Skip to main content

Hitachi ID certification

Product Sites

Privileged Account Activity Management

Privileged account activity management is one of several equivalent terms that refers to privileged access management. This particular variant emphasizes the fact that modern privileged access management systems often include session monitoring capability, to record what was done by users while connected to a shared, privileged account, rather than stopping at granting and revoking access to those accounts.

Where Hitachi ID Privileged Access Manager launches a user's login session, it can be configured to record screen, keyboard and other data while users are connected to privileged accounts. The recording may be of just the window launched to connect a user to a privileged account or of the user's entire desktop.

The session recording system is tamper resistant -- if users attempt to interrupt recording, their login sessions to privileged accounts are disconnected and an alarm is raised.

Session recordings may be archived indefinitely and may serve a variety of purposes, ranging from knowledge sharing and training to forensic audits. Access to recorded sessions is secured through a combination of access control policies and workflow approvals, designed to safeguard user privacy.

The Privileged Access Manager session monitoring infrastructure is included at no extra cost. It works using ActiveX components and does not require software to be permanently installed on user PCs. There is no footprint on managed systems and no proxy servers are used.

Session monitoring is compatible with all administration programs and protocols, as it instruments the administrator's PC, rather than network traffic. Recordings can be made of SSH, RDP, vSphere, SQL Studio and any other administrative sessions launched via Privileged Access Manager. Recordings can include key-logging, video, webcam, copy buffer and more, based on policy settings and without regard to the type of session (protocol, client tool) that was launched.

Return to Identity Management Concepts

page top page top