Privileged Password Manager

Automate and secure the use of privileged account credentials

Automate, control and secure the entire process of granting administrators the credentials necessary to perform their duties.

Privileged Password Manager empowers you to control the process of granting administrators the credentials necessary to perform their duties. It automates and secures the process, ensuring that when administrators require elevated access for shared and privileged credentials, such as the Unix root password, it’s granted according to established policy. With Privileged Password Manager, you’re assured that only appropriate access is granted based on required approvals, that all actions are fully audited and tracked, and that the password is changed immediately upon its return. It’s deployed on a secure, hardened appliance and offers a compliant and efficient way to control these very powerful accounts.

Privileged Password Manager also eliminates the security exposure posed by embedded privileged passwords required for applications to talk to each other or to databases, by replacing these hardcoded passwords with programmatic calls that dynamically retrieve the account credential.

Features

Release control – Using a secure web browser, request and provide approval for privileged credentials. You can set password requests to be approved automatically or require any level of manual approvals. For added convenience and if enabled, you can access the site with your mobile device.

Change control – Supports configurable, granular change control of shared credentials, including last-use-based, time-based, and forced or manual change.

Auto discovery of:

  • Accounts and systems – Enables you to discover new accounts and systems instantly, and then automatically enrolls them in management or sends notifications about them to specified users.
  • Users – Automatically provisions users and maps permissions using your organization’s existing LDAP or Active Directory environment.

Application password support – Replaces hardcoded passwords in procedures, scripts and other programs. Application password management includes the following capabilities:

  • Programmatic access – Includes both a command-line interface (CLI) and an application programming interface (API) with access for Java, C++, Perl and .NET. You get connectivity via SSH with DSS key exchange.
  • Role-based access – Supports role-based access for the CLI and API. You add a “programmatic” user with either “basic” access, which enables the CLI or API to request account passwords and be granted access for authorized targets or accounts, or “admin” access which enables the CLI or API to perform administrative tasks.
  • Optimal performance – Natively executes approximately 100 call requests per minute. It also supports an optional cache that executes more than 1,000 password requests per second, for applications that require higher performance.
  • Extensive command set – A comprehensive set of commands that can be executed via the CLI or API is included. In addition to simple “Get Password” commands, the solution supports extensive admin-level commands to provide tight integration with existing enterprise tools and workflows.

Enterprise-ready integration – Integrates with your existing directories, ticketing systems and user authentication sources, including Active Directory and LDAP. It also fully supports two-factor authentication through Defender® or other third-party authentication products. A robust CLI/API supports end-to-end integration with existing workflows and tools, including reviewer notification and escalation workflows.

Secure appliance – Safeguards your organization because it can only be accessed via a secure, role-based web interface that provides protection from host admin attacks, as well as database, OS or other system-level modifications. It also features an internal firewall that protects against external network-based attacks and provides additional auditing capabilities.

Scalable appliance – Gives your organization secure, enterprise-ready access and management of shared credentials for more than 250,000 accounts simultaneously.

Secure password storage – It uses AES 256 encryption to encrypt all stored passwords. The appliance also includes full disk encryption using BitLocker™ Drive Encryption.

Robust target support – Enables you to manage shared credentials on the widest range of target servers, applications and network devices.

Handheld device support – Allows you to configure password request, approval and retrieval via handheld devices on a per-user basis.

Privileged governance - Take the hassle out of governing privileged users by automating the process. Easily certify and approve that only users that should have access can request and gain privileged access. By integrating Identity Manager with Privileged Password Manager, users can request, provision and attest to privileged and general user access within the same console.

Resources