Introduction
Developed by Grizzle Technology, the Zero Trust Privileged Access Management (ZT-PAM) solution is designed to ensure secure access to critical systems, monitor privileged accounts, and enforce administrative control across enterprise infrastructures.
Grizzle ZT-PAM is built upon modern cybersecurity standards, providing organizations with a centralized and auditable way to control privileged access.
This document serves as a guide for administrators through the installation, configuration, and management processes of the platform.
It explains the overall architecture, management interface, role and permission management, security policies, and integration steps.
Grizzle Technology develops innovative solutions to meet enterprise security needs, simplify access management, and ensure compliance with international standards.
Grizzle ZT-PAM General Topology
Grizzle ZT-PAM Enterprise Components
Vault
The Vault is the core of the Grizzle ZT-PAM architecture — a digital safe where all privileged identities and passwords are securely stored.
This structure ensures that sensitive credentials are never accessible in plaintext, and can only be retrieved or used in an auditable manner by authorized components.
Privileged Session Manager (PSM)
The Privileged Session Manager is one of the most critical components of the Grizzle ZT-PAM platform.
PSM enables users to establish secure, monitored, and isolated connections to remote systems using privileged accounts (such as Domain Admin, root, DBA, or service accounts).
Users do not connect directly to target systems — instead, they connect through the PSM.
This means that the credentials used during the connection are never visible to administrators, and every action is recorded for auditing.
Additionally, PSM provides browser-based access via the HTML5 Gateway Server, allowing users to start secure sessions directly from their web browsers without installing RDP or SSH clients.
Credential Provider (CP)
The Credential Provider is a login component embedded within the PSM server that customizes Windows login screens.
In the Grizzle ZT-PAM ecosystem, the Credential Provider ensures that user credentials are securely authenticated through the ZT-PAM Vault or associated authentication APIs.
It integrates seamlessly with MFA (Multi-Factor Authentication) mechanisms and supports centralized identity validation on Windows login screens, providing a secure, unified authentication experience.
Central Password Manager (CPM)
The Central Password Manager is responsible for automatically managing, rotating, verifying, and synchronizing privileged account passwords within the Grizzle ZT-PAM architecture.
It serves as the central component governing the full lifecycle of credentials stored in the Vault —
from creation → rotation → verification → retirement.
Web Gateway
The Web Gateway acts as the secure access layer between users and the infrastructure within the Grizzle ZT-PAM platform.
Instead of allowing direct access to privileged systems (such as RDP, SSH, web interfaces, RemoteApp, or database consoles), it provides secure, isolated sessions via browser-based connections.
All communication occurs over a single HTTPS (443) port.
User identities and sessions are centrally authenticated, and every action is logged and fully auditable.