Secure Password Storage and Retrieval

Secure and Audited Access to Your Privileged Account Credentials

BeyondTrust Privileged Identity has the ability to store all current credentials in a secure back-end SQL Server database. You can leverage your organization’s trusted processes for database management, monitoring, and high availability – giving you unmatched transparency and control.

Storage options include military-grade AES encryption, a FIPS 140-2 software encryption module and support for Hardware Security Modules (HSMs) that use PKCS#11. Privileged Identity also provides secure and delegated storage of important documents and files from within its data store.

Delegated Password Retrieval

BeyondTrust Privileged Identity provides a secure, web-based interface that makes it easy for IT staff, Help Desk personnel, and other users to quickly check out the current privileged passwords for the systems/ devices/ applications/ databases they are authorized to manage. Whenever your IT personnel need privileged access for emergency repairs, Privileged Identity grants the credentials immediately, according to predefined roles you have created.

You can configure the web application to allow users to view passwords or simply log them into the target system via RDP/SSH/Telnet without ever displaying the password. Delegated users can also view reports and access interactive dashboards that provide in-depth business intelligence regarding privileged user activity, system status and IT service issues.

Checked out passwords are randomized immediately after use, so no one retains long-term knowledge of password secrets and every request for access is attributed to an individual. Password checkouts also trigger an audit trail showing who used the password, when, and for what purpose. This information can be shared with auditors to verify compliance with security and regulatory compliance mandates.

Role-Based Access Management

There are a number of permissions that can be delegated out to users of Privileged Identity's web application. These permissions apply to users, global groups, or roles. They control access to the features of the web interface, as well as system and account information exposed through the web interface.

Create rules that match your organization’s policies and update in real-time whenever directory changes occur. This helps ensure that your organization’s policies are always enforced, regardless of how personnel roles and IT assets may change.