Privileged Access Management Software Customer Use Cases - PrivX | SSH

Privileged Access Management Software Customer Use Cases - PrivX | SSH About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers PrivX™ Benefits Customer cases Use cases Tech specs Documentation Try PrivX PrivX™ lean PAM Why do customers choose PrivX? PrivX is a great fit for businesses looking to reduce the operational friction, maintenance overhead and complexity of secure access management.

 

Who saves the most time and money with lean PAM software? Organizations transitioning IT workloads, applications and services to multi-cloud environments and/or operating in the hybrid cloud. Companies looking to decrease the numbers of credentials, privileged passwords or digital keys that they need to manage. Enterprises with in-house engineers and admins, agile DevOpsteams, outsourced software developers or IT teams. Managed Service Providers (MSP) Managed Hosting Providers (MHP) and businesses in operational technology (OT). Regulated enterprises that need to demonstrate compliance.  Case Studies PrivX Case Study Secure access for robots to critical data Find out why MOST Digital deployed PrivX to handle their robotic process automation (RPA) and secure developer access needs.

PrivX Case Study 3rd party risk mitigation in three days Learn how a network service provider in Asia deployed PrivX in just three days to keep their operations running while improving their 3rd party audit trail.

 

PrivX Case Study Streamlined access management & session monitoring Learn how a large department in the Hong Kong government replaced their outdated password sharing system, simplified access management and enhanced monitoring and auditing.

 

Customer cases Demonstrate policy compliance and accelerate daily operations for RPA Premise: MOST Digital, a Robotics-as-a-Service (RaaS) company, needed to access their clients’ critical production environment to automate their tasks.

Challenge: They relied on jump host, VPN tunneling and ad hoc processes that were difficult to manage, required time-consuming manual configurations and did not produce consistent audit trail of activities which was important for their customer.

Change: MOST Digital now uses PrivX to unify all access to a single UI, stay in sync with their Active Directory (AD) system for identities and generate reports of traffic into their clients’ environments for consistent traceability This resulted in greater operational efficiency and improved security and accurate reports for their customers.

Implement multi-cloud-scale PAM for modernized IT Premise: A stalwart telecoms is migrating to cloud. The incumbent PAM implementation was no longer the optimal solution for the hybrid IT environment.

Challenge: Limited scalability in a dynamic multi-cloud environment, problems in keeping up with the constantly changing cloud estate, limited scalability in service spikes.

Change: As new hosts are added, PrivX automatically discovers and on-boards them – and off-boards them when no longer needed – while providing oversight from a single UI. The solution’s cloud-native architecture can scale up fast without heavy investments into hardware.

Automate 3rd party and consultant access control Premise: An international mining equipment company needed their vendors to retrieve CAD drawings – their most precious IP – from their production environment.

Challenge: Admins were burdened with manually granting permission while lacking the tools to track access.

Change: The company leverages their existing IAM to on-board and off-board vendors as needed. Our solution maps the user IDs to the right roles hosted in PrivX. Any change or update to a user ID is automatically reflected in privileged roles, making granting, changing or revoking access automatic. Admins can also time-restrict 3rd party access according to the task at hand, and monitor external traffic for auditing.

Deploy PAM in three days to meet tight deadlines Premise: A network service provider in Asia wanted to control over access their system integrator who helped them design, develop, manage and maintain their wireless network solution.

Challenge: Without a PAM solution, consultants would directly log in to the customer’s virtual servers using simple user accounts and passwords – an acceptable risk. PAM would need to be installed fast, since the network solution was to be launched within a few months.

Change: PrivX was implemented in just three days to keep critical operations running. It also eliminated the risk of password sharing, since consultants no longer handled any privileged passwords or other permanent credentials. A solid audit trail fulfilled compliance and policy requirements.

PrivX adapts to various use cases Secure interactive access to servers using SSH, RDP or VNC In this example, a privileged user needs to complete a maintenance task on the target server. 

With PrivX:

the user gets just enough access to complete the task. the user can easily establish a SSH (Secure Shell), RDP (Remote Desktop Protocol) or VNC (Virtual Network Computing) connection to targets using a browser. User accounts on the target can be shared or personal. Connections are established with one click via SSO from an up-to-date list of resources in PrivX. If needed, native clients can be used. There are no secrets to remember or handle. Protect interactive access to web applications (HTTPS) Examples of web applications include IT tools, like AWS management console, portals for managing network devices and also the company’s systems for e.g. social media, human resources or finance.

In PrivX, users can easily make connections to web services from a list of available targets. The list is always up-to-date based on the user’s role. Passwords are stored in PrivX so users never handle them or need to remember them. 

The admin has full visibility into who made connections to which targets, even if shared accounts are being used. The user’s access rights are automatically revoked if their role changes.

Interactive access session auditing for forensics IT admins need to make sure that only authorized (privileged) users can access targets.

PrivX employs role-based access controls (RBAC). With integration to IDM/IAM systems it is possible to automate the joiners, movers and leavers process so that users have access only to their available resources at a given time. They are granted access just-in-time (JIT) and and only get just-enough-access (JEA) to get the job done.

Administrators get full visibility into who accessed which target even if shared accounts are being used.

User access rights are automatically revoked if their role changes. Sessions can be recorded for further analysis. Audit events can be sent to external systems, like SIEMs (Security information and event management systems) to provide a 360-degree view of activities.

Secure and audited machine-to-machine access Machine-to-Machine (M2M) or Application-to-Application (A2A) access can also be secured with PrivX.

For SSH access, SSH client hosts authenticate to the PrivX bastion using SSH public key authentication or by using pre-configured PrivX-specific credentials. The connection from the PrivX bastion to the target host can be authenticated using any supported authentication method.

Since the connection goes through the PrivX bastion, it is audited, and the trace of connections and file transfers is retained in PrivX logs.

Regardless of the authentication method clients use to authenticate to the PrivX bastion or the bastion uses to authenticate to the target host, the client host never acquires credentials to directly access the target host.

For any other machine-to-machine use cases, PrivX provides a Secrets Vault that can store access credentials. The Vault is accessible through a REST API and PrivX provides a command line interface (CLI) client, as well as Golang and Python SDKs (software development kit), for storing and retrieving these secrets.

Learn more about PrivX Secrets Vault here>>>

PrivX Secrets Vault for secrets management We always encourage customers to use just-in-time and  ephemeral certificate-based authentication. For systems that cannot be configured for certificate access, PrivX provides a Vault API and a Vault UI for storing and retrieving secrets. 

PrivX comes with a CLI client, as well as Golang and Python SDKs, for storing and retrieving secrets. The privileges to access and modify stored secrets are granted via PrivX roles.

PrivX supports storing any kind of secrets encapsulated in JSON (JavaScript Object Notation) format. You can also use ready-made templates that allow PrivX to be used as a shared and collaborative password manager through the UI. 

Learn more about PrivX Secrets Vault here>>>

Key-less Gitlab and GitHub access for DevOps As repository access to Gitlab and GitHub is made over SSH, developers traditionally have to upload their SSH public keys to the service and authenticate their Git actions against the repositories using an SSH private key.

With PrivX, those connections can be configured to use ephemeral certificates. This means that developers authenticate to PrivX using their company credentials and, if context restrictions such as location and time are met, they get mapped to a role that enables repository access. When a developer opens a connection to the repository, PrivX issues an ephemeral certificate containing the access secrets needed to authenticate the connection. The developer does not handle or see any keys or secrets during this process.

You no longer have developer-owned private keys in unknown locations!

See PrivX for yourself Start the browser-based PrivX Test Drive right now or get in touch about an enterprise demo or POC.   Customer quotes  

It took us four hours to set up the test environment from start to finish. And the amazing part was when we connected to Azure, we could retrieve all the VMs right away without any kinds of hassle.”

Sami Säisä, Director, Head of Strategic Development, MOST Digital

PrivX makes life easier.”

IT manager at a large industrial equipment company

SSH IS TRUSTED BY MORE THAN 5000 LEADING COMPANIES WORLDWIDE PrivX customer story How to achieve a great TCO with secure access A specialist partner company deployed both our PrivX solution and a traditional PAM for comparison at a customer site. They made observations from the client perspective about PrivX Total Cost of Ownership (TCO) benefits.

Lean software functionality No client/host agents No Remote Desktop Protocol (RDP) licenses required (built into browser access) Low platform (HW) & license pricing 3-5x lower platform costs Cost savings: Log and storage requirements, native storage, (Security Information and Event Management) SIEM integration Fast roll-out 2-3x faster roll-out Cost savings: Installation, configuration, onboarding, feature adjustments, access to network devices/IIoT Great user productivity Speed of access (one click) vs. fetching passwords from a vault interface No need to remember or search for target host names/accounts Minimal maintenance resources 2x lower resources Cost savings through minimal need for: Dedicated PAM personnel, training, keeping the environment up to date and "patching" CAPEX replaced by small OPEX No special internal resources/ capabilities required, no extra platform costs, easy and quick to deploy, no long commitment PrivX technologies PrivX is built on modern microservices architecture, uses just-in-time ephemeral certificates and takes advantage of many cloud-native tools.  

SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal