Permissions are often granted globally to individuals based upon job role, and do not take into account real-time risk factors such as location, day or time. Password Safe enables the dynamic assignment of just-in-time privileges via the Advanced Workflow Control engine.

Policies can be extended to block password access to some managed resources unless the request originated from the corporate network, or only allow access to certain vendor accounts if they originate from the vendor network.

Having this capability ensures that users have the right access according to the context of their request, thereby minimizing opportunities for exploiting privileged credentials.