19.0 Privileged Access to Applications and Cloud Services

In an enterprise when a user uses the shared account credentials for privileged access to any application or database, this can lead to security vulnerability as the users can use the shared account credentials without any time limit. If the privileged access to shared accounts are not managed, auditing becomes difficult and leads to security risk.

Privileged Account Manager (PAM) manages the access and the security of the privileged account credentials through the Enterprise Credential Vault. For more information about Enterprise Credential Vault, refer Section 7.0, Enterprise Credential Vault. Privileged Account Manager securely stores the shared account credentials of the application or database in Enterprise Credential Vault.

You can grant privileged access to applications or cloud services in the following ways:

  • Credential Checkout

    This method enables you to provide privileged access to applications and cloud services using the password checked out from Privileged Account Manager. In this method, the privileged account passwords are reset after every check-in to avoid misuse of checked out passwords.

    For more information about credential checkout, see Credential Checkout.

  • Application SSO

    Using this method, you can allow users to SSO to an application or a cloud service and monitor the activities performed on them.

    For more information about configuring application SSO, see Application SSO.

Based on the information in the following table, you can choose the appropriate method:


Keystroke Audit

Command Audit

Video Audit

Command Risk & Automatic Session Disconnect

Manual Disconnect

Credential Checkout


Privileged SSO