MAIN MENU
Definition

Account brokering

Account brokering inputs credentials into systems, websites, servers, and applications without revealing those credentials to the user. Learn how it works, how it relates to credential injection and brokering, and why it keeps privileged accounts out of users' hands.

DT Devolutions Team · July 7, 2026 · 2 min read

What is account brokering?

Account brokering is the capability of supplying account credentials to a target — a system, website, server, or application — without ever revealing those credentials to the user. The user gains access to the resource, but the underlying account password stays hidden, held and delivered by a central platform rather than known to the person using it.

How does account brokering work?

Account brokering keeps the user out of the credential-handling path:

  1. Account credentials are stored centrally in an encrypted vault, not with the user.
  2. The user requests access to a target system, website, server, or application.
  3. The platform supplies the correct account credential to the target on the user's behalf.
  4. The user works with the resource while the credential stays hidden and auditable.

Account brokering, credential brokering, and credential injection

These terms overlap. Account brokering is the broad idea of granting access to accounts across many target types without exposing the credential. Credential brokering is the model of checking out a credential for a session on the connection entry itself. Credential injection is the specific mechanism that inserts a credential into a live session invisibly. In practice, brokering governs which credential is used, and injection delivers it unseen.

Why does account brokering matter?

When users never learn the account password, it cannot be written down, reused elsewhere, phished, or shared. Access to shared and privileged accounts can be granted and revoked centrally, scoped by role, and tied to an audit record — which supports least-privilege access and removes the exposure created by handing out standing credentials.

Frequently asked questions

What is account brokering?

Account brokering inputs credentials into systems, websites, servers, and applications without revealing those credentials to the user. The user gains access to the resource while the underlying account password stays hidden, held and delivered by a central platform.

How is account brokering related to credential injection?

Account brokering is the broad capability of granting access to accounts across many target types without exposing the credential. Credential injection is the specific mechanism that inserts a credential into a live session invisibly. Brokering governs which credential is used; injection delivers it unseen.

Why use account brokering?

Because users never learn the account password, it cannot be written down, reused, phished, or shared. Access to shared and privileged accounts can be granted and revoked centrally, scoped by role, and tied to an audit record — supporting least-privilege access.

Keep credentials out of users' hands

Broker accounts from a central vault so your team connects without ever handling passwords.

Explore Devolutions PAM

Related terms

Credential injection

Secure input of credentials into a session without revealing them to the user.

Read now

Credential brokering

Checking out credentials for a session from a central store on the entry itself.

Read now

Privileged access management (PAM)

Controls, audits, and secures access to an organization's most sensitive systems.

Read now