Native CLI Client

Use onepam ssh, onepam psql, and onepam mysql to access servers and databases from your native terminal without a browser. The OnePAM CLI authenticates via OAuth2 Device Code Flow and creates secure sessions through the gateway.

Feature Details

Included Capabilities

OAuth2 Device Code Flow for terminal-based authentication
Use onepam psql, onepam mysql, and other database subcommands from your terminal
Token caching in ~/.onepam/ for session persistence
Resource listing with type, status, and host information
Automatic token refresh and expiration management
Works with all plans — Solo through Enterprise
Lightweight single binary with zero dependencies
Config management for multi-environment setups
Compatible with CI/CD pipelines and automation scripts
Live Preview

Feature Overview

Secure Access — Overview
Zero Trust Access
Identity-verified connections
Session Recording
Complete audit trail
Just-In-Time Access
Time-limited permissions
Browser-Based
No legacy VPN or client software
Getting Started

How It Works

1. Connect Identity Provider

Integrate with Okta, Azure AD, Google Workspace, or any SAML/OIDC provider in minutes.

2. Add Resources

Register your servers, databases, and web apps. Define role-based access policies.

3. Secure Access

Users access resources through the browser with identity verification, session recording, and audit logs.

Explore More

Related Features

SSH Access Management

Secure shell access with browser-based terminal — no SSH ports exposed to the internet. Full terminal emulation, session recording, keystroke logging, and identity-based access controls for compliance.

Secure RDP Access Management

Native RDP access with Kerberos authentication and Active Directory Protected User support. Access Windows desktops through the browser or GUI client — no RDP ports exposed. Includes SSO, MFA, full screen recording, clipboard controls, and file transfer policies.

VNC Remote Desktop Access

Embedded VNC access with browser-based remote desktop — no VNC ports exposed to the internet. SSO, MFA, full session recording, clipboard controls, and read-only mode for secure remote management of Linux desktops, Proxmox hosts, and headless servers.

Ready for Native CLI Client?

Deploy in minutes. No legacy VPN required. No credit card required.

Start Free Trial