IT staff often have administrative access to many systems. When
an IT employee with such privileges leaves an organization, it can
be difficult to quickly and reliably change every password that
the administrator knew and thereby disable their access to sensitive
- Privileged Access Manager randomizes administrative passwords frequently -- normally
- When IT workers leave an organization, their ability to request
a new password is disabled centrally -- for example by disabling
their Active Directory account or revoking their RSA SecurID
- Any passwords that were recently disclosed to the administrator
and which have not yet changed are immediately randomized
from the Privileged Access Manager web user interface.
- Any systems which were recently managed by the administrator
are identified in a report. Security staff can follow up with
a closer examination of those systems.
Using Privileged Access Manager, administrator access is terminated
promptly and reliably.