Access

StrongDM provides a variety of ways to control the management of your StrongDM organization as well as access to resources within your infrastructure.

Permission Levels

Permission levels provide access users to perform administrative functions inside of your StrongDM organization. Particular users can be designated as Administrators or other permission levels, and gain the ability to manage users, roles, workflows, policies, resources, and other aspects of your StrongDM network.

Roles

Roles are collection of access rules that can grant access to specific resources, or to resources that meet the conditions of dynamic access rules, such as resources with a particular tag.

Policies

Policies can be used to provide more fine grained control over user actions against resources. Policies might restrict access to a particular Postgres command, or require users connecting to a resource from a particular region to complete an MFA challenge prior to doing so.

• Policies

• Policy Creation

• Policy Taxonomy

• Policy Use Cases

Access Workflows

Access workflows facilitate Just-in-Time (JIT) access. Users make requests for access to resources that appear in their catalog. The availability of resources in each user's catalog is dictated by roles that are set in the workflows. Once a request is made, an approver can then approve or deny access for particular lengths of time. Requests can be made through the Admin UI or CLI, or through our Integration With Slack or our Integration with Teams.

Approval Workflows

Approval workflows are separate mechanism that powers the approval portion of access workflows, and also provide the ability to request further approvals contextually with policy. Approval workflows can be run inside of StrongDM, using manual approvals or automatic approvals, but they can also be run using our Integration with Jira or our Integration with ServiceNow.

Secret Stores

Secret stores can be used to store credentials that allow user traffic to be authenticated to resources. Resources can be configured with a path to a credential, rather than with the value of the credential itself, allowing the credentials to be centrally managed in the secret store provider. StrongDM Vault has a secret store available, and there are many supported third-party providers as well.

Certificate Authorities

Certificate Authorities allow users to be authenticated to your organization’s SSH and RDP resources with trusted certificates. Using certificate authentication eliminates the need to manage unique key pairs for each of your servers. When managing your resources in StrongDM, you can use the Strong CA, StrongDM's certificate authority that is automatically assigned to every organization. Alternatively, you can use any supported third-party CA option that you prefer (if the Enterprise plan is enabled for your organization).