Platform

Solutions

Products

Resources

Partners

Blog

Company

Get Demo

RankEZ Multi Tenancy and PAMaaS

startup,-whiteboard,-room,-indoors,-adult,-office,-business,-technology,-male,-c - startupstockphotos (pixabay)

RankEZ enables Privileged Access Management as a Service (PAMaaS) and multi-tenancy by combining Departments for logical data isolation and Proxy Clients for secure network penetration into isolated tenant environments.

Using Departments for Multi-Tenancy (Logical Isolation)

Departments act as logical boundaries (tenants) to segregate and categorize business objects, including Users, User Groups, Devices, Accounts, AppIDs, and Policies. This hierarchical, tree-like structure provides several multi-tenancy benefits:

  • Strict Data Isolation: Objects within a specific department are completely isolated and not visible to sibling departments at the same level. This ensures that different tenants or branches cannot see or manage each other's data.

  • Hierarchical Control: Administrators at higher-level departments (such as the global ROOT department) can manage the objects of their sub-departments. Sub-department users can only manage objects within their own department and its sub-departments.

  • Configurable Visibility: If necessary, higher-level managers can configure sub-departments to have visibility into parent department objects by adjusting "Parent Visible" settings during department creation.

  • Centralized SaaS Model: This model allows large organizations or group companies to build their own private cloud environment and provide centralized PAM services to local tenants and branches without data crossover.

Deploying PAMaaS via Proxy Client (Network Isolation)

While Departments handle logical isolation, the Proxy Client handles network isolation. In a SaaS or PAMaaS model, tenants often have their own isolated network segments or Virtual Private Clouds (VPCs). The Proxy Client allows the central PAM platform to securely penetrate these isolated areas to connect to and manage target devices without requiring VPNs.

To deploy this architecture for a tenant, you follow these steps:

  1. Create a Tenant Network: In the PAM console under Network Management, add a new network specifically for the tenant's isolated environment.

  2. Deploy the Proxy Client: Click "+ Proxy Client" in the newly created network to generate an installation script. Run this script on a dedicated Linux or Windows host situated inside the tenant's isolated network or VPC.

  3. Assign Components: To ensure the proxy works, the tenant's network must have corresponding Central Password Manager (CPM) and Privileged Session Manager (PSM) components assigned to it. In the System >> Component Status settings, select the network where the Proxy Client is located and assign the CPM and PSM to handle password rotation and session proxying for that tenant.

By combining these two features, RankEZ achieves a true PAMaaS architecture. The platform maintains centralized control and smooth upgrades, while tenants receive isolated data management and isolated network access without bearing any infrastructure management costs.

The Iceberg Unveiled: The 6 Hidden Costs Crushing Your PAM ROI ›