MFA for PAM (Privileged Access Management)


Why you need MFA for Privileged Access Management


Privileged Access Management (PAM) is a key component of modern IT systems. PAM protects your most sensitive assets (administrative accounts) against privilege elevation. If there’s only one component in your entire IT that you want to protect against account take-over, this is definitely PAM.
As a domain administrator or a security professional, you have two options: ask your colleagues to change their passwords very often and to use complex passwords such as d0*#g17!bk or use a frictionless MFA solution adding a layer of security that defeats anyone trying to access PAM and compromise your systems, even if they know the admin password.

With MFA, passwords can be much simpler, without risk. Guess which option your colleagues prefer, and which one you can realistically expect them to use.

Which PAM vendors are supported by inWebo MFA?

Over the years, our partners and our customers have implemented inWebo 2-factor solutions with PAM solutions including CyberArk, Wallix, Balabit, and probably many more since our SAML 2.0, radius, and web services connectors work out-of-the-box.

inWebo MFA for PAM

The user (here, the administrator) signing in to a PAM system will be challenged to authenticate against inWebo. This can be an extra step after having authenticated against, for example, your Active Directory. Or this can be a single-step yet multi-factor authentication entirely delegated to inWebo. From a user perspective, this means confirming the access request from a smartphone App or desktop client (such as inWebo Authenticator), or even from a web browser, making the whole process frictionless (see inWebo 2FA options for more details).

How to implement MFA for PAM

It’s quite straightforward:

  • First, create an inWebo account for your organization (you can start below).
  • Then, configure both this account and your PAM to trust each other. There are several options here, depending on your PAM product. Alternatively, if you still want administrators to authenticate against AD as a first step, you can implement inWebo LDAP proxy to add a secondary authentication – this can be done with very limited impact on your infrastructure and in particular on the PAM.
  • Finally, adjust the authentication policies and user on-boarding rules from the inWebo administration console.

There’s no server to install and configure, therefore you will save 2 days for other projects. Also, please note that our pre-sales and support engineers are here to help if you face any difficulty.

Now, what?

It’s your turn. You may

  • Sign up for free for a basic account (10 user licences) and start implement inWebo MFA for your PAM. You’ll be able to upgrade this account at any time to get more licences or options. Nothing to lose but an item on your to-do-list.
  • Evaluate inWebo for free and without commitment for 30 days. This sounds like the procrastinator package but actually MFA is a serious topic and no one will blame you for taking your time to make sure that inWebo is the right fit. Note that we have project management, consulting, and integration partners trained in our solutions whom you can ask for an evaluation and a PoC.
  • Request a customized demo. We’ll be happy to show and explain the basics of our solution and answer your questions.