• Find systems, accounts.
  • Automatically assign to policies via rules.


  • Randomize on a schedule and after use.
  • Store in an encrypted, replicated, distributed vault.


  • Policy-driven rules.
  • Pre-authorized and request/approval workflow if not routine.

Grant access:

  • Launch SSH, RDP, vSphere, SQL, etc.
  • Direct connection, VDI proxy or HTML5 proxy.
  • Password display.
  • Temporary group membership or SSH trust.

Application passwords:

  • Notify SCM, IIS, Scheduler, DCOM of new passwords.
  • API replaces embedded passwords.


  • Requests, approvals, logins to privileged accounts.

Session monitoring:

  • Screen, keyboard, webcam, process ID, window title, etc.
  • Keylog censorship protects passwords, SSN, CC numbers, etc.
  • Request/approval workflow protects staff privacy.