Hitachi ID Privileged Access Manager can launch the desired administration program on the user's PC and inject credentials into that program, so that it automatically signs into the managed account on the managed system. In the figure below, a browser extension is used to launch the appropriate administration program -- ActiveX for Internet Explorer or the extension mechanism in Chrome, Opera or Firefox. The same extension instruments the user's desktop to capture video, keystrokes, etc. and send the monitor data stream back to the Privileged Access Manager server.
Direct connection from user endpoint to managed system
Watch a Movie
Launch one-time session to a privileged account
- Once a session has been approved, the request's recipient can launch a login session to the privileged account.
- As with routine administrator access, Privileged Access Manager is normally configured to launch SSH, RDP and similar sessions rather than displaying a password value.
- Passwords are normally re-randomized when a session completes and access is "checked in."
- Checkout/checkin controls can limit the number of people connected to the same administrator ID at one time.
- Late users are shown the names of people already connected to the same account.