Access Manager Editions
Access Manager comes in two product editions. A free community edition, that provides key protections from lateral movement-based attacks, and enterprise edition, which allows organizations to take full advantage of the security and usability enhancements provided by the Access Manager solution.
Enterprise Edition
Enterprise edition unlocks the full potential of Access Manager. From fully customizing the user experience, to providing advanced authorization and auditing integrations it's the ultimate solution for organizations who want the best protections against lateral movement, and the best user experiences for support staff.
Enterprise edition customers can deploy the Access Manager agent to their Windows, macOS and Linux devices and move away from difficult to use passwords, to easy to remember passphrases.
On Windows, our RapidLAPS feature means your support staff will never have to touch a LAPS password ever again, and use a PIN or QR-code based login instead.
Enterprise edition also enables additional functionality, such as support for high availability, and advanced custom authorization rules.
See the licensing page for information on how to trial or purchase an Enterprise Edition license.
Community Edition
Access Manager Community edition is our core offering, that contains the key features that an organization need to help defend themselves from lateral movement-based attacks. You can provide your users full access to Microsoft LAPS passwords and request just-in-time admin access to computers, all from the convenience of their browser.
Community edition allows the deployment of the Access Manager agent to up to 100 devices.
Community edition is completely free for any organization of any size to use, however no formal support is provided by Lithnet.
Feature comparison
Web app features
The Access Manager web app is the main feature of the product that your support staff and end users will be interacting with.
Access to local admin passwords set by the legacy Microsoft LAPS agent
Access to local admin passwords set by the new Microsoft Windows LAPS agent
Access to local admin passwords and passphrases set by the Lithnet Access Manager Agent
Access to BitLocker recovery passwords
Just-in-time administrative access to Windows computers
Just-in-time access to custom roles
Limited to 3 roles
Review and approve RapidLAPS login and elevation requests
'Read aloud' function for passwords (where supported by the browser)
Phonetic display of passwords
Access to local admin password history 3
Show the local admin username 3
Trigger LAPS password change when the password has been accessed 4
Customize and brand the web app user interface
Lithnet Access Manager Agent features
Access Manager comes with its own agent which enables RapidLAPS, support for passphrase-based LAPS passwords, and BitLocker recovery key backup.
Community edition customers can deploy up to 100 agents in their environment.
Manage local admin passwords
Limited to 100 devices
Generate passphrases for LAPS passwords
Limited to 100 devices
Retain historical local admin password history
Backup BitLocker recovery keys 5
Limited to 100 devices
Passwordless login via RapidLAPS 5
Limited to 100 devices
Passwordless elevation via RapidLAPS 5
Limited to 100 devices
Support for domain-joined Windows devices
Limited to 100 devices
Support for non-domain joined Windows clients
Limited to 100 devices
Support for macOS devices (Intel and arm64)
Limited to 100 devices
Support for Microsoft Entra-joined Windows 10 and higher devices
Limited to 100 devices
Support for Linux distributions (x64, arm64) 2
Limited to 100 devices
Just-in-time access features
Just-in-time administrative access to Windows computers
Just-in-time access to Active Directory role-based groups
Limited to 3 roles
BitLocker features
Read BitLocker recovery passwords from AD
Read BitLocker recovery passwords from non-AD joined devices 1
Limited to 100 devices
Authentication features
Access Manager supports several authentication mechanisms. You can use a modern authentication provider like Microsoft Entra ID or Okta to add MFA support to your Access Manager instance.
Support for Integrated Windows Authentication
Support for OpenID Connect
Support for WS-Federation
Support for smart-card authentication
Auditing features
Log events to the Windows event log
Send audit notifications via webhooks
Send audit notifications via email
Send audit notifications via custom PowerShell scripts
Send audit notifications to Splunk HEC
Infrastructure
Multi-domain support
Cross-forest trust support
Single-server deployments
Load-balanced deployments
Authorization features
ACL-based authorization
Custom PowerShell script-based authorization
Global rate-limiting on requests
Import Microsoft LAPS permissions from Active Directory
Import BitLocker recovery password permissions from Active Directory
Import local admin permissions from computers
Import permissions from CSV file
Configuration management features
Manage AMS groups from the UI
Manage AMS groups from PowerShell
Manage AMS devices from the UI
Manage AMS devices from PowerShell
Manage AMS registration keys from the UI
Manage AMS registration keys from PowerShell
Create and modify authorization rules using the UI
Create and modify authorization rules using PowerShell
Support
Enterprise support by Lithnet
Requires the use of the Lithnet Access Manager Agent
See the page on supported Linux operating systems for more details
Requires the use of the Lithnet Access Manager Agent or the Microsoft Windows LAPS client
Not supported when using the Microsoft Windows LAPS client and storing the password in Microsoft Entra
Current supported on Windows devices only
Last updated
