Data Access Management
Simplify Your Access Management
Provision and manage access to all your data endpoints from any user, application, tool or service using your existing IAM tools. Cyral helps organizations simplify access management and embrace Zero Trust, without impacting user experience.
Individual accounts are hard to manage at scale across data endpoints, many of which don’t support SSO protocols like SAML and OIDC. As a result, they are accessed using shared accounts.
- Ad hoc access provisioning
- Shared accounts and passwords
- Lack of visibility and compliance controls
Cyral transparently intercepts requests to all data endpoints, and authenticates users with existing identity providers. Sessions that use service accounts are enriched with end user identity.
- Centralized and automated provisioning
- Unique credentials and password rotation
- Complete visibility and simple compliance controls
Easy to Set Up
Quickly and easily enable users to access data endpoints without having to manage passwords. Provision, delete, and reassign user access using groups defined in the Identity Provider of your choice.
Handle access for both web and client-based tools and applications. Enrich all activity data with user identity information, and apply access control policies uniformly, across all service accounts.
Leverage existing messaging and ticketing tools to enable ephemeral grants to users. Dynamically provision and manage access to privileged accounts needed for maintenance or troubleshooting.
A directory is a database of user information, such as their username, password (stored securely), fullname, and organizational groups to which they belong. It may be accessed either directly by a service or through an Identity Provider.
An identity provider (IdP) authenticates a user and provides identity and access tokens for accessing other services. It uses SAML and OIDC protocols to interact with clients and is backed by a directory service storing user information.
Identity Provider Federation Services delegates authentication to one or more Identity Providers.
A multi factor authentication (MFA) provider adds additional identity checks by requiring users to respond to a one-time password, an ephemeral token, or a push notification to an authorized device.
A secrets manager provides secure storage for sensitive passwords or credentials. Secrets managers often also have the ability to automatically rotate the passwords at periodic intervals.
A secrets broker delegates storage to an external secrets manager and interacts with it on behalf of a client.
Ephemeral Credentials Manager
An ephemeral credentials manager issues short lived passwords for connecting to a service, thus obviating the need to store and rotate credentials.