In traditional PAM workflows, permissions are often granted globally to individuals based upon job role, and do not take into account real-time risk factors, such as location, day or time. Password Safe enables the dynamic assignment of just-in-time privileges via the Advanced Workflow Control engine. Automatically evaluate the day, date, time, location, and other contextual data when a user attempts to access resources to make intelligent access decisions.

Policies can be extended to block password access to some managed resources unless the request originated from the corporate network, another approved source or only allow access to certain vendor accounts if they originate from the vendor network.

These capabilities minimize standing privileges, thereby minimizing opportunities for exploiting privileged credentials, while ensuring that users have the right access according to the context of their request.

Streamline workflows by leveraging true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users. Simplify requests by managing checkout workflows with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC. Ensure access to password-managed systems after hours, on weekends, or in other emergency situations to accommodate break-glass requests.

Administrators are able to expedite checkout operations using OneClick for access to passwords, sessions,and applications that would normally be approved automatically. Multi-system checkout allows admins to check out an account with a multi-system parameter, then launch sessions to linked systems. Post-login command execution allows administrators to leverage a Unix or Linux Jumphost to run a specific command or script after a session connects.

The ability to create ad hoc groups of managed accounts in seconds, or to make bulk changes by filtering and select multiple accounts to perform mass password changes, removal, and unlinking from a managed AD account further streamlines the workflow process.

With DirectConnect, administrators can launch an SSH session by simply passing a connection string to the Password Safe proxy. No agents need to be installed on the hosts, and connection to any SSH system is supported, including Unix/Linux hosts, and network devices such as routers or firewalls.

Learn how to enable intelligent access decisions with BeyondTrust to enforce true least privilege, minimize standing privileges, and condense threat windows.

Want to learn why over 20,000 customers chose BeyondTrust?
Prefers reduced motion setting detected. Animations will now be reduced as a result.