The value of PAM integrations with a credential vault

March 5, 2021

Imprivata's mission is to make third-party remote access as comprehensive and powerful as possible. To achieve this, our product integrates with a number of other cybersecurity programs and applications to make our customer’s experience as secure and efficient as possible.  In this post, we’ll look at four Privileged Access Management (PAM) providers that securely integrate with the SecureLink platform. CyberArk, Hitachi ID, Thycotic, and BeyondTrust are all reputable PAM vendors that many of our customers use for credential vault (or password vault) capabilities. The securelink credential vault works with these four different PAM integrations to protect passwords and credentials without compromising internal network security.

The SecureLink credential vault

SecureLink Credential Vault enables SecureLink administrators, as well as users who have the proper permissions, to store hidden credentials on the server-side. When a vendor requests access to a server, these credentials are securely provided by SecureLink for the vendor to login without the vendor ever seeing the password or credential information. This eliminates the need for sharing passwords with multiple vendors and ensures that credentials can’t be shared or exposed on a sticky note or through another unreliable source. In short, by keeping credentials hidden, the Credential Vault prevents logins from being compromised, which helps stop potential network intrusions before they can even start.

PAM integrations

Our integration with CyberArk allows customers to use CyberArk’s Enterprise Password Vault to store credentials and integrate them into services that are accessed while using SecureLink. These credentials are stored solely in the CyberArk credential vault, which provides password rotation and automatic password regeneration. All privileged account passwords and SSH keys are protected in a highly secure central repository, which helps prevent the loss, theft, or unauthorized sharing of these credentials. Similarly to CyberArk, SecureLink integration with Thycotic enables users to access Thycotic’s Secret Server to store credentials and integrate them into accessed services. Thycotic allows customers to set password policies, provides the ability to auto-generate passwords, and hides all the organization’s passwords within a single repository.  These benefits are also achieved through SecureLink integration with Hitachi ID (by using Hitachi ID’s Password Manager) and its integration with BeyondTrust (using BeyondTrust’s PowerBroker Password Safe).

Why is integrating credential vaulting important?

By integrating with CyberArk, Hitachi ID, Thycotic, and BeyondTrust, Imprivata customers never have to give credentials to a vendor. The integration provides a more secure experience for Imprivata users and allows customers to take advantage of the benefits of each PAM integration. These benefits include leveraging the native password storage capabilities and policies of each PAM integration partner and retrieving the necessary remote access credentials while connecting to the remote server via the SecureLink connection.  PAM integration partners can also access the SecureLink Credential Vault with minimal configuration, and SecureLink can make API calls to PAM partners to retrieve credentials without additional configuration in the partner application. And to make things even more efficient, each of the PAM integrations follow the same three steps in their connectivity workflow:

  1. The user sends a connection request using their SecureLink credentials
  2. Masked credentials are requested from the partner API
  3. CyberArk Enterprise Password Vault’s API
  4. Thycotic Secret Server’s API
  5. Hitachi ID Password Manager API
  6. BeyondTrust Password Safe API
  7. Masked credentials are passed to SecureLink and applied without user visibility, allowing the user access to the requested server.

In short, this means less fuss for them and more protection for you.

What does this mean for you?

The Credential Vault’s integration with PAM partners means your network is protected from attacks before they can even begin. For each PAM integration, masked credentials are requested from the partner API, then passed to SecureLink and applied — without being visible to the user. In other words, SecureLink Credential Vault provides proactive protection, not reactive. By letting key PAM partners integrate with its Credential Vault – always using masked credentials – SecureLink can provide its customers with a more complete protection solution. To learn more, you don’t need a credential at all. Just request a free, personalized demo today.