TKM Teknologi

MANAGING & BROKERING ACCESS FOR HUMAN AND MACHINE

PAM Feature — Managing & Brokering Access for Human and Machine
PAM Feature 03

Managing & Brokering Access for Human and Machine

Enabling controlled access for authorized users and machines

A cybersecurity strategy used to control, monitor, and secure access to critical systems, applications, and data. Users and machines with elevated permissions — “privileged accounts” — pose the highest risk if compromised, so their access must be carefully managed.
Privileged Access Scope
  • Human users: System administrators, operators, help desk staff, security personnel.
  • Machines / non-human entities: Applications, scripts, services, workloads, automated processes.
Managing Privileged Access for Users
  • Credential Vaulting – Passwords, SSH keys, and secrets are stored in a secure vault and rotated automatically to reduce misuse.
  • Session Management – Cross-platform session isolation prevents direct access to critical systems, ensuring administrators connect through controlled channels.
  • Granular Access Policies – Role-based access ensures that each user only gets the minimum privileges required.
  • Least Privilege Principle – Users are given only the minimum access required for their role.
  • Just-in-Time (JIT) Access – Privileged access is granted only for a limited time when needed.
  • Multi-Factor Authentication (MFA) – Ensures that even if credentials are stolen, unauthorized access is blocked.
  • Audit & Monitoring – Every privileged session is recorded for compliance and forensic analysis.
Managing Privileged Access for Machines / Applications
  • Machine-to-Machine Authentication – Brokers access for applications and workloads using API keys and certificates stored in the vault.
  • Access Segmentation – Applications get only the permissions they need for their function.
  • Automated Secret Rotation – Application credentials are rotated without downtime, reducing risk of credential theft.
  • Workload Security – Privileged access is extended to cloud workloads and containers, ensuring secure machine communication.
  • Integration with DevOps – Supports dynamic environments where applications need temporary elevated access.
  • Monitoring & Alerting – Logs machine activity to detect abnormal behavior, like unexpected access attempts.
Brokering Privileged Access
  • Human brokering: Admin requests access → PAM verifies identity and role → grants temporary session → logs all actions.
  • Machine brokering: Application requests credentials → PAM provides time-limited credentials → revokes after use.
Unified Workflow
01
Request

Entity identifies itself and asks for access

02
Verify

Checks authorization and if request meets policy

03
Broker

Retrieves secret from vault, creates secure bridge to target

04
Audit

Session logged, password rotated, compliance report generated

Managing and Brokering Access workflow illustration

End-to-end flow: session is logged, password rotated, and compliance report generated