FortiPAM leverages Fortinet's ZTNA technology to create secure tunnels between the FortiPAM user's endpoint and the FortiPAM server. This requires the use of a FortiPAM agent. FortiPAM can be used without the agent but not all features will be supported. There is also a FortiPAM web extension is used for password filling an session recording without the need for the FortiPAM agent. The FortiPAM agent is available as a free download and is also contained in the standard FortiClient installer along with the FortiClient ZTNA agent controlled by FortiClient EMS. Using the full FortiClient agent with ZTNA tags provides access control to secrets within FortiPAM.
Manage account credentials
Managing privileged accounts goes beyond storing privileged credentials. It means fully automating the privileged-accounts lifecycle. Organizations often struggle with orphaned privileged accounts or ensuring these accounts have updated credential policies. FortiPAM can help manage privileged accounts by automatically changing passwords based on policy. FortiPAM owns the privilegedcredential vault of specific resources so that users will not need to know the resource's credentials. This reduces the risk of the credentials falling into the wrong hands. FortiPAM also ensures that no sensitive privileged account information will be delivered to the end-user's device in proxy mode.
Control privileged user access
Privileged accounts need to use zero-trust principles because of the sensitive company resources they have access to. FortiPAM can bring zero-trust to these privileged accounts by ensuring that end users are only granted access to critical resources based on roles, such as standard user or administrator, and always ensuring least privilege. FortiPAM provides full controls of all resource secrets through administrator-defined central policies. These include options for automatic password changes after check-in. Organizations are also able to use FortiPAM to implement a hierarchical approval system and control risky commands.
Monitor privileged access
In addition to managing and controlling privileged accounts, it's just as important to provide monitoring capabilities for users of these highly sensitive resources. FortiPAM can provide reporting of privileged account usage in the case of a security incident. FortiPAM can provide fullsession video recordings to provide a view of the users logged into privileged accounts, including monitoring keystrokes and mouse events. When needed for audit purposes, FortiPAM can provide full audit tracking of all privileged account usage.