I first met OnionID CEO Anirban Banerjee when he was head of research and development for a company called Stop The Hacker which exited to CloudFlare. I was very impressed with Anirban’s leadership and technical abilities and became an investor in his company, OnionID, which enables privileged access management for cloud and data center applications.

What are some common misconceptions between authentication and privileged account management?

This is a critical question that needs to be understood. The primary job of an authentication product, typically “single sign on”, is to vouch for the identity of the person and then broker a login into a web application. Privileged access management (PAM) deals with authorization?—?once you are logged in, what can you do with the login that has just been granted to you.

Think of authentication as whether you can enter a secure building with your ID or not. Authorization with PAM decides where can you go inside the building, who can you meet, how long can you stay in the building and what can you see and hear. PAM products sometimes get categorized as SSO solutions, which is not correct. PAM products may have elements of authentication, but they are specific to focused needs that PAM products need to service. Also, PAM products straddle 3 different worlds: Servers, web apps and APIs where single sign on products typically focus on web apps only for authentication.

READ FULL ARTICLE HERE