Connecting a pre-authorized administrator to a privileged account
Content:
- An administrator signs into HiPAM.
- The administrator searches for the system where he needs to work.
- The administrator launches a login session, connecting to a privileged account on the selected system.
- HiPAM inserts current credentials, providing secure single sign-on for the administrator.
Key concepts:
- IT staff must sign into systems using HiPAM as an intermediary.
- HiPAM applies policy to decide whether connections are allowed.
- HiPAM inserts credentials, providing single sign-on convenience while preventing disclosure of current password values.
- HiPAM logs all sessions.
Randomizing privileged passwords on fixed IT assets
Content:
- On servers and other fixed systems, no local software is required.
Key concepts:
- Password changes are initiated on a Hitachi ID Bravura Privilege server and are scheduled to happen, as often as hourly.
- Randomized password values are stored in a secure, replicated vault at a minimum of two physical locations.
- No software is installed on systems.
Randomizing privileged passwords on laptops or rapidly provisioned VMs
Content:
- On laptops, the endpoint initiates the password change process.
Key concepts:
- Password changes initiated on the endpoint can be performed even when the device is off-site, behind a firewall, etc.
- Randomized timing improves reliability and reduces peak transaction volume.
- A minimal software footprint is required on the endpoint device.