Account Credentials, User Access, and Activity
Privileged Access and Session Management for managing account credentials, controlling privileged user access, and monitoring activity on privileged accounts. FortiPAM ensures uptime with high availability active/standby HA capabilities.
FortiPAM privileged access management provides controls over elevated privileged access and permissions for users, accounts, processes, systems, and sensitive data across the entire IT environment. FortiPAM is an integral component of the Fortinet Identity and Access Management (IAM) solution which allows organizations to provide tight security for privileged accounts and privileged credentials. FortiPAM provides tightly controlled privileged access to the most sensitive resources within an organization. It enables end-to-end management of privileged accounts, control of privileged user access, and visibility of account usage including monitoring and audit capabilities. These features allow FortiPAM to introduce zerotrust principles to privileged accounts and dramatically lower an organizations' overall attack surface.
Organizations looking to modernize IAM capabilities need to look beyond standard user identities and bring in controls for privileged accounts in the form of a PAM solution. These accounts have access to the most sensitive information which necessitates an extra level of security. FortiPAM can assist with three primary use cases when it comes to privileged accounts. These are managing account credentials, controlling privileged user access, and monitoring privileged activity.
ZTNA Elements - FortiPAM as Access Proxy
The components of a client-based ZTNA solution.
Manage Account Credentials
Managing privileged accounts goes beyond storing privileged credentials. It means fully automating the privileged-accounts lifecycle. Organizations often struggle with orphaned privileged accounts or ensuring these accounts have updated credential policies. FortiPAM can help manage privileged accounts by automatically changing passwords based on policy. FortiPAM owns the privilegedcredential vault of specific resources so that users will not need to know the resource's credentials. This reduces the risk of the credentials falling into the wrong hands. FortiPAM also ensures that no sensitive privileged account information will be delivered to the end-user's device in proxy mode.
Control Privileged User Access
Privileged accounts need to use zero-trust principles because of the sensitive company resources they have access to. FortiPAM can bring zero-trust to these privileged accounts by ensuring that end users are only granted access to critical resources based on roles, such as standard user or administrator, and always ensuring least privilege. FortiPAM provides full controls of all resource secrets through administrator-defined central policies. These include options for automatic password changes after check-in. Organizations are also able to use FortiPAM to implement a hierarchical approval system and control risky commands.
Monitor Privileged Access
In addition to managing and controlling privileged accounts, it's just as important to provide monitoring capabilities for users of these highly sensitive resources. FortiPAM can provide reporting of privileged account usage in the case of a security incident. FortiPAM can provide fullsession video recordings to provide a view of the users logged into privileged accounts, including monitoring keystrokes and mouse events. When needed for audit purposes, FortiPAM can provide full audit tracking of all privileged account usage.
- Connects, as part of Fortinet's Security Fabric, with FortiAuthenticator, FortiToken, and FortiClient for a complete IAM solution
- Integrates with FortiClient EMS for zero-trust network access (ZTNA) advanced access tagging
- Provides high-performance and low-latency for business-critical resources
- Includes scheduled credential changing capabilities (LDAPS, Samba, SSH, SSH key)
- Enables native program access with PuTTY and RDP (FCT required) along with browser-based access via Chrome, Firefox, and Edge
