Overview

Keeper Privilege Manager

Introduction

Keeper Privilege Manager is an advanced Privileged Elevation and Delegation Management (PEDM) solution that provides secure, just-in-time privileged access across your IT environments.

This comprehensive documentation will guide you through the setup, deployment, and management of Keeper Privilege Manager.

By implementing Keeper Privilege Manager, your organization can enforce least-privilege policies, eliminate standing admin rights, and provide just-in-time access at both the process and machine levels, protecting against data breaches and cyber attacks.

Solution Overview

Keeper Privilege Manager offers a robust set of features designed to secure your endpoints through privilege management:

• Agent-based deployment across Windows, Linux, and macOS endpoints

• Least-privilege management for all desktops and servers

• Elimination of standing local admin rights across all deployments

• Process-level privilege management for granular access control

• Just-in-time (JIT) access at both process and machine levels

• Flexible policy management based on your organization's risk tolerance

• Standards-based architecture leveraging SPIFFE and MQTT protocols

Dashboard

The default Dashboard contains all recent events, including any events in monitoring mode. From the Dashboard, the user can navigate to the main areas of Privilege Manager including:

• Requests: Process all elevation events which require Admin attention

• Deployments: Push out the Keeper agent to all endpoints

• Collections: Manage groups of machines and users for applying policy

• Policies: Enforce least privilege access across your fleet of devices

Privilege Manager Within the KeeperPAM Platform

Privilege Manager is a new integrated service within the comprehensive KeeperPAM platform. KeeperPAM serves as the unified platform for privileged access management, encompassing multiple complementary services:

• Password Management: Secure storage and rotation of credentials

• Secrets Management: Control of application secrets and API keys

• Zero Trust Network Access: Secure, verified remote connections

• Connection Management: Streamlined access to remote systems

• Secure Tunneling: Protected pathways to sensitive resources

Privilege Manager extends KeeperPAM's capabilities to address local privilege elevation on endpoints. While other KeeperPAM services focus on securing how users connect to systems and resources, Privilege Manager governs what privileges users have once they're working on those systems. For example, an administrator might use KeeperPAM's connection capabilities to securely access a server, and then Privilege Manager controls their local admin privileges on that server. Similarly, Privilege Manager can manage everyday privilege elevation requests on end-user workstations, removing the need for standing local admin rights while still enabling essential operations through just-in-time elevation.

End-User Experience

Users running the Keeper agent are provided with an interface to see the policies applied to their device, and monitor their approvals and elevation requests. Any application policies are listed in the UI.

On Windows and macOS endpoints, the user will receive prompts when elevation is enforced by policy. On macOS, a system extension is installed to manage privilege.

On Linux endpoints, Keeper PAM module protects sudo elevation requests for applied policies.

About this Guide

This guide on Privilege Manager is broken down into the following sections:

• Setup

• Deployment

• Policies

• Managing Requests