Access Manager Editions
Access Manager comes in two editions - Standard and Enterprise.
Standard Edition
Access Manager Standard edition is our core offering, that contains all the features that an organization need to help defend themselves from lateral movement-based attacks. You can provide your users full access to Microsoft LAPS passwords and request just-in-time admin access to computers all from the convenience of their browser.
Standard edition is completely free for any organization of any size to use.
Enterprise Edition
Enterprise Edition is a must for organizations who want to take full advantage of the capabilities of Access Manager, and know they have the full backing of the Lithnet support team to help them keep their environment running smoothly.
See the licensing page for information on how to trial or purchase an Enterprise Edition license.
Feature comparison
Web Interface features
Access to local admin passwords
x
x
Access to BitLocker recovery passwords
x
x
Just-in-time access requests for local admin access on computers
x
x
'Read aloud' function for passwords (where supported by the browser)
x
x
Phonetic display of passwords
x
x
Access to local admin password history
x
Just-in-time access requests to admin-defined roles^
x
Local admin password features
Read passwords set by the Microsoft LAPS client
x
x
Read passwords set by the Lithnet Access Manager agent
x
x
Encrypt local admin passwords using the Access Manager agent
x
x
Retain historical local admin passwords using the Access Manager agent
x
x
Trigger LAPS password change when the password has been accessed
x
x
PowerShell access to encrypted local admin passwords (from the AMS server only)
x
x
PowerShell access to encrypted local admin password history (from the AMS server only)
x
x
Just-in-time access features
Just-in-time access to Windows computers
x
x
Just-in-time access to Active Directory groups^
x
Just-in-time access to 3rd party services using custom PowerShell scripts^
x
BitLocker features
Read BitLocker recovery passwords from AD
x
x
Authentication features
Access Manager supports many different authentication mechanisms. Use a modern authentication provider like Azure AD or Okta to add MFA support to your Access Manager instance.
Support for Integrated Windows Authentication
x
x
Support for OpenID Connect
x
x
Support for WS-Federation
x
x
Support for smart-card authentication
x
x
Auditing and analytics features
Log events to the Windows event log
x
x
Send audit notifications via webhooks
x
x
Send audit notifications via email
x
x
Send audit notifications via custom PowerShell scripts
x
x
Query access history from within the app^
x
Email summary reports^
x
Infrastructure
Multi-domain support
x
x
Cross-forest trust support
x
x
Single-server deployments
x
x
Windows Failover Cluster deployments
x
Database support
SQL LocalDB
SQL LocalDB SQL Server Standard or Enterprise
Authorization features
ACL-based authorization
x
x
Custom PowerShell script-based authorization
x
Global rate-limiting on requests
x
x
Granular rate-limiting policies for users and groups^
x
Import Microsoft LAPS permissions from Active Directory
x
x
Import BitLocker recovery password permissions from Active Directory
x
x
Import local admin permissions from computers
x
x
Import permissions from CSV file
x
x
Import LAPS permissions from the Lithnet LAPS Web App
x
x
Support
Community support via GitHub
x
x
Priority support via email
x
^ Denotes features that are planned and coming soon
Last updated