Privileged Password Management

Password Safe

Control and audit access to privileged accounts such as shared administrative accounts, application accounts, local administrative accounts, service accounts, database accounts, cloud and social media accounts, devices and SSH keys.

Secure Privileged Password Management and Privileged Session Management

PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts – even to SSH keys, cloud and social media accounts. Password Safe offers multiple deployment options and broad and adaptive device support.

  • Secure and automate the process for discovering, managing and cycling privileged account passwords and SSH keys
  • Control how people, services, applications and scripts access credentials
  • Auto-logon users onto RDP and SSH sessions, without revealing the passwords
  • Record all user and administrator activity in a comprehensive audit trail
  • Alert in real-time as passwords are released and privileged session activity is started


Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.

Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.


Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.

Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.

Eliminate application credentials: Get control over scripts, files, code and embedded keys.

Ensure password strength: Define and enforce password policy to meet any complexity requirement.

Eliminate old passwords: Analyze password ages and proactively report policy violations.

Identify potential backdoors: Identify uncontrolled privileged accounts.

Solve the problem of remote and mobile users: Utilize PowerBroker for Windows as an agent to update passwords on remote and mobile devices.


Enable true dual control: Live session management gives administrators the ability to lock, terminate or cancel a session.

Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP – without the need for Java.

Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.

Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.

Application proxy for RemoteApp: Allow any Windows application usage to be monitored and recorded.

Audit and log privileged sessions: Access and watch a session, then log an acknowledgement of the review to meet audit compliance requirements.


Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.

Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.

Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.

Advanced workflow control: Provides additional context by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.

Post-login command execution: Administrators can leverage a Unix or Linux Jumphost to run a specific command or script after a session connects.

Multi-system checkout: Allows admins to check out an account with a multi-system parameter, then launch sessions to linked systems.



One tool to deploy: Realize the benefit of a single solution for both password and privileged session management.

Simplify deployment: Implement hardware appliances, virtual appliances, or software.

Speed user adoption: Provide a modern, HTML-5 requester interface – no Javascript or agents required.

Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.


Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/TLS communications.

Understand risk: Analyze privileged password, user and account behavior with BeyondInsight Clarity Threat Analytics.

Increase uptime: Deploy appliance pairs and replicate settings for high availability.

Active-Active infrastructure support: Allow an unlimited number of Password Safe appliances to be connected to an external SQL AlwaysOn Availability Group for unparalleled high-availability and scalability.

Use Cases

Reducing Password Risks with Password Safe

Related Resources: Get the most out of PowerBroker Password Safe