Skip to main content

Hitachi ID certification

Product Sites

Privileged Session Manager

A Privileged session manager is one of several equivalent terms that refers to a privileged access management system. This particular variant is somewhat limiting, because it focuses on the launching and recording of login sessions to privileged accounts, ignoring password randomization, access controls, approval workflows, service account password management, application-to-application password management and many other important features.

Where Hitachi ID Privileged Access Manager launches a user's login session, it can be configured to record screen, keyboard and other data while users are connected to privileged accounts. The recording may be of just the window launched to connect a user to a privileged account or of the user's entire desktop.

The session recording system is tamper resistant -- if users attempt to interrupt recording, their login sessions to privileged accounts are disconnected and an alarm is raised.

Session recordings may be archived indefinitely and may serve a variety of purposes, ranging from knowledge sharing and training to forensic audits. Access to recorded sessions is secured through a combination of access control policies and workflow approvals, designed to safeguard user privacy.

The Privileged Access Manager session monitoring infrastructure is included at no extra cost. It works using ActiveX components and does not require software to be permanently installed on user PCs. There is no footprint on managed systems and no proxy servers are used.

Session monitoring is compatible with all administration programs and protocols, as it instruments the administrator's PC, rather than network traffic. Recordings can be made of SSH, RDP, vSphere, SQL Studio and any other administrative sessions launched via Privileged Access Manager. Recordings can include key-logging, video, webcam, copy buffer and more, based on policy settings and without regard to the type of session (protocol, client tool) that was launched.

Return to Identity Management Concepts

page top page top