from SecureTracknow.

    • Save: Save this configuration.

The list of domains is updated once a day at midnight.

After you enable multi-domain in SecureChange, you can:

How Do I Get Here?

SecureChange > Settings > Multi-Domain