Enterprise Random Password Manager™ (ERPM) provides Windows PowerShell® extensions for privileged identity management.
This capability is designed for large cloud service providers and other enterprises operating in a multi-tenant, fully automated provisioning environment. With the ERPM-PowerShell integration, privileged identity management can be fully automated to help service providers deliver a scalable and secure cloud.
Challenges of Privileged Account Management in Large Environments
Cloud service providers and other large enterprises generate enormous quantities of mismanaged certificates, user identities, privileged identities and application identities. All of these have lifecycles of creation, require regular password changes, and must have audited disclosure and disposal.
In order to meet regulatory compliance mandates and achieve security best practices, organizations must be able to verify proper security and management of privileged identities throughout the network. Due to the tremendous scale and complexity of managing so many dynamic privileged accounts, many companies fail their regulatory compliance audits or suffer data breaches.
The ERPM-PowerShell Solution
With the ERPM-PowerShell integration, Lieberman Software is providing a platform for the full automation and programmatic orchestration of privileged assets and their usage. It orchestrates:
- Cross-Platform Machine Lists for Discovery
- Privileged Account List Management
- Discovery and Change Job Management
- Secure File Upload/Download/Update/Delete
- ACL Delegation Management of Authorization Scope
- Identity Management of Recognized Accounts/Groups for Delegation
- Audit Log, and more
Orchestration is applied through a Windows PowerShell script to add new machines to the domain using temporary domain admin accounts.
The operations supported by the Power Shell interface include:
- Request password randomization of accounts on sets of machines via an API call
- Request time limited credentials for a specific machine and identity on a machine via the API
- Escalate a known user to be member of Administrators group on specific machine for limited time via the API
- Using the API, upload and secure a certificate and matching certificate password
- Retrieve a certificate in a secure and auditable manner programmatically or via web interface
The calls can be made from any System Center product using PowerShell and may be used within System Center Orchestrator.
Want to learn more? Contact an account manager today.