Release control – Manages password requests from authorized users, programs and scripts for the accounts they are entitled to access, via a secure Web browser connection with support for mobile devices. A password request can be automatically approved or require any level of manual approvals.
Change control – Supports configurable, granular change control of shared credentials, including time-based, last-use-based, and manual or forced change.
Auto discovery of:
- Accounts and systems – Instantly discovers new accounts and systems, and then either sends notifications about them to specified users or automatically enrolls them in management.
- Users – Automatically provisions users and maps permissions using your organization’s existing LDAP or Active Directory environment.
Application password support – Replaces hardcoded passwords in scripts, procedures and other programs. Application password management capabilities include:
- Programmatic access – Includes both a command-line interface (CLI) and an application programming interface (API) with access for C++, Java, .NET and Perl. Connectivity is via SSH with DSS key exchange.
- Role-based access – Supports role-based access for the CLI and API. You add a “programmatic” user with either “basic” access or “admin” access. Basic access enables the CLI or API to request account passwords and be granted access for authorized targets or accounts; this is appropriate, for example, for a “Requestor.” Admin access enables the CLI or API to perform administrative tasks.
- Optimal performance – Natively executes approximately 100 call requests per minute. For applications requiring higher performance, the appliance supports an optional cache that supports more than 1,000 password requests a second, satisfying the requirements of your most demanding applications.
- Extensive command set – Includes a comprehensive set of commands that can be executed via the CLI or API. Beyond simple “Get Password” commands, the solution supports extensive admin-level commands to provide tight integration with existing enterprise tools and workflows.
Enterprise-ready integration – Integrates with existing directories, ticketing systems and user authentication sources, including Active Directory and LDAP. It also fully supports two-factor authentication through Defender® or other third-party two-factor authentication products. A robust CLI/API supports end-to-end integration with existing workflows and tools, including reviewer notification and escalation workflows.
Secure appliance – Lacks a console port or console-level interface – the appliance can only be accessed via a secure, role-based Web interface that provides protection from host admin attacks, as well as OS, database or other system-level modifications. The appliance also has an internal firewall that protects against external network-based attacks and provides additional auditing capabilities.
Scalable appliance – Provides secure, enterprise-ready access and management of shared credentials for more than 250,000 accounts at once.
Secure password storage – Encrypts all passwords stored in Privileged Password Management using AES 256 encryption. In addition, the appliance itself also includes full disk encryption using BitLocker™ Drive Encryption.
Robust target support – Manages shared credentials on the widest range of target servers, network devices and applications.
Handheld device support – Supports password request, approval and retrieval via handheld devices, which is configurable on a per-user basis.
Automated privileged governance – Take the hassle out of governing privileged users by automating the process for certifying and approving that only users that need access can request and gain access to privileged credentials. Users can request, provision and attest to privileged and general user access within the same console when you integrate Identity Manager with Privileged Password Manager.