What Is Privileged Identity Management?

By Vince Lujan Posted March 14, 2019

Privileged Identity Management

What is Privileged Identity Management? Basically, Privileged Identity Management (PIM) refers to a subset of identity federation services that manage user access to some of the most critical and important systems in an IT organization. For example, PIM solutions are often used to control user access to remote servers, databases, network equipment, and other critical applications.

PIM solutions are typically add-ons within the overall Identity and Access Management (IAM) category. In fact, PIM solutions are often extensions to on-prem identity provider (IdP) platforms such as Microsoft® Active Directory® (AD). Given their tight integration with legacy platforms, PIM solutions have served to federate user identities to critical IT resources for many years now.

A Brief History of Privileged Identity Management

The concept of privileged identity management emerged in the mid-2000s, due to the inability of traditional IAM solutions to tightly control, manage, and report on user access to remote servers, databases, network equipment, and critical applications. Prior to the necessity of PIM solutions, most of the critical resources within an IT organization were on-prem and based on the Windows® operating system (OS).

The dominance of Windows OS enabled IT admins to use legacy tooling, primarily Active Directory, to effectively manage their entire network from one centralized location on-prem. Of course, that all changed in the early-2000s with the introduction of cloud servers, virtual databases, remote network equipment, and web applications to name a few examples.

Active Directory was specifically designed to support on-prem networks of Windows-based IT resources. Consequently, new innovations that were not on-prem, nor Windows-based, were difficult to manage directly with AD alone.

Yet, IT organizations still needed a way to control user access to critical resources such as those previously noted and preferably from one centralized location. It was this challenge that opened the door for add-on solutions like Privileged Identity Management, which could extend traditional identities to previously unsupported IT resources.

PIM in a Nutshell

The core functionality of privileged identity solutions revolve around providing IT administrators with secure access control to critical IT resources that are unsupported by traditional IAM solutions. Specifically, user accounts can be issued to admins with specific privileges that include the ability to write data, create accounts, or execute tasks to name a few examples.

PIM solutions also feature numerous mechanisms to keep privileged accounts secure such as multi-factor authentication (MFA), Secure Shell (SSH) keys, and similar layers of additional security. Without PIM solutions, securing user access to critical resources had to be achieved manually, or worse, not at all.

Modern Privileged Identity Management

Today, PIM solutions are still a critical part of traditional, on-prem identity management infrastructure. However, as more of this traditional IT infrastructure shifts to the cloud, IT admins are looking for next generation identity management solutions that don’t require heavy investment into on-prem infrastruture and add-ons. So, specifically, how do you continue to leverage the benefits of privileged identity management without a traditional identity provider or anything on-prem? Easy, choose a comprehensive cloud-based directory services platform that offers PIM functionality as a core part of the solution.

JumpCloud® Directory-as-a-Service® is a great example. JumpCloud can securely manage and connect users to virtually any IT resource from one comprehensive cloud directory and includes the ability to set specific privileges for user and admin accounts. As a result, IT admins can continue to take advantage of all of the benefits of PIM solutions, but without anything on-prem and without the need for multiple identity management platforms.

Contact JumpCloud to learn more about Privileged Identity Management, and to see how the Directory-as-a-Service platform can provide PIM services in your environment. Sign up for a free account and check it out for yourself. We offer 10 users free forever to help get you started.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts