Privileged Access Management
EmpowerID Privileged Access Management (PAM) secures access to privileged accounts. It does this by enforcing corporate security policies, preventing unauthorized access to enterprise resources, and controlling who has access to privileged accounts. PAM is licensed with the three following modules:
- Password Vault — In EmpowerID, you can vault computer logins as well as other types of user names and passwords as credentials. When you vault credentials, EmpowerID encrypts those credentials and stores them in the Identity Warehouse. Once vaulted, credentials can be requested and checked out to access protected resources like RDP of SSH sessions on managed computers, specific applications or other resources. All requests must be approved by credential owners before access is granted. PAM policies can be configured to grant users to inventoried accounts for a specified time period, and upon check in, the password can be reset by the EmpowerID system so that no one knows it. In this way, the password then cannot be shared, reducing the security risks associated with sharing passwords, someone leaving the company, and so on.
- Privileged Session Manager — Privileged Session Manager (PSM) is an application cluster that allows you to access, record, and monitor privileged sessions. It launches when users with Login Session Access to a managed computer check out the credentials for that computer. PSM helps users to avoid network connectivity problems, making the process much simpler and faster, while providing additional enhanced security benefits.
- Privileged Application Launcher — Privileged Application Launcher (PAL) allows you to provide administrative access to Windows applications that require elevated credentials, without divulging the username and password for these privileged accounts. For example, when a manager needs to delegate temporary access to a user with insufficient access rights, it’s a security risk and policy breach to share passwords, so PAL permits access via shared vaulted credentials.
Getting Started
/wiki/spaces/E2D/pages/19563063
Overview
Password Vaulting
Privileged Session Management
Installing the Privileged Application Launcher
Privileged Application Launcher