Privileged Access Management
The Privileged Access Management service – PAM – is a critical component of identity management, focused on the storage, access, and management of privileged accounts university wide.
The PAM Service provides solutions to the weaknesses that standalone password managers exhibit; and safeguard the university from internal and external bad actors.
Using tools provided by Thycotic Secret Server, PAM provides secure, granular access control to privileged accounts accessible from any browser ensuring that users have access to every password and credential they need – and nothing more.
When maintaining a University-wide ecosystem, preventing unintended access to privileged passwords requires strong access policies. One of the largest areas of concern is the unintended leak of password knowledge through employee turnover and password memorization. Standalone Password managers can alleviate this issue, but do not offer password rotation or robust access management. The PAM service provides a solution to:
- Password strength, and rotation
- Shared credentials accessed by multiple users
- MFA on accounts shared by groups
- Insecure methods of password storage (e.g. storing them in plaintext on a user’s device)
- Difficulty of Access Control
The PAM Service is hosted through distributed servers and is accessible on any device through OSU log-in credentials, meaning that any secret a user may need is both easily accessed, and still encrypted and securely stored behind multi-factor authentication. In addition, PAM has numerous tools to augment an organization’s secrets, including automatic password rotation, templates and policies, and programmatic implementation through Thycotic’s SDK and the REST API.
What are the advantages?
- Administrators can lock important accounts in PAM, and store highly secure passwords to protect the accounts’ integrity.
- Secrets can be accessed and shared through secure internet anywhere and anytime you may need them.
- Templates and policies – length, complexity, time to live – can be put in place, ensuring that every secret has a strong, secure foundation.
- Automatic rotation of service account passwords
What features would I gain?
- Multifactor Authentication through BuckeyePass
- Encrypted, secure vault storage
- Integration into applications using Thycotic’s Secret Server SDK and REST API
- Heartbeat to monitor integrity
- Check in/check out to restrict access of most important secrets
- Full audit log
Please complete the intake form to request new access for a Service or Department
For documentation, please visit go.osu.edu/PAMsupport