Tanflow IAM Suite & PAM - enterprise identity and privileged access security for the modern enterprise. Get a Demo →

Tanflow PAM · Capability

Session Management

Every privileged session runs through the gateway, renders in the browser, and is recorded end to end - with nothing installed anywhere.

Overview

Sessions you can watch, pause and prove

Tanflow PAM proxies SSH, RDP, VNC and database sessions through its zero-agent gateway. Users work in a normal browser tab; security teams get live visibility, full recordings and the ability to terminate a session the moment something looks wrong.

Browser-based access

SSH terminals, RDP/VNC desktops and SQL consoles render directly in the browser. No VPN client, no jump-host sprawl, no target agents.

Full session recording

Terminal sessions captured as searchable text and replayable video; graphical sessions recorded as video with metadata.

Live monitoring & takeover

Watch active sessions in real time; pause, join or terminate instantly when policy or instinct demands it.

Concurrent session policy

Limit simultaneous sessions per user, per target or per account - and queue or deny the rest.

File-transfer control

SFTP and clipboard transfer governed by policy: allow, block or log uploads and downloads per connection group.

Session watermarking

On-screen user and timestamp watermarks deter credential sharing and screen photography.

How it works

The life of a privileged session

RequestUser picks a target from their authorised catalogue in the PAM portal.
BrokerThe gateway opens the connection and injects vaulted credentials.
WorkThe session renders in the browser - monitored and recorded throughout.
ArchiveRecording, command log and metadata land in the audit store, linked to the user.

Why it matters

Outcomes you can put in front of an auditor

  • Complete forensic record of every privileged session
  • Insider misuse deterred by visible recording and watermarking
  • Immediate containment: terminate a hostile session in one click
  • No agent maintenance across thousands of targets
  • Session evidence mapped to RBI, SEBI, ISO 27001 A.9.4 and SWIFT CSP expectations

Part of Tanflow PAM

This capability is built into Tanflow PAM - the zero-agent privileged access platform that deploys in 2-4 weeks on your infrastructure.

Explore the full platform →

FAQ

Common questions

Do recordings capture passwords typed in sessions?

Vaulted credentials are injected by the gateway, so passwords are never typed or displayed. Field-level masking rules additionally suppress sensitive input in recordings.

How much storage do session recordings need?

Terminal recordings are compact text-plus-timing data; graphical recordings use efficient video encoding. Retention policies archive or prune by age and importance.

See Session Management in action

A focused demo against your environment and your compliance requirements.