Securden Privileged Account Manager (PAM) is a web-based, on-premise, self-hosted software-only solution and is available as a binary for installation on Windows. The package contains everything needed and you don’t require any other hardware or software. It comes with an inbuilt web server and PostgreSQL server as the RDBMS. Optionally, you can use MS SQL Server as the backend database.
The solution runs on a central server connected to a backend database. The server handles all the business logic. End-users connect to the server using any standard web-browser.
The product integrates with Active Directory and SAML-based Single Sign-On solutions for user management and authentication. It also integrates with a variety of MFA providers - any TOTP authenticator (Google authenticator or Microsoft authentication), any RADIUS-based authentication mechanism (RSA SecurID, Digipass, etc.), Duo Security, Yubikey, Email to SMS gateway and OTP through email.
Enterprise requirements such as data backup, high availability, and disaster recovery are all in-built.
The product stores all sensitive information in a fully encrypted manner in a secure, digital vault. Securden uses AES-256 for encryption. The encryption key is unique to every installation and is automatically generated.
For Remote Connections, session management and recording, Securden provides the option for a gateway approach. All remote connections from endpoints to target IT resources are routed through the remote gateway. This approach eliminates the need for direct connectivity between the endpoints and the sensitive IT infrastructure and ensures a higher level of security. The design also proves to be highly scalable capable of handling a large number of concurrent remote connections.
The remote gateway approach is supported by the option to deploy multiple application servers, which help in handling privileged account management for a distributed network or distributed data center environments from a central installation.
The Securden PAM installation package delivers all these functionalities. An installation instance can just have two physical servers (primary and secondary) or multiple application servers as required.