MAIN MENU
Definition

Privileged session manager (PSM)

A privileged session manager (PSM) is a privileged access management component that controls, monitors, and records privileged sessions to critical systems — injecting the credential so it is never exposed and capturing a full record for audit. Learn what a PSM does, how it works, and where it fits in PAM.

DT Devolutions Team · July 7, 2026 · 3 min read

What is a privileged session manager (PSM)?

When an administrator connects to a sensitive server, database, or device, that connection is a privileged session — a moment of high risk. A privileged session manager governs those sessions: it establishes the connection on the user's behalf, keeps the underlying credential hidden, and monitors or records what happens so nothing goes unaccounted for. It is the PAM component responsible specifically for the live session.

What does a privileged session manager do?

A PSM adds control and accountability to every privileged connection:

  • Session proxying — the connection is brokered through the PSM rather than made directly, so the user's device never touches the raw credential.
  • Credential injection — the credential is inserted into the session automatically and stays hidden.
  • Session recording — sessions are captured as video, keystroke, or command logs for later review.
  • Real-time monitoring — active sessions can be watched live and suspicious ones flagged.
  • Session termination — a risky session can be cut off immediately by an administrator.

How does a PSM work?

A privileged session follows a controlled path from request to record:

  1. A user requests access to a target system through the PAM platform.
  2. The PSM opens the session on the user's behalf and injects the credential from the vault.
  3. The user works inside the session while the credential stays hidden.
  4. The PSM monitors and records the session in real time.
  5. The session ends and its recording and logs are retained for audit.

Where does a PSM fit within PAM?

A privileged session manager is one component of a broader PAM program. PAM as a whole covers vaulting, credential rotation, just-in-time access, and auditing; the PSM is the piece responsible for what happens during a live privileged session. It complements the vault: the vault protects the credential at rest, and the PSM protects and records its use in the moment.

Why does a PSM matter?

Privileged sessions are where the most sensitive work happens, so they are where oversight matters most. A PSM ensures administrators can do their jobs without ever holding the underlying credential, gives security teams a live and recorded view of privileged activity, and provides the session evidence auditors expect. If an account is misused, the recording shows exactly what occurred and when.

Frequently asked questions

What is a privileged session manager (PSM)?

A privileged session manager (PSM) is a privileged access management component that controls, monitors, and records privileged sessions to critical systems. It brokers the connection, injects the credential so it is never exposed to the user, and captures a full record of the session for oversight and audit.

How is a PSM different from a credential vault?

A credential vault protects privileged credentials at rest, storing them encrypted and away from users. A privileged session manager protects and records the use of those credentials during a live session. The vault secures the secret; the PSM secures and audits what happens when it is used.

Why do organizations record privileged sessions?

Organizations record privileged sessions so they have a verifiable account of who accessed sensitive systems and what they did. Recordings support incident investigation, deter misuse, and provide the evidence required by compliance frameworks for privileged activity.

Privileged session control with Devolutions

Control, record, and audit privileged sessions — with credentials injected, never exposed.

Explore Devolutions PAM

Related terms

Privileged access management (PAM)

Controls, audits, and secures access to an organization's most sensitive systems.

Read now

Credential injection

Secure input of credentials into a session without revealing them to the user.

Read now

Privileged session

A temporary privileged access to critical assets.

Read now