Bastion account / Bastion-Konto
A bastion account is a hardened, non-personal identity used only for high-risk administrative tasks through a controlled access path (e.g., a PAM vault, jump/bastion host, or privileged access workstation). It’s separate from day-to-day user accounts and is locked down to reduce phishing and lateral-movement risk.
These are the typical properties of a bastion account:
- Dedicated purpose: No email, chat, or SaaS access; admin use only.
- Strong auth: Phishing-resistant MFA (e.g., FIDO2/passkeys or hardware security keys).
- Tight scoping: Least-privilege roles; no standing global admin.
- Brokered entry: Access only via a bastion host / PAW / PAM session with recording.
- Short-lived elevation: Just-in-Time (JIT) grants with automatic expiry and full audit.
- Secret hygiene: Credentials vaulted; no static tokens; emergency (“break-glass”) handled under sealed procedures.
How does it affect identity security?
- Shrinks the attack surface: Removing mailboxes, app logins, and web use from admin identities eliminates common phishing and session-hijack paths.
- Contains blast radius: Least-privilege plus JIT ensures a compromised admin session has minimal scope and duration.
- Improves auditability & compliance: All privileged actions flow through a broker with logging/session recording, simplifying ISO 27001, SOC 2, and PCI-DSS evidence.
- Supports Zero Trust: No implicit trust; every privileged session is explicitly approved, time-boxed, and verified.
- Separates duties: Non-personal, task-scoped identities make ownership, approvals, and revocation straightforward.
Case study
An enterprise with mixed on-prem AD and multi-cloud created non-personal bastion accounts for administrators. These identities were restricted to sign in only through a PAM-brokered bastion, unlocked with FIDO2 security keys and Conditional Access (managed device + admin network). All privileged roles became JIT: admins requested elevation tied to a change ticket; the PAM system issued short-lived rights and recorded the session.
Outcome: Audit trails became simpler, privileged findings dropped during reviews, and phishing simulations against personal mailboxes no longer translated into domain-wide risk, because admin work was isolated behind the bastion flow.
Don’t let hidden identities cost
you millions
Discover and lock down human & NHI risks at scale—powered by AI, zero breaches.