What Is StrongDM? A Comprehensive Guide
Last modified on June 30, 2023
What Is StrongDM?
StrongDM is a Dynamic Access Management (DAM) platform provided as Software as a Service (SaaS). DAM extends the capabilities of traditional privileged access management (PAM) to support all modern infrastructure, including databases, servers, Kubernetes clusters, clouds, and web applications. StrongDM combines authentication, authorization, networking, and observability into a single platform, providing secure and auditable access for the precise amount of time that access is needed.
This guide to StrongDM covers the following topics:
- Architecture overview
- Supported infrastructure
- Key features
- Use cases
- Tutorials and reference
The StrongDM DAM platform comprises an administrative web portal called the Admin UI, a local client installed on a user’s workstation, and a node intermediary.
The Admin UI (https://app.strongdm.com/) is where account administrators configure their organization’s StrongDM DAM platform, add or provision users, assign users to roles, and determine which roles provide permission to access resources such as servers, databases, clusters, and web applications. Configuration is pushed down to the user’s client and is updated in real-time. Users may log in to the Admin UI to download the client on their machine.
The client consists of the graphical StrongDM Desktop application and/or the StrongDM command-line interface (CLI). The client tunnels requests from the user’s workstation (Linux, macOS, Windows) to gateway(s) through a single TLS 1.2-secured TCP connection. To authenticate, users log in to the client with the option to be redirected to an identity provider or single sign on (SSO).
After logging in, users can use the desktop app or CLI to connect to any resource available to them. The connection request is securely facilitated by StrongDM nodes called gateways and relays, which serve as the entry and exit points for StrongDM. Gateways decrypt credentials on behalf of end users and deconstruct requests for auditing purposes. In the case of a flat network, gateways confirm that users are authorized to access the requested resources, fetch credentials, and connect users to the resources. If internal subnets disallow ingress, relays create a reverse tunnel to form connections to gateways.
StrongDM works with everything in your stack. For a full list of supported infrastructure resources, please see our resource documentation:
With StrongDM, you can grant specific individuals permission levels that enable them to administer your StrongDM organization. You can create roles that specify what level of access members have to particular resources and provide that access without managing unique credentials for every user. Additionally, you can log StrongDM activities, queries to resources, and more. Key features include the following:
- Configurable credential leasing backed by credential vault
- Complete protocol support for SSH, RDP, Kubernetes, and database workflow
- No additional software deployed to your resources
- Full auditing capabilities, logging, and replays of all supported protocol sessions
- Full granular RBAC support
- Native SSO integrations and user/group provisioning
- Temporary credential provisioning for on-demand access grants
- gRPC API with fully supported Terraform provider and SDKs in Go, Java, Python, and Ruby
- Fully configurable, encrypted log storage
- StrongDM Support Portal
Some common use cases for using StrongDM include the following. You can click through to go to the main site and read customer stories, case studies, or overviews of each use case:
- Manage onboarding and offboarding of employees
- Manage permission levels and role-based access
- Grant project-based vendor access
- Capture precise details of every session, query, and command with logs and live replays
- Utilize just-in-time (JIT) access for developer workflows
- Use a VPN alternative
- Extend your IdP to manage infrastructure access
- Achieve SOC 2 compliance
- Manage Kubernetes access
Tutorials and Reference
Ready to get started with StrongDM? See StrongDM documentation for quick starts, installation guides, configuration guides, CLI command reference, API reference, and more: