Privileged Access Management

Topicus KeyHub's philosophy: by defaults accounts should be inactive.


The threat landscape is minimised when no accounts are active. Whenever required, an account can be activated with a single click. This enables a personal account which is provisioned with the required privileges. After work finishes, the account is disabled automatically.

Audit trail

If required for auditing or compliance, a mandatory reason can be enforces before enabling a group. This reason is stored in the audit log and presented to all group members on their dashboard.


With the rotating-password option the credentials of each user are regenerated daily.

In control

Does an employee need temporary access? Then he gets only temporary access to a vault. Is an employee leaving a team? Than his access to the team vault is revoked. Is an employee leaving the company? Than all his access is revoked. You're in control, thanks to Topicus KeyHub. The auditor dashboard shows who had access and when he had access. And through continuous auditing you check if the access rights are still correct. That way you're in control regarding ISO27001 and privacy regulations.