Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated vaults. Access to privileged accounts may be disclosed:
• To IT staff, after they have authenticated and their requests have been authorized.
• To applications, replacing embedded passwords.
• To Windows workstations and servers, which need them to start services.
Password changes and access disclosure are closely controlled and audited, to satisfy policy and regulatory requirements.