SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
Map PrivX roles to a user group in your ID management system, and automatically sync to maintain identities and role memberships.
Microsoft AD, Azure AD via Graph API, Google G Suite, LDAP and OpenID Connect providers such as AWS Cognito, Okta, Ubisecure.
Single-Sign-On (SSO) with MFA using TOTP authenticators.
Auto-manage role membership by mapping user groups in directory services to PrivX roles.
Built-in multi-step approval workflow for PrivX local users.
Floating and time-based role membership to provision temporary access.
Enable just-in-time access to your entire multi-cloud and on-prem server estate in real-time from a single console.
Automatically scan and add tagged cloud hosts from AWS, Google Cloud, OpenStack, Azure.
Connect to your virtual private cloud (VPC) using PrivX Extender (reverse proxy).
Automate and orchestrate the target host configuration and deployment with modern automated deployment tools like Chef and Ansible.
Securely connect to your critical infrastructure over a broad array of protocols.
Connect to Windows and Unix/Linux servers, network devices and web applications.
Support for SSH, RDP, HTTP(S) and SFTP protocols.
Use modern browsers to connect to target systems or
Continue using native SSH/RDP client applications.
Ephemeral certificate-based authentication using OpenSSH certificates and Windows Virtual Smart Card for SSH & RDP connections.
Public-key authentication for SSH connections.
Password-based authentication for all connections.
Reliably meet current and emerging compliance mandates with an agentless, privileged access monitoring solution.
Record privileged user activity on critical systems.
Monitor ongoing privileged connections, including files transferred.
Control SSH/RDP channels to restrict available functionality.
Terminate a connection when needed.
Store recordings on an external NFS.
Schedule cleanup of old recordings.
Video playback of recorded privileged user sessions.
Free-text search into SSH session transcripts.
View audit events with connection details.
Forward audit logs and events to Splunk, IBM Qradar, AWS CloudWatch or Azure Event Hub.
Support for CEF & rsyslog formats.
Achieve NIST-800-63B Authenticator Assurance Level 2 (AAL2) and NIST-800-63C Federation Assurance Level 3 (FAL3).
Secure TLS communication between directory services and PrivX.
Information stored in the PrivX vault encrypted with AES128 or AES256 GCM algorithms.
Tamper-proof audit trails with three-tiered security on session recordings.
Store PrivX secrets in hardware security modules (HSMs) for hardened security.
PrivX supports custom integrations to external systems through REST APIs. The APIs are divided into subject matters such as role, host, user and workflow management in accordance with the microservice in PrivX system offering the capability.
PrivX consists of a core server component and three optional components. They are distributed as an RPM package via the official SSH Product repository.
Provides PrivX services, such as the PrivX GUI and certificate-based authentication services.
Relays host connections, allowing connections to target hosts that are inaccessible from PrivX servers.
Together, they enable connecting to HTTP/HTTPS services and web applications.
4 GB RAM, 2-core CPU, and 15 GB storage for < 10k users
8 GB RAM, 8-core CPU, and 100 GB storage for < 100k users
Red Hat Enterprise Linux 7.4 or later 7.x version (x86-64)
CentOS 7.4 or later 7.x version (x86-64)
Local or external PostgreSQL and Redis
Supported OpenSSH versions for target-host authentication
OpenSSH 6.9 or later for certificate-based authentication
OpenSSH 5.6 or later for all other authentication methods
Latest versions of Firefox, Chrome, Safari, Edge, IE11
For a detailed list of pre-requisites and system requirements, please refer to the Admin Manual.
PrivX can be installed in standard or highly-available mode in the environment of your choice.
Please refer to our Knowledge Base for detailed instructions.