How strongDM Works

How strongDM Works

Client on the user’s workstation listens on dedicated localhost ports then tunnels all queries, ssh & RDP commands through a single TLS 1.2 secured TCP connection to the proxy.


Gateway decrypts, logs, and conveys all requests to the database or server using its native protocol.


strongDM logs consist of four components:

  • Database queries
  • SSH captures
  • Windows Remote Desktop captures
  • Web UI activities
Target Systems

If the gateway cannot communicate directly with the target database or server, a relay can create a reverse tunnel that permits ingress into secured networks where inbound traffic is not allowed.

Screen Shot 2019-04-30 at 8.23.20 PM

Yes, we support your stack.

With turn-key integrations, strongDM seamlessly supports the entire DevOps stack:

  • Identity providers
  • Automation tools
  • Log Aggregators
  • Every Database Type
  • Linux & Windows Servers

Streamline Staff Onboarding

Extend your SSO to manage access to databases and servers in addition to apps. Provision a user once and they automatically inherit the appropriate permissions based on their role.

  • Less work for DevOps
  • Fewer delays for new hires
  • Complete audit trail of everyones’ permissions
SSO authentication using strongDM

Secure Staff Offboarding

Suspend once in your SSO and instantly revoke access to every database and server. No rooting around for individual ssh keys or database credentials.

  • Eliminate manual checklists
  • Be confident nothing slips through the cracks
  • Audit trail of when, where & who revoked access

Temporary Access That Expires

Easily request & receive temporary access without provisioning new database credentials or ssh keys.

  • Eliminate delays during bug fixes or incidents
  • Request access in Slack through our chatbot
  • Audit trail of every permission change
strongDM Queries Admin Screen

Upgrade Audit Logs

It’s not enough to know a session happened. If you can’t tell what someone did, there’s no way to tell how much damage was done.  strongDM’s log include:

  • When & who changed staff’s permissions
  • Who issued each query, ssh & RDP command
  • Complete coverage across any database, server or environment

“The effort to achieve SOC 2 without strongDM would have been monumental.”


Michael DaSilva

Manager Information Security, Yext

Ready to get started?

Start a free trial to connect and secure your first database, server or K8s.