Saviynt Privileged Access Management (PAM)

Saviynt Privileged Access Management


CLOUD SECURE for data & privilege
access governance

With hybrid IT becoming the norm and more critical assets / workloads moving to cloud, privileged access compromise for cloud applications is emerging as one of the biggest threats today. More autonomy and flexibility to business and developers means higher proliferation of privileged access and ‘keys to the kingdom.’ It is imperative to manage and govern privilege / service accounts / access / roles / groups and continuously monitor their activity for any signs of compromise. Saviynt delivers a comprehensive solution for privileged / emergency access management and governance for Cloud and enterprise providers such as AWS, Azure,, Workday, Office 365, SAP, SAP HANA, etc.

  • Timed request for privileged /
    emergency access
  • Multi-level flexible approval workflow
  • Perform step-up out-of-band
    authentication for privileged access request
  • Supports 2 models for privilege
    grant – role based and shared account based
  • Claim account ownership of service (non-human) accounts
  • Continuous risk-based certification, Flexible check out / check in policies
  • Record privilege activity sessions
  • Risk-based certification and review of privilege session activity
  • Perform user behavior analytics with Saviynt Risk Insight TM to identify malicious / anomalous activity
  • Identify segregation of duty violations during privilege session
  • Monitor out-of-band and unapproved access changes
  • Supports Cloud and enterprise
  • Requires no password vaulting
  • API-based integration with managed applications eliminates need for access gateway; supports any direct access channel
  • Manage lifecycle of privilege and shared accounts with automatic
    provisioning and ownership
  • Request from mobile devices via native app (iOS and Android)

Go vault-less: a smarter
way to grant
privileged access

Privileged access traditionally has been managed by sharing a common account across multiple users. This introduces the need for additional password vaulting and check out of passwords for limited duration. Saviynt allows check out and check in of privileged access via roles. These privileged roles are then assigned to regular user IDs for a limited duration upon appropriate approvals. This leads to easier correlation of user’s privilege activity as account ID remains unchanged in Cloud IaaS and SaaS audit logs.

Detect policy violations
and anomalies during
privileged activity

Saviynt monitors all privileged session activity to identify if users have leveraged emergency or privileged access to bypass any segregation of duty or access policies. Additionally, Saviynt can correlate accounts and access created manually by administrators to any approved access requests and monitor out-of-band or unauthorized changes being made directly to target systems. Upon identification of potential malicious intent, Saviynt can
automatically kick-off an activity review and certification to normalize or remediate the violations.

Chalk Talk: Privileged Access Management for Cloud Infrastructures

Featuring Vibhuti Sinha, Chief Cloud Officer

Built to scale

Privileged activity especially on IaaS, DevOps and SaaS platforms can be extremely chatty and lead to large volumes of data. Saviynt leverages powerful components such as Elasticsearch and Kibana from Elastic to perform log and usage analysis. Combined with drilldown dashboards and visualizations, Saviynt delivers next generation data analytics driven investigation workbench for Cloud and Enterprise.

Risk-Based Access Request And Certification

Featuring industry leading user experience and flexible approval workflow, Saviynt enables an intuitive UI for requesting privileged or emergency access. Saviynt makes it easy to configure maximum check out duration policies and multi-level approval workflow per system or privileged role. Governance is enforced by controlling who can request access to specific privileged accounts, categorized by business functions. Multiple owners can be defined per privileged account or role who are then responsible for periodic certification and review of their access. Maintain strict control over privileged / service account ownership management by tightly linking it to user lifecycle triggers e.g. if a privileged account / access owner changes jobs, Saviynt detects a potential transfer and launches a micro-certification process to identify new owners.