<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Struggling to implement least privilege in your organization? Join StrongDM featuring Forrester for this upcoming webinar. Register now!

How It Works

StrongDM is a proxy that manages and audits access to databases, servers, clusters, and web apps. The StrongDM network is comprised of a local client, gateway intermediary, and configuration layer.

How StrongDM manages and audits access to databases, servers, clusters and web apps
StrongDM local client infrastructure access list

The Local Client

The local client tunnels requests from the user’s workstation to the gateway, through a single TLS 1.2-secured TCP connection. StrongDM supports Mac, Windows, and Linux workstations.

To authenticate, users login to the local client; that call can be optionally redirected to your identity provider or SSO.

The local client consists of both graphical and command-line interfaces.

The Gateway

Gateways are the entry point to your network. They can be deployed with a DNS entry, sit privately on the corporate network, and/or behind a VPN.

In the case of a flat network, it is the gateway that talks to the target systems. If internal subnets disallow ingress, relays create a reverse tunnel to form connections to the gateway. All data routes through your network.

Gateways decrypt credentials on behalf of end users, and deconstruct requests for the purposes of auditing.

Gateways and relays are deployed in pairs, and scale horizontally.

Configuration Layer

The Admin UI houses configuration. Users are assigned to roles, and roles are collections of permissions across servers, databases, clusters, and web apps. Configuration is pushed down to the end user's local client, and updated in real-time.

Trusted by:

Seismic logo
SoFi logo
MoEngage logo
SentinelOne logo
Dashlane logo
Matic logo
StrongDM app UI showing available infrastructure resources
Connect your first server or database, without any agents, in 5 minutes.