G2 Crowd builds the world's largest business commerce platform fueled by $100M in funding 🚀

Best Privileged Access Management Software

Privileged access management (PAM) software allows administrators to control an employee or business partner’s access to sensitive information and applications. This allows businesses to gain greater control over who is able to enter networks, utilize applications, and view sensitive data. These solutions provide an identity to each individual user with a set of permissions for account access. PAM tools often provide identity lifecycle management features to create, edit, and eliminate a user’s privileged access permissions. These tools improve data security and simplify identity management for businesses.

There is some crossover between PAM solutions and customer identity and access management (CIAM) tools. PAM offerings are more geared toward internal employee permissions and business-to-business relations. CIAM solutions, on the other hand, help companies create consumer identities and control customer access capabilities.

To qualify for inclusion in the Privileged Access Management category, a product must:

  • Allow administrators to create and provision privileged access accounts
  • Provide identity lifecycle management features
  • Monitor privileged access behaviors
  • Record historical privileged access
G2 Crowd GridÂŽ for Privileged Access Management
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction

Get personalized Privileged Access Management recommendations

1
2
3
Compare Privileged Access Management Software
    Results: 86

    Filters
    Star Rating

    Privileged Access Management reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.


    Centrify Application Services improves end-user productivity and secures every user’s access to apps. IT teams that leverage Centrify's Application Services are able to support internal users (employees, contractors) and external users (partners, customers), wherever they are. Components of Centrify Application Services: Single Sign-On – One-click access to your cloud, mobile and on-premises apps. No more forgotten passwords, no more user confusion. Adaptive MFA for App Access – A common sense approach to multi-factor authentication with risk-based policy that does not hinder end-user productivity. Workflow & Lifecycle Management – Automatically route application requests, create accounts, manage entitlements within those accounts, and revoke access when necessary. Provision users across apps, all from a central control point. Mobility Management – Manage devices, secure native mobile apps and provide context for smarter access decisions. App Gateway – Provide your IT administration teams with secure, granular access to infrastructure regardless of location and without the hassles of a VPN. More about Centrify: Centrify delivers Zero Trust Security through the power of Next-Gen Access. Centrify verifies every user, validates their devices, and limits access and privilege.   Centrify’s Next-Gen Access is the only industry-recognized solution that uniquely converges Identity-as-a Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). 
 Founded in 2004 by Tom Kemp, Adam Au and Paul Moore, Centrify is customer funded by over 5,000 customers and backed by top tier investors including Accel Partners, Mayfield, Sigma West, Index Ventures, Samsung Ventures, NTT Docomo and Fortinet.


    Salesforce App Cloud provides an out-of-the-box identity solution using open standards, including SAML, OpenID Connect, OAuth, and SCIM. Now IT can manage apps, users, and data sharing with simplicity and transparency.


    OneLogin simplies identity management with secure, one-click access, for employees, customers and partners, through all device types, to all enterprise cloud and on-premises applications. OneLogin enables IT identity policy enforcement, and instantly disables app access for employees who leave or change roles in real time by removing them from Active Directory. Take control over application access, quickly on- and off-board team members, and provide end users with easy access to all their apps on every device. Extend your on-premises security model to the cloud in minutes. Eliminate the pain and expense of extensive identity policy management. OneLogin reduces identity infrastructure costs and complex integration project for each new app and efficiently extends identity policy to the cloud. OneLogin eliminates the need for lengthy integration and provisioning projects, manual de-provisioning, protracted on- and off-boarding processes, username and password resets, and Shadow IT policing.

    OneLogin Reviews

    AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.


    Foxpass offers enterprise-grade infrastructure identity and access control to companies of every size. Our cloud-hosted or on-premise LDAP, RADIUS, and SSH key management solutions ensure that employees have access to only the networks, VPNs, and servers required for each employee, and only for the time period desired. Foxpass integrates with a company’s existing products (like Google Apps, Office365, Okta, Bitium) for a seamless experience.

    Foxpass Reviews

    Enterprise-class, unified policy-based solution that secures, manages and logs all privileged accounts.


    Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The Oracle Identity Management platform delivers scalable solutions for identity governance, access management and directory services.



    Centrify’s Infrastructure Services are designed to stop breaches that abuse privilege. IT teams are able to minimize their attack surface and control privileged access to the hybrid enterprise, along with other features that simplify compliance. Components of Centrify Infrastructure Services: Identity Broker – Access & authentication to geo dispersed infrastructure (on-premises & private or public cloud), leveraging identities in AD, LDAP or cloud directories such as Google’s. Adaptive MFA for Privileged Access – Risk-based MFA for admins who access Windows & Linux servers, elevate privilege or leverage privileged creds. Privilege Elevation – Self-service request system facilitates requests for specified roles & time periods - if approved, will automatically revoke that access upon expiration. Shared Account Password Management– Gives internal users, outsourced IT & 3rd party vendors secure, always-on access to critical shared account passwords (maintaining control over who has access, which passwords they use & how those passwords are managed). Privileged Access Request – Temporary, time-bound privileged access to on-premises & cloud-based infrastructure. Secure Remote Access – Secure Privileged Access for On-Site & Remote Administration. Auditing & Reporting – Monitor user activity, conduct forensic investigations & prove compliance. More about Centrify: Centrify delivers Zero Trust Security through the power of Next-Gen Access.  Centrify verifies every user, validates their devices, and limits access and privilege.   Centrify’s Next-Gen Access is the only industry-recognized solution that uniquely converges Identity-as-a Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). 
 Founded in 2004 by Tom Kemp, Adam Au and Paul Moore, Centrify is customer funded by over 5,000 customers and backed by top tier investors including Accel Partners, Mayfield, Sigma West, Index Ventures, Samsung Ventures, NTT Docomo and Fortinet.


    Access Manager provides a simple yet secure and scalable solution that can handle all your web access needs—both internal as well as in the cloud.


    AWS Directory Service is a service that setup and run Microsoft Active Directory (AD) in the AWS cloud, or connect AWS resources with an existing on-premises Microsoft Active Directory and can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, domain join Amazon EC2 instances, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads.


    So much more than SSO – Cloud Identity Service is a complete Identity and Access Management as a Service (IDaaS). Onboard SaaS apps 100x faster Cloud Identity Service has onboarded SaaS applications 100x faster than legacy on premises IAM environments and can integrate nearly any number and type of identity repositories in 5 easy steps. Reduce IAM costs by up to 60% Eliminate on-premise hardware and software deployment costs, as well as upgrade and maintenance expenses. Cut deployment time up to 75% Without requiring clients to hire and train specialized IAM staff, Cloud Identity Service is deployed up to 75% faster than off-the-shelf identity and access management systems.


    Silverfort delivers strong authentication and adaptive Multi-Factor Authentication (MFA) across corporate systems including on-premise, cloud and hybrid environments, from a unified platform, without deploying any software agents or gateways and without modifications to endpoint or servers.


    HashiCorp Vault is a tool that secure user applications and infrastructure to limit the surface area and attack time in the event of a breach


    JumpCloud's Directory-as-a-Service® (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need access to. DaaS securely connects employees with systems, applications, and other resources through a single unified cloud-based directory, replacing the need for on premise solutions such as Active Directory® and LDAP. JumpCloud supports all major OS platforms and is designed to control and manage user access to both internal and external IT resources such as servers and applications.


    WSO2 Identity Server provides sophisticated security and identity management of enterprise web applications, services, and APIs, and makes life easier for developers and architects with its hassle-free, minimal monitoring and maintenance requirements. In its latest version, Identity Server acts as an Enterprise Identity Bus (EIB) — a central backbone to connect and manage multiple identities regardless of the standards on which they are based. In addition to using role-based access control (RBAC) convention, fine-grained policy based access control, and SSO bridging to make identity and entitlement management effortless, the all-new version of Identity Server now includes features such as identity token transformation and mediation for seamless integration between internal applications and cloud apps such as Salesforce, Google Apps, and Microsoft Office 365; new user and group provisioning capabilities; and multi-option and multi-step authentication to provide flexibility in selecting authentication options and enable robust multi-factor authentication. • System and User Identity Management • User and Groups Provisioning • Entitlements Management • XACML 2.0/3.0 Support • Lightweight, Developer Friendly and Easy to Deploy • Manage and Monitor


    Oracle's complete, integrated, next-generation identity management platform provides breakthrough scalability with an industry-leading suite of identity management solutions. Reduce operational costs. Achieve rapid compliance with regulatory mandates. Secure sensitive applications and data regardless of whether they are hosted on premises or in the cloud


    Clearlogin Single Sign-On & Cloud Identity App Dashboard integrates with hundreds of apps and supports custom integrations. Grant and revoke access for groups and individuals with a single click. Give users access to the apps they use every day, from anywhere. Receive reports and alerts on all aspects of user access, including unsuccessful login attempts, password changes, geography and browser data. Mitigate potential risks and take comfort in an extra layer of security with enhanced authentication features.


    Fine-grained access control and visibility for centrally managing cloud resources


    Built on Force.com with standards-based SSO, 2-factor strong authentication via any mobile device, and account provisioning to hundreds of SaaS apps.


    One username. One password. Zero headaches. The PingOne® cloud is an identity-as-a-service (IDaaS) solution that enables organizations to deliver secure cloud single sign-on (SSO) and multi-factor authentication for users with just one username and password—eliminating the multiple password security problem. Recognized by Gartner®, Forrester®, IDC and KuppingerCole, the PingOne cloud delivers one-click access to all of the SaaS, legacy and custom web applications your users need while increasing security for your organization. Get more info: https://www.pingidentity.com/en/products/pingone.html


    Alibaba Cloud Resource Access Management (RAM) is an identity and access control service which enables you to centrally manage your users (including employees, systems or applications) and securely control their access to your resources through permission levels. RAM thereby allows you to securely grant access permissions for Alibaba Cloud resources to only your selected high-privileged users, enterprise personnel and partners. This helps to ensure secure and appropriate usage of your cloud resources and protects from any unsolicited access to your account


    Apache Syncope is an open source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license.


    Lieberman RED – Rapid Enterprise Defense Identity Management, formerly known as Enterprise Random Password Manager, is a Proactive Cyber Defense Platform. It protects organizations against malicious insiders, advanced persistent threats (APTs) and other sophisticated cyber attacks – on-premises, in the cloud and in hybrid environments. RED Identity Management simplifies the management of your privileged credentials, delivering automated protection at scale, with a rapidly deployed and affordable solution. RED Identity Management continuously discovers and tracks privileged accounts on your cross-platform network, and automatically provides each account with unique and frequently changing credentials. It ensures that powerful privileged identities are only available to audited users on a temporary, delegated basis – preventing unauthorized and anonymous access to systems with sensitive data.


    Bomgar Privileged Identity, formerly Lieberman Rapid Enterprise Defense (RED) Identity Management, is a proactive cyber defense platform that advances password security for privileged users and IT vendors from day one. Privileged Identity continuously discovers and tracks privileged accounts on your cross-platform network, and automatically provides each account with unique and frequently changing credentials.


    Cloud Identity Services enable organizations to simply and securely manage digital identities across virtually any combination of internal/external systems and end user groups.




    The comprehensive solution for provisioning identities and controlling access.


    The BeyondTrust PowerBroker Privileged Access Management Platform is an integrated solution that provides visibility and control over all privileged accounts and users. By uniting capabilities that many alternative providers offer as disjointed tools, the platform simplifies deployments, reduces costs, improves system security, and reduces privilege risks. Key Solutions Include: ENTERPRISE PASSWORD SECURITY Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution. ENDPOINT LEAST PRIVILEGE Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security. SERVER PRIVILEGE MANAGEMENT Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account. A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems. Learn more at https://www.beyondtrust.com/products/powerbroker/


    Privileged Account Manager allows IT administrators to work on systems without exposing administrator or supervisor passwords, or root-account credentials.


    SecureAuth IdP streamlines secure access into all applications and resources with one set of credentials; regardless of cloud, mobile, web or VPN resources. IdP enables any device with any identity type to authenticate to any identity store using any VPN to access any application — offering unparalleled choice and flexibility. SecureAuth puts strong adaptive authentication in front of SSO across all applications (on-premises, cloud, mobile and homegrown) to ensure maximum protection without compromising the user experience.


    Optimal IdM is a global provider of innovative and affordable identity access management solutions. We partner with our clients to provide comprehensive, fully customizable enterprise level solutions that meet the specific security and scalability needs of their organizations. Customers include Fortune 1000 companies, as well as Federal, State and Local Government agencies all over the world. The OptimalCloud is a complete Identity-as-a-Service (IDaaS) solution with delegated administration and workflow capabilities that can be customized to meet the specific needs of its clients. The OptimalCloud offers a private, secure and dedicated cloud which is essential for meeting corporate security and compliance restrictions. Further to that, The OptimalCloud’s built-in cloud reporting system provides real time historical audit record of all activity including detailed granular reporting which is stored in a dedicated private database. The OptimalCloud is billed as an affordable, flat monthly fee which fits with budgetary and approval requirements.


    Workspace ONE is a digital workspace platform that simply and securely delivers and manages any app on any device by integrating access control, application management and multi-platform endpoint management. It is available as a cloud service or for on-premises deployment.


    4TRESS is an identity management software that provides physical and logical access coordination, internal threats protection for secure remote access.


    Access Director is an access management software that removes local administrative privileges.


    AccessMatrix Universal Access Management (UAM) is a comprehensive web single sign-on (SSO), web access management, federated single sign-on (SSO), externalized authorization management, and hierarchy-based delegated administration system.


    Access Sentinel is an identity management software allows third-party applications to externalize their access control decisions.


    Account Genious is a identity management software that provides user account management, role-based access control, sensitive data encryption, and report generation.


    Akku is an Identity and Access Management (IAM) solution that is packed with features including single sign-on, password policy enforcement, IP- and device-based restrictions, multi-factor authentication and YouTube filtering. It provides enterprises with complete control over data access and privacy on the cloud while ensuring that they stay compliant to statutory industry standards. Akku also offers a dedicated deployment support service, without the need for a third-party system integrator, along with round-the-clock support for operations, maintenance, and troubleshooting. With this, Akku enables the seamless integration of on-premise legacy applications with that of a company’s cloud environment.


    ARCON | Privileged Access Management (PAM) is a comprehensive solution which provides additional security layers to safeguard an enterprise's critical systems and confidential information. The solution helps in mitigating insider and advanced cyber threats. With a host of advanced features, ARCON | PAM suite provides real-time threat alerts, analytics and monitoring that helps in preventing unauthorized access to the systems. The solution essentially provides a robust security framework whilst boosting operational efficiency.


    Defendpoint combines privilege management and application control technology in a single agent, making admin rights removal simple and scalable across desktop and servers.


    Avencis Hpliance is a solution for Identity Management (IAM) designed to define and centralise the management of digital identities.


    AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.


    Privileged Session Management (PSM) controls privileged user access to your IT systems, neutralizing hacks and offering unprecedented control. PSM is fast to deploy and integrates seamlessly into existing networks, so you can keep compliant with the latest security regulations and realize the ROI of better security quickly.


    bi-Cube IAM is an identity management software that provides an intelligent middleware with interfaces of different system integration and powerful administration tools.


    Increase user productivity and business flexibility with user provisioning & identity management.


    Centrally manage and unify privileged user policies across multiple physical and virtual environments. Users can securely access critical IT resources without gaining a footprint on the network—while you monitor all activity across your entire IT infrastructure.


    Control high value and sensitive servers to reduce the risk of costly security breaches or compliance failures.


    CA Threat Analytics for Privileged Access Manager provides a continuous, intelligent monitoring capability that helps enterprises detect and stop hackers and malicious insiders before they cause damage. The software integrates a powerful set of user behavior analytics and machine learning algorithms that highlight activities that pose a higher than normal risk of breach


    CA Trusted Access Manager for Z helps deliver trusted systems and improve business efficiency through comprehensive privileged access management for your mainframe


    Change Guardian gives you the security intelligence you need to rapidly identify and respond to privileged user activities that could signal a data breach or result in compliance gaps.


    Core Access Insight is a software that helps to resolve immediate threats with prognostic analytics applied to the big identity and access data in the enterprise, by creating in-depth views of areas of access through visually intuitive heat maps and has a real-time view of the multi-dimensional relationships between identities, access rights, policies, resources, and activities across a multitude of enterprise systems and resources.


    For enterprises who need to protect their infrastructure, CyberArk Conjur software provides proactive security with comprehensive authorization and audit for all IT applications, clouds, and services.


    Enterprise Guardian provides a comprehensive identity management platform that evaluates risk to the organization based on the type of access granted and the potential impact it could have.


    Creating a Trusted Workspace for Secure Information Sharing, Collaboration and Process Integration Across Global Networks



    Fischer is a holistic identity governance and administration platform that scales to meet each organization’s needs and delivery preference: on-premises software, manged Identity as a Service® Cloud service, or hosted cloud.


    Fox Technologies is a global security company that helps organizations centralize Linux and Unix access management across hybrid IT environments.


    Securing your domain controllers, servers and desktops is crucial to keeping Group Policy in check, but it's not always an easy task if you don't have the right tools in place. With GPOADmin, you can automate critical Group Policy management tasks, reducing your costs and eliminating time-consuming manual processes.


    
Hitachi ID Identity Manager is an integrated solution for managing identities and security entitlements across multiple systems and applications.


    HORACIUS is a comprehensive IAM system providing features such as HR systems integration, segregation of duties, incident management, IAM security event correlation and an integrated incident management workflow.


    DM365 is a unique identity and access management solution that is designed to make managing systems and governing users simple and cost-effective.


    Ivanti Identity Director powered by RES provides an attribute-based approach to identity management and access with automated provisioning, workflows, and self service.


    iWelcome provides Identity & Access Management as-a-Service (IDaaS). With iWelcome’s cloud platform, organisations manage the identity lifecycle, the profiles and the access rights of their consumers, employees & business partners in a user friendly and secure manner. Our platform and organisation are engineered to facilitate the scalability, complexity, privacy and security requirements of medium and large enterprise and government organisations. iWelcome is a 100% European company and resides in European data centres.



    NE Access provides a portal for self-service or third party delegated administration of identity lifecycle process. Non-employees and third party delegated admins can regularly validate identity relationships to ensure access is being governed effectively.


    Nervepoint Access Manager is a complete self-service password rest and account unlock tool. It empowers end users to manage their accounts by synchronize across on-premise and cloud systems. It encompasses remote management with it's own dedicated mobile app, available both on iOS and Android.


    NextLabsÂŽ, Inc. is the leading provider of policy-driven information risk management software for large enterprises. It offers a cohesive solution for improving compliance and mitigating information risk by helping companies achieve safer and more secure internal and external collaboration, and ensure proper access to applications and data.


    Omada Identity Suite provides a dynamic and adaptable yet fully integrated enterprise platform for both identity management and identity governance. Using a step-by-step approach, Omada Identity Suite provides an integrated identity governance and administration solution that includes closed loop auditing processes and advanced reporting.


    Privilege and Access Management Solution (PAM). Secure Access to Servers,Containers and Apps in 60s. Onion ID makes life easy for CISOs, CFOs, IT and DevOps. Security, Visibility and Auditing in one easy to use solution. The Next Generation of Access and Privilege Management.



    PlainID provides IAM teams with a simple and intuitive means to control their organization's entire authorization process. PlainID simplifies Authorization to one point of decision, one point of control and one point of view of every authorization level: in the cloud, mobile and on premise applications.


    Active Administrator is a complete and integrated Microsoft Active Directory (AD) management software solution that fills the administration gaps native tools leave behind. With Active Administrator, it's easier and faster than native tools to meet auditing requirements and security needs while also maintaining business continuity and increasing IT efficiency.


    Active Roles is optimized to serve the needs of both on-prem AD and Azure AD in a hybrid deployment. It offers a single console, unified workflows, and a consistent administrative experience across the entire hybrid environment. It eliminates the cumbersome, error-prone, and limited nature of using separate tools and manual processes.


    Security Explorer provides an array of security enhancements, including the ability to identify who has rights to resources across the entire organization. You can also grant, revoke, clone, modify and overwrite permissions quickly and from a central location.


    Radiant Logic spacializes in identity virtualization and develops solutions to deliver simple, logical, and standards-based access to all identity within an organization.


    Control privileged users and stop advanced persistent threats.


    SAASPASS is an Integrated Identity & Access Management Solution that provides two-factor authentication-as-a-service and secure single sign-on (SSO) for physical devices, computers and digital applications with integrations and adapters for on-premise, hybrid, custom and cloud applications.


    SAM Enterprise Identity Manager is a tool that offer a full-fledged identity access governance with integrated workflows and password management to significantly boosts the performance of corporate authorization management processes.


    A Simpler Way To Manage Identities Across Multiple Networks


    SpectraMSP PAM is purpose-built for providing Password Management Solution as a service and managing access needs of service providers to securely access customer assets from any location. Essential for implementing a sound password management strategy for your security operations, our solution can help integrate with your diverse set of technologies, automate day-to-day tasks and effectively utilize your resources on issues that matter most.


    Proactive protection for endpoints, the entry point for 85% of all data breaches. Stop malware and ransomware from exploiting applications by removing local administrative rights from endpoints.


    Thycotic Secret Server assures the protection of privileged accounts while being the fastest to deploy, easiest to use, scalable enterprise-class solution offered at a competitive price.


    Veriato Server Manager is a software creates a startup registration point in Windows, to improves security and productivity while reducing downtime.


    XTAM is a privileged account management software which includes Web based password vault with password rotation, discovery, workflow controlled access, high trust login, session and keystroke recording with instant playback, full audit trail, elevated script automation, alerting and extensive analytics. XTAM integrates with AD/LDAP, SIEM, multi factor authentication providers and ticketing systems. XTAM is an agentless, scalable solution for on premises, hybrid and cloud deployments. Free download and Free Test Drive online. https://www.xtontech.com/try-it-now/