Access Reviews

Run periodic access certification campaigns to verify that every user still needs their privileges. Reviewers approve, revoke, or flag access grants — and OnePAM automatically enforces the decisions, revoking team memberships and access requests that fail review.

Feature Details

Included Capabilities

Certification campaigns — create review cycles with configurable scope, reviewers, and deadlines
Flexible scope — review all access org-wide, per team, or per resource group
Reviewer assignment — assign managers, team leads, or specific users as reviewers
Three-way decisions — approve to keep, revoke to remove, or flag for follow-up
Automatic enforcement — revoked access is removed immediately (team membership, access requests)
Bulk decisions — reviewers can approve or revoke multiple items at once
Progress tracking — real-time campaign progress with automatic completion detection
Deadline reminders — configurable reminder notifications before the review deadline
Auto-revoke on miss — optionally revoke unreviewed access when the deadline passes
CSV export — download campaign results for compliance reporting and auditors
Available on Business and Enterprise plans
Live Preview

Feature Overview

Secure Access — Overview
Zero Trust Access
Identity-verified connections
Session Recording
Complete audit trail
Just-In-Time Access
Time-limited permissions
Browser-Based
No legacy VPN or client software
Getting Started

How It Works

1. Connect Identity Provider

Integrate with Okta, Azure AD, Google Workspace, or any SAML/OIDC provider in minutes.

2. Add Resources

Register your servers, databases, and web apps. Define role-based access policies.

3. Secure Access

Users access resources through the browser with identity verification, session recording, and audit logs.

Explore More

Related Features

SSH Access Management

Secure shell access with browser-based terminal — no SSH ports exposed to the internet. Full terminal emulation, session recording, keystroke logging, and identity-based access controls for compliance.

Secure RDP Access Management

Native RDP access with Kerberos authentication and Active Directory Protected User support. Access Windows desktops through the browser or GUI client — no RDP ports exposed. Includes SSO, MFA, full screen recording, clipboard controls, and file transfer policies.

VNC Remote Desktop Access

Embedded VNC access with browser-based remote desktop — no VNC ports exposed to the internet. SSO, MFA, full session recording, clipboard controls, and read-only mode for secure remote management of Linux desktops, Proxmox hosts, and headless servers.

Ready for Access Reviews?

Deploy in minutes. No legacy VPN required. No credit card required.

Start Free Trial