機能: Keeper Privileged Cloud

Eliminate standing privilege with Just-in-Time (JIT) access

Enforce Zero Standing Privilege (ZSP) across AWS, Microsoft Entra ID, Google Cloud, Okta and Active Directory. Keeper Privileged Cloud grants elevated access only when needed, for an approved duration and under defined workflow controls.

デモをリクエストする

Keeper interface showing a privileged AWS access record with temporary elevated permissions and a Remote Browser Isolation launch option, enabling secure, isolated access to an AWS environment without exposing credentials or endpoints.

How Privileged Cloud works

Keeper Privileged Cloud extends KeeperPAM®'s JIT access framework to deliver time-limited privilege elevation across Identity Providers (IdPs) and federated applications.

Checkbox option enabled to elevate privileges when launching a session, illustrating just-in-time access and temporary privilege escalation for secure administrative tasks.

1. Configure access policies

Set approval requirements, access duration and elevation targets on a PAM Cloud record using JIT and Workflow settings. This controls how privileged access requests are approved and managed.

AWS Compliance PAM Cloud record displayed in Keeper with a Share button, representing a cloud access resource that can be securely shared with authorized users.

2. Share the record

Once an authorized user has an account in both the IdP and your Keeper tenant, share the PAM Cloud record so they can request elevated access as needed.

Restricted access prompt in Keeper displaying a 'Request Access' button, allowing users to request approval for privileged access.

3. Review and approve requests

A user can submit requests from the Keeper Vault or Commander. Designated approvers receive real-time notifications and can approve or deny access from any Keeper client, including the mobile app.

Green status badge showing 'Access Granted' with a 24-hour expiration timer, indicating temporary privileged access has been approved for a protected resource.

4. Grant and revoke privileged access automatically

After approval, the Keeper Gateway performs the privilege elevation on the IdP or resource, adds the user to the configured group and automatically revokes access when the approved window expires.

Reduce your attack surface with Keeper Privileged Cloud

Keeper Just-in-Time (JIT) access settings showing temporary privilege elevation during a session, with a designated access group and a one-hour expiration period for elevated permissions.

Eliminate standing privilege

Replace standing access with time-limited privilege elevation. Users get privileged access only when approved and only for as long as the task requires.

Enforce controlled access workflows

Require approvals, justifications and ticket numbers before access is granted. Every request is documented and auditable.

Access request form requiring approval before granting privileged access, with fields for an approval reason and ticket number, plus options to submit or cancel the request.

List of supported identity and cloud platforms, including AWS, Azure, Domain Controller, Google Cloud and Okta, representing environments where privileged access and JIT access controls can be applied.

Work with your existing identity providers

Extend JIT access across AWS IAM, Microsoft Entra ID, GCP through Google Identity, Okta and Active Directory. Grant and revoke access through your existing infrastructure without disrupting authentication.

Secure access to cloud resources

Apply the same privilege elevation framework to cloud resources, databases and machines via PAM Cloud, PAM Database and PAM Machine records.

KeeperPAM settings screen for a cloud application, showing an AWS PAM Gateway configuration and a Just-in-Time (JIT) access tab used to provide temporary role elevation during privileged sessions.

Keeper PAM Machine record showing temporary privileged access with elevation to Domain Admins and a one-hour access window, alongside a Remote Browser Isolation launch option for secure access to a protected resource.

Launch secure browser-based sessions

Reach cloud consoles and web applications through Keeper's Remote Browser Isolation (RBI), reducing credential exposure.

Maintain full visibility into access

Track who requested access, who approved it, why it was granted and when it expired. Detailed audit trails support both governance and compliance.

Audit log showing privileged activity, including access requests, approvals, temporary role elevations and automatic access revocations. Each entry includes the date, user and action performed, providing visibility into privileged access governance and compliance.

What you can do with Privileged Cloud

Achieve zero standing privilege

Remove permanent admin access and grant privileges only when they're requested, approved and necessary.

Enhance governance and compliance

Create a documented approval process with required justification, ticket tracking and complete auditability.

Secure cloud administration

Provide time-limited access to cloud consoles, infrastructure, databases and federated applications.

Streamline access requests

Enable self-service access requests, mobile approvals and automatic revocation to reduce operational overhead.

Control privileged access across every identity provider with Keeper

デモをリクエストする

よくある質問

What is Zero Standing Privilege (ZSP)?

Zero Standing Privilege (ZSP) is a security model in which users do not have permanent privileged access. Keeper Privileged Cloud achieves ZSP by granting access only when approved and automatically revoking it when the approved session ends.

Which IdPs does Privileged Cloud support?

Keeper Privileged Cloud supports AWS IAM, Microsoft Entra ID, GCP through Google Identity, Okta and Active Directory. Applications that federate access and authorization through these platforms can also leverage Privileged Cloud for access control.

How do users access resources after approval?

Once approved, users can launch resources directly through Keeper's RBI or authenticate through their existing workflows, such as the AWS access portal, AWS CLI or Terraform.

What happens when privileged access expires?

KeeperPAM automatically revokes privileged access when the approved access window ends, returning users to zero standing privilege without manual intervention.