What Is StrongDM? A Comprehensive Guide
Last modified on October 2, 2024
What Is StrongDM?
StrongDM is a Zero Trust Privileged Access Management (PAM) platform that extends the capabilities of traditional privileged access management to support all modern infrastructure, including databases, servers, Kubernetes clusters, clouds, and web applications. StrongDM combines authentication, authorization, networking, and observability into a single platform, providing secure and auditable access for the precise amount of time that access is needed.
This guide to StrongDM covers the following topics:
- Architecture overview
- Supported infrastructure
- Key features
- Use cases
- Tutorials and reference
Architecture Overview
The StrongDM Zero Trust Privileged Access Management (PAM) platform comprises an administrative web portal called the Admin UI, a local client installed on a user’s workstation, and a node intermediary. There are also SDKs and a Terraform provider available for further automation and integration.
The Admin UI (https://app.strongdm.com/) is where account administrators configure their StrongDM organization, add or provision users, assign users to roles, and determine which roles provide permission to access resources such as servers, databases, clusters, and web applications. Configuration is pushed down to the user’s client and is updated in real-time. Users may log in to the Admin UI to download the client on their machine.
The client consists of the graphical StrongDM Desktop application and/or the StrongDM command-line interface (CLI). The client tunnels requests from the user’s workstation (Linux, macOS, Windows) to gateway(s) through a single TLS 1.2-secured TCP connection. To authenticate, users log in to the client with a username and password, but administrators can also configure SSO providers to provide alternative authentication options for users.
After logging in, users can use the desktop app or CLI to connect to any resource available to them. The connection request is securely facilitated by StrongDM nodes called gateways and relays, which serve as the entry and exit points for StrongDM. Gateways decrypt credentials on behalf of end users and deconstruct requests for auditing purposes. In the case of a flat network, gateways confirm that users are authorized to access the requested resources, fetch credentials, and connect users to the resources. If internal subnets disallow ingress, relays create a reverse tunnel to form connections to gateways.
Supported Infrastructure
StrongDM works with dozens of types of resources. For a full list of supported infrastructure, please see our resource documentation:
Key Features
With StrongDM, you can grant specific individuals permission levels that enable them to administer your StrongDM organization. You can create roles that specify what level of access users have to particular resources and provide that access without managing unique credentials for every user. Additionally, you can log activities taken within StrongDM, queries to resources, and more. Key features include the following:
- Configurable credential leasing, optionally backed by the secrets management tool of your choice
- Complete protocol support for SSH, RDP, Kubernetes, and many types of databases
- No additional software deployed to your resources
- Full auditing capabilities, logging, and replays of all supported protocol sessions
- Full granular RBAC support
- Native SSO integrations and user/group provisioning
- Temporary credential provisioning for on-demand access grants
- gRPC API with fully supported Terraform provider and SDKs in Go, Java, Python, and Ruby
- Fully configurable, encrypted log storage options
- StrongDM Support Portal
Use Cases
Some common use cases for using StrongDM include the following. You can click through to go to the main site and read customer stories, case studies, or overviews of each use case:
- Manage onboarding and offboarding of employees
- Manage permission levels and role-based access
- Grant project-based vendor access
- Capture precise details of every session, query, and command with logs and live replays
- Utilize just-in-time (JIT) access for developer workflows
- Use a VPN alternative
- Extend your IdP to manage infrastructure access
- Achieve SOC 2 compliance
- Manage Kubernetes access
Tutorials and Reference
Ready to get started with StrongDM? See StrongDM documentation for quick starts, installation guides, configuration guides, CLI command reference, API reference, and more: