What Is StrongDM? A Comprehensive Guide

Last modified on December 11, 2023

What Is StrongDM?

StrongDM is a Dynamic Access Management (DAM) platform that extends the capabilities of traditional privileged access management (PAM) to support all modern infrastructure, including databases, servers, Kubernetes clusters, clouds, and web applications. StrongDM combines authentication, authorization, networking, and observability into a single platform, providing secure and auditable access for the precise amount of time that access is needed

This guide to StrongDM covers the following topics:

  • Architecture overview
  • Supported infrastructure
  • Key features
  • Use cases
  • Tutorials and reference

Architecture Overview

The StrongDM DAM platform comprises an administrative web portal called the Admin UI, a local client installed on a user’s workstation, and a node intermediary. There are also SDKs and a Terraform provider available for further automation and integration.

The Admin UI (https://app.strongdm.com/) is where account administrators configure their StrongDM organization, add or provision users, assign users to roles, and determine which roles provide permission to access resources such as servers, databases, clusters, and web applications. Configuration is pushed down to the user’s client and is updated in real-time. Users may log in to the Admin UI to download the client on their machine.

The client consists of the graphical StrongDM Desktop application and/or the StrongDM command-line interface (CLI). The client tunnels requests from the user’s workstation (Linux, macOS, Windows) to gateway(s) through a single TLS 1.2-secured TCP connection. To authenticate, users log in to the client with a username and password, but administrators can also configure SSO providers to provide alternative authentication options for users.

After logging in, users can use the desktop app or CLI to connect to any resource available to them. The connection request is securely facilitated by StrongDM nodes called gateways and relays, which serve as the entry and exit points for StrongDM. Gateways decrypt credentials on behalf of end users and deconstruct requests for auditing purposes. In the case of a flat network, gateways confirm that users are authorized to access the requested resources, fetch credentials, and connect users to the resources. If internal subnets disallow ingress, relays create a reverse tunnel to form connections to gateways.

Supported Infrastructure

StrongDM works with dozens of types of resources. For a full list of supported infrastructure, please see our resource documentation:

Key Features

With StrongDM, you can grant specific individuals permission levels that enable them to administer your StrongDM organization. You can create roles that specify what level of access users have to particular resources and provide that access without managing unique credentials for every user. Additionally, you can log activities taken within StrongDM, queries to resources, and more. Key features include the following:

  • Configurable credential leasing, optionally backed by the secrets management tool of your choice
  • Complete protocol support for SSH, RDP, Kubernetes, and many types of databases
  • No additional software deployed to your resources
  • Full auditing capabilities, logging, and replays of all supported protocol sessions
  • Full granular RBAC support
  • Native SSO integrations and user/group provisioning
  • Temporary credential provisioning for on-demand access grants
  • gRPC API with fully supported Terraform provider and SDKs in Go, Java, Python, and Ruby
  • Fully configurable, encrypted log storage options
  • StrongDM Support Portal

Use Cases

Some common use cases for using StrongDM include the following. You can click through to go to the main site and read customer stories, case studies, or overviews of each use case:

Tutorials and Reference

Ready to get started with StrongDM? See StrongDM documentation for quick starts, installation guides, configuration guides, CLI command reference, API reference, and more: