Given the increasing importance of safeguarding and governing accounts with elevated permissions — especially those that provide “the keys to the kingdom” — we are pleased to announce the addition of a new Privileged Access Management module (Beta) in Devolutions Hub Business.
For those of you who are unfamiliar with this product, Devolutions Hub Business is our flexible, highly secure, and easy-to-use cloud-based password management solution for team environments. A free 30-day trial is available.
Participate in the Beta Program
Currently, the new module is in its beta phase as we make ongoing improvements and refinements in preparation for the inaugural official public release. We would love for you to participate in the beta program!
Simply contact us at firstname.lastname@example.org, and we will send you a free license. We will also schedule a session with a member of our Support Team to walk you through the installation and configuration process, in order to establish a connection between Devolutions Hub Business and your internal resources.
About the New PAM Module
The new PAM module in Devolutions Hub Business governs your Azure AD privileged accounts.
Here are some of its main features:
- Secure PAM vault for the management of all your different privileged accounts
- Checkout request approval
- Automatic password reset
- Secure password injection
- Administration report
Since Devolutions Hub Business is a cloud-based solution, you must install Devolutions Hub Services to establish communication between your Hub Business and your internal resources.
This service allows privileged account passwords to be automatically reset once access has expired. You can also manually trigger the password reset via the menu.
Overall, this significantly increases visibility and strengthens your overall security profile.
Take a look below at some of the key functions in the new PAM module:
Access to a Privileged Account
There are three ways that users can request access to a privileged account: from the PAM vault in Hub’s web interface, within Remote Desktop Manager, or upon connecting to a linked remote session in Remote Desktop Manager.
Requesting Access Directly from the PAM Vault
Through the Hub web interface, the user can request access to a privileged account, which must be approved by the Admin (or other designated PAM approver):
Once the request is approved, the user can proceed to view/copy the password account (per their assigned permission). Notice, in the image below, that the account is in use.
At the end of the request’s specified duration (e.g., one day after access is granted), access is revoked. The check-in process automatically resets the password of the account.
Requesting Access in Remote Desktop Manager
Remote Desktop Manager users can also request access to a privileged account by clicking the PAM Vault icon in the menu bar:
The workflow is similar to the process described a moment ago. Once the request is approved, users can either copy the password, or they can connect to a session that exists in the shared vault.
Linking Directly to a Remote Session
Privileged accounts can be linked directly to a remote session in Remote Desktop Manager (RDP or SSH Shell). Each time a user attempts to open a session, a prompt appears with a check-out request. Only after approval is granted can the user connect to the session with the linked privileged account.
Manage and Monitor Privileged Account Usage
You can easily monitor privileged account activity through the check-out requests report, which provides all relevant information along with dates and timestamps:
In addition, you can look at the tasks report to make sure that the account password was reset:
You can also monitor and verify PAM vault activity in the activity logs report:
Privileged accounts also contain a log of all activity within the entry:
Don’t Forget to Request Early Access
As mentioned, the new PAM Module is currently in beta. To request early access and play a key role in optimizing this new service, simply email email@example.com and we will guide you through the process!