Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.
Smart Rules: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.
Auto Discover SSH Keys: Discover all SSH keys on host systems.
Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.
Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
Eliminate application credentials: Get control over scripts, files, code and embedded keys.
Ensure password strength: Define and enforce password policy to meet any complexity requirement.
Eliminate old passwords: Analyze password ages and proactively report policy violations.
Solve the problem of remote and mobile users: Utilize BeyondTrust Privilege Management for Desktops as an agent to update passwords on remote and mobile devices.
Active/active targeted password change: Selectively process password change, password test, and account notification queue items for designated workgroups.
Enable true dual control: Live session management gives administrators the ability to lock, terminate or cancel a session.
Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP – without the need for Java.
Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.
Application proxy for RemoteApp: Allow any Windows application usage to be monitored and recorded.
Audit and log privileged sessions: Access and watch a session, then log an acknowledgement of the review to meet audit compliance requirements.
Quickly search session logs: Index and text search using keystroke to pinpoint data, and then log an acknowledgement of the review for audit purposes.
Integrate with SailPoint IdentityIQ: Manage access for privileged and non-privileged accounts with privileged access management and identity and access management (IAM).
RDP enhanced session audit: Every click within the Windows interface, along with any keystrokes, is audited and recorded in a searchable session replay index.
Real-time activity alerting: Defined user activity can generate real-time email alerts, as well as block commands, lock, and terminate SSH sessions.
Command blacklisting: Connection profiles define keyword groups that can determine a specific course of action – block command, lock session, block and lock session, or terminate session.
Auto logoff and disconnect: Utilize ‘log off on disconnect’ feature to ensure sensitive data is not exposed in subsequent RDP sessions.
Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.
Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.
Utilize context: Provides additional context by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.
Bulk Changes: Filter and select multiple accounts to perform mass password changes, removal, and unlinking from a managed AD account.
Ad Hoc Groups: Create ad hoc groups of managed accounts in seconds.
Post-login command execution: Administrators can leverage a Unix or Linux Jumphost to run a specific command or script after a session connects.
Multi-system checkout: Allows admins to check out an account with a multi-system parameter, then launch sessions to linked systems.
Expedite checkout operations: Expedite checkout operations using OneClick for access to passwords, sessions and applications that would normally be approved automatically.
Connect to sessions without an agent: With DirectConnect, administrators can launch an SSH session by simply passing a connection string to the Password Safe proxy. No agents need to be installed on the hosts, and connection to any SSH system is supported, including Unix/Linux hosts, and network devices such as routers or firewalls.
Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/TLS communications.
Understand risk: Analyze privileged password, user and account behavior with BeyondInsight Threat Analytics.
Increase uptime: Deploy appliance pairs and replicate settings for high availability.
Active-Active infrastructure support: Allow an unlimited number of Password Safe appliances to be connected to an external SQL AlwaysOn Availability Group for unparalleled high-availability and scalability.
Cache API passwords securely: Rely on password caching for APIs when administrators need access to credentials directly on a local host.
Ensure API credential stability: Create aliases for APIs to map to multiple accounts so that API access is not interrupted during password changes.
One product to deploy: Realize the benefit of a single solution for both password and privileged session management.
Simplify deployment: Implement hardware appliances, virtual appliances, or software.
Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.
One user interface, multiple languages: Single user interface with localization for Spanish, Japanese, Korean, and Brazilian Portuguese