Privileged Access and Account management
Privileged Account Management is responsible for managing special accounts. Privileged accounts are those with rights for managing an application or carrying out important actions on a system. For example, you may have a domain administrator account, an auditor account or an account that approves financial expenditures.
With Identity Management, accounts that people use on a daily basis are managed. Sometimes these are default accounts, and they may not be sufficient to carry out all work tasks. In this case, special privileged accounts are needed. These accounts are not necessarily associated with one person, and as such Identity Management is not the correct solution for managing them.
To maintain control of your privileged accounts, we provide the following options:
A user requests access to a specific application and the appropriate rights are assigned to their own account. An example would be a request for groups within the Active Directory and the automatic assignment of those rights. We can extend this assignment with approvals, delegations, attestations etc.
A user receives access to a special account so they can carry out their work. It is not linked to a specific user, but is delivered on-demand to the user who needs it. This makes it important to have password management and life cycle management for a special account.
In addition to the previously-mentioned solutions, we can also provide other control options such as:
- Account auditing: This logs what actions a user carries out when using the privileged account.
- Session Recording: This records the user screen so that it is possible to determine later what actions a user performed using the account.
- Session Isolation: This protects the session logged into by a user.