Overview
Welcome to the official CyberKey documentation.
This document provides technical and operational guidance for installing, configuring, and administering the CyberKey environment. It serves as a central reference for infrastructure teams, system administrators, and certified partners.
The goal of this documentation is to ensure a secure, standardized, and consistent deployment, while also supporting the day-to-day administration of the platform.
Here you will find guidance on:
- Infrastructure and requirements
- Connections
- Integrations
- Operational and administrative procedures
This documentation follows CyberVision's security and operational best practices to guarantee stability, performance, and control across all environments.
Important:
All installations and administrative changes should follow the guidelines described here. If there are specific environmental requirements, consult the CyberVision support team before implementing modifications.
Scope
This document describes the purpose and functional boundaries of all core modules in the CyberVision PAM platform.
It does not include procedural creation steps.
1. Home
The Home module provides an operational snapshot of the platform, including high-level usage indicators and navigation shortcuts.
It is the main landing area for authenticated users.
2. Connections
Connections is the privileged access catalog for remote targets.
It centralizes connection entries across supported protocols (such as SSH, RDP, Telnet, VNC, and Kubernetes), with protocol-specific behavior, status visibility, and controlled launch/edit actions.
Core function:
- Define and govern remote access endpoints.
3. Web
Web manages privileged access to web-based systems.
It stores URL + credential-based access records and provides controlled launch and administration actions.
Core function:
- Govern privileged web application access.
Important platform note:
- Web connection operation may depend on the CyberKey browser extension.
4. Vault
Vault is the platform’s secure access grouping model.
It binds users to authorized resources (Connections and Web entries) inside a controlled scope.
Core function:
- Enforce segmented access by business/team/environment boundaries.
Security concept:
- Vault acts as an access boundary (“who can access which privileged resources”).
5. Credentials
Credentials manages local platform identities and user records.
It is the reference layer for user metadata, lifecycle, and administrative controls.
Core function:
- Maintain user identities and account governance.
Critical identity rule:
- Even with SAML/SSO authentication, users must exist locally in CyberVision for authorization scope, policy enforcement, and audit attribution.
6. Sessions
Sessions provides runtime visibility over active privileged sessions and administrative control over live session state.
Core function:
- Monitor and control active privileged sessions.
7. Audit
Audit is the compliance and traceability module for session history and operational evidence.
It provides searchable records and export/report capabilities.
Core function:
- Deliver accountability, investigation support, and compliance evidence.
8. Web Audit
Web Audit provides traceability specific to Web module activity, complementing the main audit domain with web-oriented event visibility.
Core function:
- Track and review privileged web-access activity.
9. Report (external link)
The Report entry links to the incident/error reporting flow used for operational feedback and issue registration.
Core function:
- Capture technical incident reports for triage and follow-up workflows.
10. Cross-Module Security Model
Authentication and Authorization
- Authenticated access is required for internal modules.
- Role-based authorization governs module visibility and actions.
Access Segmentation
- Vault-centered segmentation defines practical resource scope.
- Users receive access to resources by explicit assignment.
Operational Controls
- Connections/Web records can be governed, edited, and reviewed.
- Active sessions can be observed and controlled in Sessions.
Auditability
- Activity across modules is intended to be traceable via Audit/Web Audit domains.
11. Governance Principles
1. Least privilege by default.
2. Explicit assignment over implicit access.
3. Segmentation by Vault and role.
4. Continuous auditability of privileged operations.
5. Periodic review of users, resources, and inactive access paths.
12. Outcome
Together, these modules provide a complete privileged access management operating model:
- Identity governance (Credentials),
- Resource governance (Connections/Web),
- Access segmentation (Vault),
- Runtime control (Sessions),
- Accountability and evidence (Audit/Web Audit).
CyberVision
Enterprise Security. Zero Complexity.