Securden Unified PAM Features

Manage Shared Admin Passwords

Enter a proper email address.
  1. Privileged Access Management
    2. /
  2. Features
    3. /
  3. Manage Shared Admin Passwords

Securely Share Admin Accounts

Shared accounts employ a single credential to authenticate multiple users. While this largely goes against IT security best practices, smaller organizations may still make use of shared admin passwords/accounts.

Shared admin accounts decrease the management overhead by reducing the privileged access footprints within your IT estate. However, they come along with risks that need to be carefully managed.

What are the Challenges Associated with Shared Admin Accounts?

Since they are shared among many people across teams and departments, they need constant monitoring to ensure access is always restricted to the right set of people for the right reasons at any given point in time. Any lapses here could lead to unauthorized access as well as opening up vulnerabilities for the hackers to exploit.

Producing a clean audit trail is a challenge as the logs will only show the shared username. There is no direct way of tying up each action against the individuals. This could lead to accountability issues.

How PAM Solution Aids in Overcoming Admin Account Challenges?

Shared accounts must be managed like any other highly privileged account, and must be used in combination with Unified PAM.

  • PAM brings in Session monitoring and recording capabilities along with audit log features. This allows you to map the actions against individuals using the shared account ensuring accountability which otherwise would be difficult to achieve when multiple users share the same account.
  • Passwords of privileged admin accounts can also be periodically rotated after a user has accessed them, ensuring that they cannot remember the credentials and carry out unauthorized access.
  • Multi-factor Authentication (2FA) can be enforced for all privileged admin accounts in PAM, ensuring that only authorized users can access them.
  • IT can grant time-limited (JIT) access to admin accounts ensuring that the user is given enough time to complete their tasks.

Just like any other privileged account, you need to enforce robust automated password management features to shared admin accounts as well. PAM's continuous monitoring and controlling features along with the audit logs helps you to stay on top of all your privileged activities done using a shared admin account.



IT Access with PAM

Frequently Asked Questions (FAQs)

plus icon minus icon
1) How can IT Admins Secure the All-Important Domain Admin Account?

The domain admin account is considered the most privileged account in the domain. It allows the owner of the DA (Domain Admin) to access any IT resource across the domain and has the most permissions and controls over the domain, AD or otherwise.

Shared domain accounts should be done with extreme caution and strong access controls, being granted only when needed.

Some best practices to secure domain admin accounts are:

  • Assign access to domain admin accounts temporarily
  • Change the password after a user has accessed the domain account
  • Enable two-factor authentication for all domain accounts
  • Only use the domain account for configurations that need to be done at a domain-wide level. For all other minor changes, use a local admin account.

Another approach is to use a tiered admin model:

  • Provision standard accounts for regular user operations.
  • Grant Local Admin (LA) accounts for workstations.
  • Server Admin (SA) accounts for managing servers.
  • Use the Network Admin (NA) for switching and network gear.
  • Use the Domain Admin (DA) for managing the domain only.
  • Use separate accounts for Helpdesks with delegated rights for password resets and standard non-privileged group changes.
  • Carry out user management through the script engine hires/fires etc.
plus icon minus icon
2) What are some best practices for sharing business passwords?

Sharing passwords, keys, and login credentials in a business environment requires a secure channel to protect it from data breaches. A few best practices that can help keep confidential information secure are:

  • Separate Business & Personal Passwords: Having different vaults for the business and employee's personal data ensures that the organization does not get access to personal data such as banking information, sensitive personal documents, etc.
  • Grant Just-Enough Access: Sharing passwords with limited access such as view-only helps ensure that employees only get the least privilege for the actions they need to perform with the password.
  • Share Credentials On demand: Only granting access to the password when the employee needs it and revoking permissions when no longer required helps limit password exposure.
plus icon minus icon
3) How to securely share passwords with third-party contractors?

Sharing passwords with external users such as third-party vendors is risky, especially when insecure methods like email and texting applications are used. Securden has a provision to safely share passwords with third parties by sending them through a browser-based encrypted tool.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote

Thanks for sharing your details.
We will be in touch with you shortly

Thanks for sharing your details.
We will be in touch with you shortly