Privileged Access Management

Topicus KeyHub's philosophy: by defaults accounts should be inactive.


The threat landscape is minimised when no accounts are active. Whenever required, an account can be activated with a single click. This enables a personal account which is provisioned with the required privileges. After work finishes, the account is disabled automatically.

Audit trail

If required for auditing or compliance, a mandatory reason can be enforces before enabling a group. This reason is stored in the audit log and presented to all group members on their dashboard.


With the rotating-password option the credentials of each user are regenerated daily.