Product Roadmap
Customer Request
This module helps admins enforce least privilege access across multi-cloud environments by providing continuous visibility, improved risk assessment, cleanup the excessive privileges.
Using EPM, IT administrators can enforce application access controls and manage privileged application access based on user requirements, establish detailed allow-lists and deny-lists for authorized users or applications. This also helps IT admins enable temporary privileged application access during critical situations. These features are powered by ManageEngine's native application control solution, Application Control Plus.
With the help of the SCIM API protocol, IT administrators can integrate PAM360 with any IAM or IGA tool to perform user management actions like user provisioning and deprovisioning, user role association, and user group allocation. These actions, once triggered in your IAM console, will then reflect within PAM360.
Administrators will make use of the SDK in various languages such as Java, Python and C# to pull the password from PAM360 vault for their legacy or internal or external applications to get the latest updated password of their privileged accounts. Apart from password retrieval, operations for managing accounts and managing resources will be provided in the SDK.
PTA helps IT administrators automate repetitive privileged tasks across multiple endpoints and applications, improving operational efficiency. PTA helps perform administrative tasks in a sequence, in parallel, or as a batch in multiple endpoints, such as executing custom SSH and PowerShell scripts, through seamless workflows.
An all-new way to manage privileged access within PAM360, with this release IT administrators can set up customizable privilege access policies based on a set of predefined criteria. This criteria might include approval workflow mechanisms, granular access controls, JIT privilege elevation configurations, command and application controls, RemoteApp access, etc.
These enhancements to the PAM360 agent will feature self-upgrade and automatic installation, repair, and restart capabilities without human intervention.
We aim to extend agent-based features such as endpoint discovery, credential management, and more to all MAC-OS resources.
This update includes recording website connections launched on PAM360. The session recording will be instantly available under Audits after every session.
Along with our FIPS compliant PAM360 installation builds, we will soon be introducing a Bouncy Castle FIPS 140-2 compliant build to harden the security.
In addition to the existing Password Management API list, we are introducing the gRPC API. Using this support, PAM admins and users can perform password operations in Application-to-Application(A-to-A) and Application-to-Database(A-to-DB) with enhanced performance and interoperability.
Administrators have an option to set up an application gateway server using which they can discover Linux resources from environments that are not directly connected to PAM360. Using this application gateway server, admins can also perform password resets for remote hosts.
Administrators will be able to enable different two-factor authentication options for users based on their needs and preferences.
Approval authorities will be able to view the access permissions of all the privileged accounts across the organization and review it periodically. Reports will be available for their review and approval process as well.
PAM administrators will be able to create access policies based on the user and device trust score, conditions and criteria. Based on the criteria, administrators can configure actions such as setting a warning message or email, terminating a session, preventing the users from taking sessions in future, and more.
This integration is aimed at enabling administrator to fetch the latest passwords from the PAM360 vault without breaking or changing the workflows created in the XSOAR platform.
This integration helps you to fetch secrets stored in the Kubernetes clusters and manage them from the PAM360 interface—you can fetch, manage, and periodically rotate secrets obtained from multiple Kubernetes clusters. Through the integration, you can achieve collaborative management of the Kubernetes secrets used in your enterprise.
Administrators and users of PAM360 are able to take RDP and SSH sessions in a single click via a native client from a windows operating system.
Intending to provide uninterrupted access to passwords, we have introduced another functionality - the Read-Only (RO) server for the PostgreSQL database. Unlike the concept of High Availability, where there will be one Primary server and one Secondary server, the Read-Only server can be configured in multiple. The Read-Only servers function as mirror servers, synchronizing all of the Primary server's operations.
Enables administrator to create a periodic account and resource discovery such that he will set a time such as every 5 days, monthly, etc., to discover the new accounts and feed them into PAM360 automatically.
Administrators can configure a set of commands/applications such that lesser privileged users can execute/run them in an elevated privilege without knowing the password of that privilege account.
PAM administrators will have an option to authorize a set of commands for a particular resource, and users will be allowed to execute only the authorized commands during a remote SSH session. If the user executes any commands other than the configured one, it will throw an error.
Administrators will be able to configure their legacy web applications in PAM360, where they can add layers of PAM authentication before accessing the web application via PAM web console without providing direct access to the end users.
The Security Hardening Score feature validates the customer environment with security options given from PAM360 on a periodical basis to ensure whether the security measures are handled. Security Hardening Score would help the customers to ensure how securely they are using the privileged access management tool in order to avoid external security threats and unforeseen data losses.