StrongDM: The Dynamic Access Management Platform

StrongDM  eliminates our weekend outages by providing reliable infrastructure access and improving our user experience. Our engineers can use their preferred SQL clients like MySQL  Workbench  and MS-SQL. The platform simplifies our compliance by providing detailed session logs and query capture to SOC 2 and ISO 27001 audits, enabling seamless migration and allowing engineers to connect directly to internal resources without exposing the entire network or using cumbersome VPN.

StrongDM  offers just-in-time access by automatically granting users temporary or time-bound access to privileged systems and revoking it when the task is complete, enforcing the principle of least privilege. StrongDM replaces our legacy PAM solution with a modern, lightweight platform that simplifies access management, enhances the user experience, and ensures robust security. It enables role-based access control, automates our workflows, eliminates the need for old license rotations, captures every query and keystroke, and ensures compliance following standard frameworks like SOC 2 and ISO 27001. Furthermore, it features an agentless architecture that supports users' preferred tools, reduces friction, and boosts productivity. It also enables centralized multi-cloud access, accelerates growth, eliminates VPN pain with zero-trust security, and secures and streamlines our database access.

StrongDM provides just-in-time access by automatically granting users temporary or time-bound access; for example, if someone wants to use it for four hours or eight hours, it will specify that to the privileged system and revoke access when the task is complete. Another great feature is total session visibility, as StrongDM acts as a protocol-aware proxy that captures every query, keystroke, and server interaction, creating a comprehensive audit trail required for standard frameworks like SOC 2 and HIPAA. StrongDM eliminates credential sprawl by separating end-user authentication, typically via SSO , from the database's native credentials, so users never need to know or manage raw passwords.

By adopting StrongDM, we have achieved benefits such as eliminating our weekend outages, streamlining ongoing on-call workflows, enabling seamless migration with POC transitions directly into production with minimal effort, allowing our engineers to use their preferred SQL clients like MySQL , PostgreSQL , and Workbench , and facilitating compliance through detailed session logs and query capture for SOC 2 and ISO audits.

StrongDM connects a user to a database or server, but once the session is established, it treats the runtime as a black box and cannot natively enforce fine-grained or attribute-based access control, such as restricting raw column visibility. For a generic TCP resource, StrongDM only records metadata — who, when, and what — instead of capturing the actual commands or payloads executed within the session.

StrongDM connects a user to a database or server, but once the session is established, it treats the runtime as a black box and cannot natively enforce fine-grained or attribute-based access control, such as restricting raw column visibility. For a generic TCP resource, StrongDM only records metadata — who, when, and what — instead of capturing the actual commands or payloads executed within the session.

StrongDM's continuous authorization is important for our organization; its scalability, role-based access management, and robust audit capabilities enable us to automate access workflows, retire shared SSH keys, and enhance security. Developers gain self-service access to scrubbed, production-like databases, simplifying testing and development. This is a great feature.

Our impression of StrongDM's credential-less access control and its integration with existing vaults and secret managers is positive. We are integrated with AWS , have an integration team that captures all the configuration, and have added their process, exposing sensitive data while our AI agents help configure these things automatically, making it very easy to deploy.

StrongDM unifies access across different systems in our organization by providing various policies that can trigger step-up multi-factor authentications or automated manager approvals when a user attempts to execute a risky operation. It builds and handles non-deterministic AI agents, logging every query, keystroke, and response to provide complete, searchable records satisfying compliance and governance. Whenever our engineers need access, administrators or our team admin can remove their standing access entirely, and users can request temporary access for a defined period via the StrongDM portal or apps like Slack, which automatically expires once the time limit is reached.

StrongDM does not support multi-port and distributed clusters, as the raw TCP resource type is strictly single-port and cannot handle protocols requiring multiple concurrent ports or distributed brokers like Kafka. Third-party client compatibility is another area for improvement, as StrongDM is designed to work with the standard Microsoft Remote  Desktop Connection on Windows but may not fully support alternative RDP clients like the Windows Store Remote  Desktop.

Additionally, StrongDM has limited MFA and passwordless options, relying heavily on time-based one-time passwords (OTP) or Duo, lacking support for true passwordless setups like biometrics or hardware YubiKeys, and it does not support per-session MFA. These are the drawbacks that need improvement for StrongDM.

I have been using StrongDM for the last nine months.

StrongDM is stable.

StrongDM has very large and good scalability, capable of providing a million data in a second, showcasing its great scalability.

Customer support is very good; whenever there is a query or issue, they provide support as needed. They also have very good documentation, where they often ask us to refer to a particular document but can provide excellent on-call support.

We need fewer employees now because StrongDM saves our time by eliminating manual work. While it is costly, the return on investment for this product is good overall.

The pricing for StrongDM is moderate, but the setup cost and licensing are costly.

I have evaluated other options including Teleport , a strong competitor to StrongDM, but we chose StrongDM for its completeness of offering in terms of identity lifecycle management and context-based policies, not requiring installation on servers, providing multiple and concurrent vault support, very high availability, a high rate for disaster recovery, and actionable reporting. StrongDM provides greater features for unused privileged access, sensitive resource agents' access, and access reviews in terms of security.

I would recommend using StrongDM when comparing it to Teleport  because it provides features including completeness of offering, lifecycle management, and context-based policies, along with great ease of use in installation and multiple vault support. I encourage other clients to choose StrongDM over Teleport.

StrongDM uses AI in primary ways, including building and testing its security software with autonomous agents and controlling system access through AI agents. StrongDM has pioneered a unique software development pipeline in its software factory, where AI agents write, test, and deploy production software without human intervention. StrongDM also utilizes a digital twin universe, building virtual behavioral clones of third-party servers such as Okta, Jira , and Slack, allowing it to simulate thousands of customer edge cases and test system failure without risking the production environment. Regarding the guardians of agentics, it involves AI as a client, and there are AI access policies, ensuring the system watches what AI agents do in real time, instantly blocking or allowing their attempts to read files, connect to services, or make network calls based on human-readable policies.

The accuracy of StrongDM's output is good, and for reliability, it allows attempts to read files, connect to services, or make network calls based on human-readable policies, which makes the reliability very good.

I have provided a review rating of eight out of ten for StrongDM.

Private Cloud

Amazon Web Services  (AWS)

My main use case for StrongDM  is privileged access management and infrastructure access that we cater to, as we were looking for alternatives and solutions to securely control and monitor our access to servers. We have been using different kinds of Kubernetes  clusters, databases, cloud infrastructure, and internal applications. Instead of giving direct access to our employees, the idea was a VPN-heavy access with shared keys for better usage. This is how I used it during my Kafka experience about three years ago, and also in my current team at GitLab .

In one of those scenarios, my experience with StrongDM  while working with Kubernetes  in the Kafka team illustrates how we were initially looking for a better way to manage secure access to our infrastructure. Our teams scaled across different environments and regions, primarily Europe, including Sweden and India. Before using StrongDM, we relied on VPN access and manual permission handling, which became difficult to audit and maintain over time as our team grew. Our main use case was centralized privileged access management for Kubernetes clusters. We also considered using it for Linux servers on-premises for the same application but opted out at that time due to limited usage and some internal platforms running on AWS . We aimed for developers and operations teams to get the access they needed without exposing long-lived credentials.

StrongDM is instrumental in unifying access across different systems in our organization, alleviating the complications from separate tools. In the Kafka team, we had AWS  infrastructure with Kubernetes clusters managing EC2  machines and internal services for different customers referring to our Kafka topics. StrongDM facilitated a centralized approach to access control, audit logging, and temporary authorization. For example, while working on the Kafka platform on EKS, developers and operations teams could utilize a unified access process across various environments, thus streamlining their work.

I find several best features in StrongDM, but our primary use case focuses on ensuring that we do not have long-lived credentials. The best features for us are the centralized access control and the detailed audit logging, which allow us to provide temporary privileged access without managing VPNs ourselves. I appreciate how well it integrates with Kubernetes and cloud environments on AWS. A significant advantage was simplifying onboarding and offboarding processes, taking away a lot of time and minimizing the risk of overlooking these tasks.

The audit logging feature significantly helps my team during troubleshooting and internal security reviews. With multiple teams accessing Kubernetes clusters in our production environments, it provides clear visibility into who accessed what and when. While we could use CloudTrail , fetching details from it requires complex SQL queries, making it challenging. StrongDM simplifies this, reducing manual tracking efforts and improving accountability, especially important for compliance with specific regulations we need to follow.

StrongDM positively impacts our organization in many ways, mainly in cost savings from the time saved. It has significantly improved both security and operational efficiency for us. Previously, access management across AWS and Kubernetes was manual and highly coordinated, relying on VPNs. With StrongDM, onboarding and temporary privileged access processes became much faster and more standardized, enhancing our security posture while maintaining necessary compliance.

I believe StrongDM can improve its initial setup and onboarding experience for larger enterprise environments like Scania, where we have a lot of processes. Integrating different teams, access policies, and existing identity workflows requires substantial planning. Additionally, I think the dashboard customization and reporting could be more flexible for operational teams, though new teams find it manageable. Once the platform is fully integrated, it provides significant value.

Apart from the onboarding experience, I would also mention that the templates for enterprise onboarding and policy setup could benefit from innovative thinking tailored to organizations managing large AWS and Kubernetes workloads. Enhanced customization in dashboards and reporting would further ease operations and provide better insights.

I have been using StrongDM for about five years.

StrongDM is very stable; I cannot recall experiencing a glitch. It has consistently performed well for us.

StrongDM's scalability is impressive; it is highly available, and we never perceived any latency issues. It operates almost autonomously without the need for our management.

I would rate customer support at StrongDM nine out of ten because we experienced exceptional support during both pre-sales and post-sales. They responded quickly to issues and were readily available for calls rather than waiting for email confirmations. I rate customer support a solid nine out of ten.

Before StrongDM, we explored different options but primarily relied on traditional VPN access and manual SSH key management, along with some AWS native workflows. Those methods worked initially but as our Kubernetes clusters expanded, they proved difficult to maintain consistently across teams, prompting us to seek alternative centralized access solutions.

Concerning pricing, setup cost, and licensing, our experience was very smooth as we chose not to go through the AWS Marketplace  but arranged meetings directly with StrongDM. Their team was prompt, and I can say that the pricing and licensing appeared reasonable for complex cloud management. We needed a good product and solid sales service post-purchase, which they provided efficiently and adequately. We compared their offerings with other tools in the market, agreeing on an annual license basis. The setup cost was free, with technical staff aiding our onboarding, requiring us only to cover the license fee.

I have definitely observed a return on investment through the operational efficiency gains and streamlined access management. The onboarding of temporary privileged access accelerated significantly, allowing us to release consultants much faster than before, saving considerable money. We also reduced reliance on manual VPN workflows, cutting high network costs linked to repetitive approval processes. While it is challenging to quantify with a single figure, the time savings and reduced operational overhead were certainly impactful.

Concerning pricing, setup cost, and licensing, our experience was very smooth as we chose not to go through the AWS Marketplace  but arranged meetings directly with StrongDM. Their team was prompt, and I can say that the pricing and licensing appeared reasonable for complex cloud management. We needed a good product and solid sales service post-purchase, which they provided efficiently and adequately. We compared their offerings with other tools in the market, agreeing on an annual license basis. The setup cost was free, with technical staff aiding our onboarding, requiring us only to cover the license fee.

I evaluated other options, including Teleport  for centralized access management and AWS native tools like Session Manager and CloudShell  using AWS Vaults. However, they were mainly services without the complete product offerings needed at an enterprise level. StrongDM distinguished itself by providing a simpler user experience, robust auditability, and alignment with our enterprise requirements.

Continuous authorization is significantly more important for us; periodic checks alone might not suffice. In AWS and Kubernetes environments, access needs fluctuate rapidly due to various incidents or operational tasks. Periodic checks only offer visibility at specific points in time, while continuous authorization ensures we retain real-time control, diminish unnecessary standing access, and improve overall security posture.

StrongDM's credential-less access control was a primary reason for our choice, as managing credentials for various employees and moving consultants was increasingly challenging. The credential-less approach reduces the need to distribute or manage long-lived credentials, enhancing security and operational simplicity. Its integration with existing secrets managers in AWS was particularly beneficial, aligning securely with our centralized authentication and governance processes, matching our zero-trust practices.

My advice for others considering StrongDM is that it greatly depends on individual use cases; however, for enterprise organizations seeking end-to-end identity solutions, this is an excellent tool. Many options in the market may lack certain features that StrongDM provides as a comprehensive package. StrongDM excels in compliance management and identity management, so I recommend considering them. I would rate this review as an eight point five overall.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

I really like using StrongDM for server and database logins. It's quite easy to set up, and we've successfully onboarded 2000 users to it.

What do you dislike about the product?

Customized reporting should be improved.

What problems is the product solving and how is that benefiting you?

I use StrongDM for managing and creating privilege accounts, streamlining server, and DB logins.

My use case involves a company I'm working in that wants to secure the connectivity between the DevOps team and the backend server in the company.

The best features in StrongDM  are that it is the easiest product in the market for this situation with easy access. The DevOps team only needs to log in through StrongDM  with credentials, and then I can control everything after this, including what they are doing inside our servers, their movements, their actions, and everything I can see. One of the most powerful tools in StrongDM is audit logging. I can handle everything and see all that happened inside their movement on the backend server in our company.

In StrongDM, I think the installation was hard, and they want to be more flexible in the initial setup. I think they want to add more features like traditional PAM. It is difficult to find documentation or materials to review how it works, and there is less product material available in the market.

I have been using the solution for seven months.

I rate the stability of the product five out of ten because crashes sometimes happen when we are working on it.

I rate scalability five as well.

I rate technical support seven out of ten because their response takes much more time than usual. However, at the end, they can help. I think they want to reduce their support staff.

The deployment is neither easy nor complex; I think it is in the middle.

I am not deploying it, as someone deployed it for me, but I think they put it in the default credential access.

I compare StrongDM with other vendors like CyberArk or Okta, and I think CyberArk is a heavy PAM. If all my product is on-premises and not cloud and premises, CyberArk will be good for that. However, with StrongDM, I think it is better to work on cloud and on-premises at the same time. I recommend CyberArk if your environment is all on-premises.

I am not using the continuous runtime authorization feature, as I think it is not enabled.

I have my servers on-premises and on AWS .

For now, I think it is about 53 or 54 users who use the solution.

StrongDM requires maintenance. In terms of maintenance, it is easy. I think it is easy to maintain, but it is hard to know how to do it because the materials are less than anything in the market. Other vendors' materials are available in the market, but StrongDM materials are not as readily available.

I rate StrongDM overall six out of ten because I think it is the only product that can mix or be hybrid between on-premises and cloud on the market. I think it is a stable product on the market.

Hybrid Cloud

Amazon Web Services  (AWS)