Notice: will be retired soon. Please visit our new site at

Privileged Session Manager

Issue, control and record privileged access

Privileged Session Manager enables you to issue privileged access for a specific period or session to administrators, remote vendors and high-risk users, with full recording and replay for auditing and compliance.

It provides a single point of control from which you can authorize connections, limit access to specific resources, allow only certain commands to be run, view active connections, record all activity, alert if connections exceed pre-set time limits, and terminate connections.

Privileged Session Manager is deployed on a secure, hardened appliance.


Control access – Authorized users can request a session on specific resources or through specific administrative accounts using a secure Web browser connection. Each user can view only the specific resources he or she is authorized to request access to. You can configure the connection for authorization workflow to further enhance control and achieve compliance.

Proxy access – Privileged Session Manager proxies all sessions to target resources. Since users have no direct access to resources, the enterprise is protected against any viruses, malware or other dangerous items that may exist on the user’s system. Privileged Session Manager can proxy and record Unix/Linux, Windows, AS/400, Web applications, network devices, firewalls, routers and more.

Command control – You can allow only specific commands to be executed during a session based on either the user accessing the system or the system they are accessing. In addition, if the user attempts to execute a prohibited command, you can choose to automatically notify a specific individual, kill the command, kill the login or kill the whole session.

Full session audit, recording and replay – All session activity – every action that takes place on the screen, including mouse movements and clicks as well as typed characters – is recorded and available for forensics and compliance review using DVR-like controls. Only actual activity is recorded, and recordings are compressed to minimize offline storage requirements, to a fraction of the size required by other session-recording solutions.

EZ Replay – Administrators can search for specific events across sessions, and while viewing a session, they can add bookmarks to easily come back to a specific point in that session at a later date.

Secure appliance – The hardened appliance does not have a console port or console level interface and can only be accessed via a secure, role-based Web interface. This provides protection from host admin attacks, as well as OS, database or other system-level modifications. The appliance also includes an internal firewall that protects against external network-based attacks and provides additional auditing capabilities.

Simple workflow – Authorized users simply select the resource or account they need to connect to; the list each user sees shows only the items to which the user is approved to request access. The requestor specifies the expected duration of the session, the reason for the request, and, if required, a ticket number that can be integrated with an existing ticketing system.

Auto-login – When combined with Privileged Password Manager, Privileged Session Manager access can be configured for automatic login. Auto-login enhances security and compliance by never exposing the account credential to the user.

Automated privileged governance – Take the hassle out of governing privileged users by automating the process for certifying and approving that only users that need access can request and gain access to privileged credentials. Users can request, provision and attest to privileged and general user access within the same console when you integrate Identity Manager with Privileged Session Manager.