Session Recording

Answer 'who did what and when' in seconds. OnePAM records every SSH, RDP, VNC, Kubernetes, and database session with video playback and keystroke logging.

Start Free Trial See All Features
What You Get

Answer "Who Did What" in Seconds

Video-style playback for SSH, RDP, VNC, kubectl exec, and Telnet sessions
Full keystroke logging with timestamps
Database query recording with results
gRPC call audit logging with protobuf-to-JSON
Searchable session archives
Configurable retention policies
Export sessions for compliance audits
Session metadata and tagging
Integration with SIEM systems
Session Playback

Recorded Sessions

https://app.onepam.com/sessions Session Archive 1,247 recorded sessions 🔍 Search sessions... All SSH RDP DB TYPE TARGET USER DURATION ACTIVITY REPLAY >_ prod-server-01 10.0.1.42 • Feb 8, 14:23 J john@acme.com Okta SSO • MFA ✓ 32m 14s 847 keys 142 cmds win-server-02 10.0.2.15 • Feb 8, 11:07 S sarah@acme.com Azure AD • MFA ✓ 1h 15m Video 1080p rec prod-postgresql 10.0.3.8 • Feb 8, 09:45 O ops@acme.com Google SSO • MFA ✓ 8m 03s 23 queries 3 masked >_ staging-k8s-03 10.0.5.21 • Feb 7, 16:30 M mike@acme.com Okta SSO • MFA ✓ 45m 22s 1,204 keys 89 cmds Today: 24 sessions 18h 42m total 6 users Retention: 90 days
https://app.onepam.com/sessions/s-8f3a2b1d/replay >_ SSH: prod-server-01 john@acme.com • Okta SSO • MFA verified Feb 8, 2026 14:23 Duration: 32m 14s RECORDED 1.0x 12:47 32:14 847 keys Connecting to prod-server-01 via OnePAM... Identity verified: john@acme.com ✓ MFA verified — hardware key ✓ Connected (cert valid 8h) john@prod-server-01:~$ sudo tail -f /var/log/syslog Feb 8 14:24:01 prod-server-01 nginx: GET /api/v1/users 200 12ms Feb 8 14:24:03 prod-server-01 nginx: POST /api/v1/deploy 201 847ms Feb 8 14:24:05 prod-server-01 sshd: session opened for user john Feb 8 14:24:08 prod-server-01 app: Deploy v2.4.1 completed OK Feb 8 14:24:10 prod-server-01 kernel: OOM killer triggered for pid 2847 john@prod-server-01:~$ dmesg | grep -i error 14:23:12 14:24:05 14:24:10 ● REPLAY | 847 keystrokes | 142 commands | 3 alerts flagged | Exportable
Deploy in Under 5 Minutes

Three Steps to Secure Access

1. Sign Up With SSO

Connect your identity provider — Okta, Azure AD, Google Workspace, or any SAML/OIDC provider. Your team logs in with existing credentials.

2. Add Your Resources

Register servers, databases, Kubernetes clusters, and web apps. Define who can access what with role-based policies.

3. Access Securely

Your team accesses resources through the browser — identity-verified, session-recorded, and audit-logged. No VPN, no exposed ports.

Goes Well With

Related Capabilities

SSH Access Management

Stop exposing SSH ports and sharing keys. OnePAM provides identity-verified browser SSH with session recording, keystroke logging, and automatic key rotation.

Secure RDP Access Management

Shared admin accounts and exposed RDP ports are the #1 Windows attack vector. OnePAM replaces them with identity-verified RDP and session recording.

VNC Remote Desktop Access

VNC ports on the internet are a breach waiting to happen. OnePAM provides browser-based VNC with SSO, MFA, and session recording.

Try Session Recording — Free for 14 Days

From signup to your first secure session in under 5 minutes. No infrastructure changes, no credit card, no sales call.

Start Free — Deploy in 5 Minutes