What Is StrongDM?

What Is StrongDM?

StrongDM is a Zero Trust Privileged Access Management (PAM) platform that extends the capabilities of traditional privileged access management to support all modern infrastructure, including databases, servers, Kubernetes clusters, clouds, and web applications. StrongDM combines authentication, authorization, networking, and observability into a single platform, providing secure and auditable access for the precise amount of time that access is needed.

This guide to StrongDM covers the following topics:

• Architecture overview

• Supported infrastructure

• Key features

• Use cases

• Tutorials and reference

Architecture Overview

The StrongDM Zero Trust Privileged Access Management (PAM) platform comprises an administrative web portal called the Admin UI, a local client installed on a user’s workstation, and a node intermediary. There are also SDKs and a Terraform provider available for further automation and integration.

The Admin UI is the web interface where account administrators configure their StrongDM organization, add or provision users, assign users to roles, determine which roles provide permission to access resources (such as servers, databases, clusters, and web applications). The Admin UI is also where administrators can create context-based, fine-grained policies that further define and enforce precise permissions that ensure that users have access only to the resources and actions necessary for their roles. Configuration is pushed down to the user's client and is updated in real-time. Users may log in to the Admin UI to download the client on their machine.

The client consists of the graphical https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/users/client application and/or the StrongDM command-line interface (CLI Reference). The client tunnels requests from the user’s workstation (Linux, macOS, Windows) to gateway(s) through a single TLS 1.2-secured TCP connection. To authenticate, users log in to the client with a username and password, but administrators can also configure SSO providers to provide alternative authentication options for users.

After logging in, users can use the desktop app or CLI to connect to any resource available to them. The connection request is securely facilitated by StrongDM https://app.gitbook.com/s/F7eka9SH5TT8nJm2ZfWj/users/networking/gateways-and-relays called gateways and relays, which serve as the entry and exit points for StrongDM. Gateways decrypt credentials on behalf of end users and deconstruct requests for auditing purposes. In the case of a flat network, gateways confirm that users are authorized to access the requested resources, fetch credentials, and connect users to the resources. If internal subnets disallow ingress, relays create a reverse tunnel to form connections to gateways.

Supported Infrastructure

StrongDM works with dozens of types of resources. For a full list of supported infrastructure, please see our Resources documentation:

• Clouds

• Clusters

• https://app.gitbook.com/s/F7eka9SH5TT8nJm2ZfWj/resources/databases

• Servers

• Websites

Key Features

With StrongDM, you can grant specific individuals permission levels that enable them to administer your StrongDM organization. You can create policies that consistently implement security across all applications and infrastructure, and continuously monitor behavior and stop unsanctioned actions in real-time. You can create roles that specify what level of access users have to particular resources and provide that access without managing unique credentials for every user. You can use StrongDM to configure access workflows and integrations to automate the process of requesting access to resources and approving or denying those requests. Additionally, you can log activities taken within StrongDM, queries to resources, and more. Key features include the following:

• Policies enforcement and management to achieve security, compliance, and operational efficiency

• Automated Just-in-Time (JIT) access control for granting on-demand privileged access to resources via Access Workflows

• Configurable credential leasing, optionally backed by the secrets management tool of your choice

• Complete protocol support for SSH, RDP, Kubernetes, and many types of databases

• No additional software deployed to your resources

• Full Audit, logging, and replays of all supported protocol sessions

• Full granular RBAC support

• SSO and user/group provisioning

• Temporary credential provisioning for on-demand access grants

• API Reference with fully supported Terraform provider and SDKs in Go, Java, Python, and Ruby

• Fully configurable, encrypted Logs options

• StrongDM Help Center

Use Cases

Some common use cases for using StrongDM include the following. You can click through to go to the main site and read customer stories, case studies, or overviews of each use case:

• Utilize Just-in-Time (JIT) access for developer workflows

• Enforce policy and achieve granular control

• Manage onboarding and offboarding of employees

• Manage permission levels and role-based access

• Grant project-based vendor access

• Capture precise details of every session, query, and command with logs and live replays

• Use a VPN alternative

• Extend your IdP to manage infrastructure access

• Achieve SOC 2 compliance

• Manage Kubernetes access

Tutorials and Reference

Ready to get started with StrongDM? See StrongDM documentation for quick starts, installation guides, configuration guides, CLI command reference, API reference, and more:

• Administrators

• https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/users/client

• API Reference

• CLI Reference

• Release Notes