Connecting a pre-authorized administrator to a privileged account


Content:

  • An administrator signs into HiPAM.
  • The administrator searches for the system where he needs to work.
  • The administrator launches a login session, connecting to a privileged account on the selected system.
  • HiPAM inserts current credentials, providing secure single sign-on for the administrator.

Key concepts:

  • IT staff must sign into systems using HiPAM as an intermediary.
  • HiPAM applies policy to decide whether connections are allowed.
  • HiPAM inserts credentials, providing single sign-on convenience while preventing disclosure of current password values.
  • HiPAM logs all sessions.

Randomizing privileged passwords on fixed IT assets


Content:

  • On servers and other fixed systems, no local software is required.

Key concepts:

  • Password changes are initiated on a Hitachi ID Privileged Access Manager server and are scheduled to happen, as often as hourly.
  • Randomized password values are stored in a secure, replicated vault at a minimum of two physical locations.
  • No software is installed on systems.

Randomizing privileged passwords on laptops or rapidly provisioned VMs


Content:

  • On laptops, the endpoint initiates the password change process.

Key concepts:

  • Password changes initiated on the endpoint can be performed even when the device is off-site, behind a firewall, etc.
  • Randomized timing improves reliability and reduces peak transaction volume.
  • A minimal software footprint is required on the endpoint device.