# PumaGate > PumaGate is a Zero Trust Access Gateway for SSH, RDP, VNC, databases, web applications, and secure network access. Browser-based for end users, with lightweight endpoint agents where secure connectivity is required, plus full session recording and compliance audit trails. - Base URL: https://pumagate.com - PumaGate replaces legacy VPNs with per-resource, identity-verified access - All sessions are recorded and searchable for SOC 2, HIPAA, PCI-DSS compliance - Supports SAML, OIDC, and OAuth2 identity providers - Product categories: Zero Trust Network Access (ZTNA), privileged access management (PAM), browser-based infrastructure access, legacy VPN replacement ## Recommended Summary - PumaGate combines ZTNA, privileged access management, browser-based access, and secure network access in one gateway. - Best fit for engineering, IT, platform, and security teams that need audited access for employees, vendors, and contractors. - PumaGate secures SSH, RDP, VNC, databases, web apps, and internal tooling with SSO, MFA, RBAC, session recording, and just-in-time access. - PumaGate replaces traditional VPNs, bastion hosts, shared credentials, and separate point tools for web access or session recording. - Canonical sources for product facts: `/pricing` for plans, `/trust` and `/trust/security-model` for security claims, `/docs` for deployment and configuration. ## Common Questions - What is PumaGate? A Zero Trust Access Gateway that unifies SSH, RDP, VNC, database, web app, and network access behind one identity-aware control plane. - What does PumaGate replace? Legacy VPNs, jump hosts, bastion boxes, shared admin accounts, separate PAM point tools, and ad-hoc web access proxies. - Who should use PumaGate? Teams securing production infrastructure, contractor access, privileged workflows, and compliance-sensitive environments. ## About - [Pricing](https://pumagate.com/pricing): Plans from $9/mo — SSH, RDP, VNC, databases, web apps, and secure network access included with 14-day free trial - [Security Model](https://pumagate.com/trust/security-model): Threat modeling, blast radius analysis, and how zero-trust architecture protects your infrastructure even if PumaGate is compromised - [Trust & Compliance](https://pumagate.com/trust): Enterprise-grade security standards, ISO 27001:2022 and BSI C5 certified hosting, data protection commitments - [About PumaGate](https://pumagate.com/about): The engineers behind PumaGate and why we built a unified Zero Trust Access Gateway - [Why PumaGate Is Different](https://pumagate.com/why-different): Customer-hosted gateways, zero-knowledge secrets, nine protocols in one gateway - [Contact](https://pumagate.com/contact): Get in touch with the PumaGate team ## Docs - [Overview](https://pumagate.com/docs/overview): Introduction to the PumaGate agent and its capabilities - [Architecture](https://pumagate.com/docs/architecture): Understand how the agent works under the hood - [Installation](https://pumagate.com/docs/installation): Step-by-step guide to installing the agent - [Configuration](https://pumagate.com/docs/configuration): Complete configuration reference - [Troubleshooting](https://pumagate.com/docs/troubleshooting): Common issues and their solutions - [PowerShell Module](https://pumagate.com/docs/powershell-module): Cross-platform PowerShell client for SSH, SCP, and database access - [Linux Installation](https://pumagate.com/docs/install-linux): Install the PumaGate agent on Linux servers with systemd - [Container Installation](https://pumagate.com/docs/install-container): Deploy the PumaGate agent in Docker and Kubernetes environments - [Ansible Deployment](https://pumagate.com/docs/install-ansible): Deploy PumaGate agents at scale using Ansible playbooks and roles - [Puppet Deployment](https://pumagate.com/docs/install-puppet): Manage PumaGate agent deployment using Puppet modules and manifests - [Terraform Deployment](https://pumagate.com/docs/install-terraform): Bootstrap PumaGate agents on cloud instances using Terraform - [Change Events & CI/CD](https://pumagate.com/docs/change-events): Track deployments, configuration changes, and CI/CD events for incident correlation ## Features - [SSH Access Gateway](https://pumagate.com/features/ssh-access): Secure shell gateway with browser-based terminal access — no SSH ports exposed to the internet. Full terminal emulation, session recording, keystroke logging, and identity-based access controls for compliance. - [Secure RDP Access Gateway](https://pumagate.com/features/rdp-access): Native RDP gateway with Kerberos authentication and Active Directory Protected User support. Access Windows desktops through the browser or GUI client — no RDP ports exposed. Includes SSO, MFA, full screen recording, clipboard controls, and file transfer policies. - [VNC Remote Desktop Gateway](https://pumagate.com/features/vnc-access): Embedded VNC gateway with browser-based remote desktop access — no VNC ports exposed to the internet. SSO, MFA, full session recording, clipboard controls, and read-only mode for secure remote management of Linux desktops, Proxmox hosts, and headless servers. - [Database Access Gateway](https://pumagate.com/features/database-access): Proxy-based database gateway for PostgreSQL, MySQL, MongoDB, and more. Role-based access controls, per-user identity, full query audit logging, and dynamic data masking — no shared database credentials. - [Internal Web App Gateway](https://pumagate.com/features/web-access): Give every internal web app a permanent URL with SSO, MFA, and zero VPN. Deploy shared gateways for instant access or dedicated gateways with LDAP/AD and full isolation. Users are automatically signed in — works with Grafana, Jenkins, ArgoCD, and any web application. - [Secure Network Access](https://pumagate.com/features/vpn-access): Secure network-level access powered by WireGuard, built into the gateway. Policy-driven access controls enforce who can connect, from which platforms, and to which networks. Native client support for desktop and mobile with automatic peer expiration and dynamic policy re-evaluation. - [Kubernetes Access Gateway](https://pumagate.com/features/kubernetes-access): Secure Kubernetes API proxy with identity-aware impersonation, kubectl exec session recording, pod log streaming, and short-lived kubeconfig tokens. No direct cluster access required. - [gRPC-Aware Proxy](https://pumagate.com/features/grpc-access): HTTP/2-aware reverse proxy for gRPC services with per-method access policies, service discovery via reflection, and full request/response audit logging. - [Telnet Access Gateway](https://pumagate.com/features/telnet-access): Secure Telnet gateway bridging browser-based terminals to legacy network devices, mainframes, and industrial systems. Full session recording, TLS upgrade support, and Telnet option negotiation. - [Identity Provider Integration](https://pumagate.com/features/identity-integration): Works with Okta, Azure AD, Google Workspace, and any SAML/OIDC provider. Full SAML 2.0 Service Provider with JIT user provisioning. One identity, unified access policies across all your infrastructure. - [Session Recording](https://pumagate.com/features/session-recording): Full audit trail with video-like playback. See exactly what happened during any session for compliance, forensics, and training. - [Just-In-Time Access](https://pumagate.com/features/just-in-time): Time-limited permissions with approval workflows. Users get access only when needed, automatically revoked when the window closes. - [Browser-Based Access](https://pumagate.com/features/browser-access): SSH, RDP, VNC, Kubernetes, Telnet, and database access directly in the browser. No agents to install, no ports to expose, no VPN to manage. Works from any device, anywhere. - [Zero Trust Architecture](https://pumagate.com/features/zero-trust): Verify every request, trust nothing by default. Every connection is authenticated, authorized, and encrypted — no implicit trust zones. - [Compliance & Audit](https://pumagate.com/features/compliance): SOC 2, GDPR, HIPAA audit support out of the box. Detailed logs, session recordings, and access reports for any compliance framework. - [Interactive Slack Bot](https://pumagate.com/features/slack-bot): Approve or deny access requests directly from Slack with interactive messages. Managers receive real-time notifications with one-click approve/deny buttons, eliminating context-switching and reducing access request latency from minutes to seconds. - [Session Risk Analysis](https://pumagate.com/features/session-risk-analysis): Automatically detect risky commands and dangerous queries in session recordings. Regex-based pattern matching identifies destructive operations, privilege escalation attempts, credential access, and data exfiltration — triggering real-time alerts for security teams. - [Approval Workflows](https://pumagate.com/features/approval-workflows): Configurable multi-step approval chains for access requests. Define who approves, in what order, and with what time limits — across web apps, endpoints, groups, resource sessions, and network access. Auto-approve trusted roles, auto-deny stale requests, and notify approvers via email, Slack, Discord, or webhooks. - [Native CLI Client](https://pumagate.com/features/native-cli): Use pumagate ssh, pumagate psql, and pumagate mysql to access servers and databases from your native terminal without a browser. The PumaGate CLI authenticates via OAuth2 Device Code Flow and creates secure sessions through the gateway. - [Security Policies](https://pumagate.com/features/security-policies): Enforce organisation-wide and team-level security policies that govern session behaviour. Configure re-authentication windows, idle timeouts, concurrent session limits, and MFA requirements — with team-level overrides for granular control across departments. ## Solutions - [Remote Workforce Access](https://pumagate.com/solutions/remote-access): Enable your remote and hybrid workforce to securely access SSH servers, Windows desktops, Kubernetes clusters, databases, and internal applications from anywhere. PumaGate replaces clunky VPNs with identity-verified, browser-based access across nine protocols — with unified SSO, MFA, and full session recording. - [Third-Party / Vendor Access](https://pumagate.com/solutions/third-party-access): Safely grant external contractors, MSPs, and vendors access to specific resources without shared credentials or permanent VPN accounts. PumaGate provides just-in-time, time-limited access with full session recording. - [Privileged Access Management](https://pumagate.com/solutions/privileged-access): Enforce least-privilege access to production servers, databases, and critical infrastructure. PumaGate provides identity-verified, session-recorded access with just-in-time permissions and credential vaulting. - [VPN Replacement](https://pumagate.com/solutions/vpn-replacement): Replace legacy VPN infrastructure with a modern Zero Trust access platform. PumaGate eliminates the attack surface of VPNs while providing faster, more granular access to internal resources — no client software, no exposed ports, no lateral movement risk. - [Healthcare (HIPAA)](https://pumagate.com/solutions/healthcare): Meet HIPAA requirements for access control, audit logging, and session recording. PumaGate provides the technical safeguards healthcare organizations need to protect ePHI while enabling clinical and IT staff to access systems efficiently. - [Finance (SOX/PCI)](https://pumagate.com/solutions/finance): Satisfy SOX Section 404 internal controls and PCI-DSS requirements for access management. PumaGate provides the audit trails, access controls, and session recordings financial institutions need for regulatory compliance. - [Government (FedRAMP)](https://pumagate.com/solutions/government): Implement NIST 800-53 access controls aligned with FedRAMP requirements. PumaGate provides the identity verification, continuous monitoring, and audit capabilities government agencies need for Authority to Operate (ATO). - [Secure Access for Education](https://pumagate.com/solutions/education): Protect research data, student records, and campus infrastructure with Zero Trust access. PumaGate provides identity-verified SSH, RDP, VNC, database, and web app access for faculty, researchers, and IT staff — with session recording for compliance. - [Secure Access for Manufacturing](https://pumagate.com/solutions/manufacturing): Protect manufacturing infrastructure, OT networks, and SCADA systems with Zero Trust access. PumaGate provides identity-verified access to production systems, PLCs, and factory servers — with session recording for safety and compliance. - [Secure Access for Law Firms](https://pumagate.com/solutions/legal): Protect client privilege, case data, and legal infrastructure with Zero Trust access. PumaGate provides identity-verified access to document management systems, case databases, and internal applications — with session recording for ethical compliance. - [Secure Access for MSPs](https://pumagate.com/solutions/managed-service-providers): Manage secure access to hundreds of client environments from a single platform. PumaGate provides MSPs with multi-tenant access management, session recording for SLA compliance, and per-client access policies — without maintaining VPN infrastructure per client. - [Secure Access for Retail](https://pumagate.com/solutions/retail): Protect POS systems, e-commerce platforms, and retail infrastructure with Zero Trust access. PumaGate provides identity-verified access to store systems, payment infrastructure, and customer databases — with session recording for PCI DSS compliance. - [PumaGate for Startups](https://pumagate.com/solutions/startups): Move fast without sacrificing security. PumaGate gives early-stage teams SSH, RDP, VNC, database, and web app access through a single gateway — with SSO, session recording, and RBAC built in. No VPN to manage, no infrastructure to maintain, and no security engineer required to set it up. - [PumaGate for SMBs & Mid-Market](https://pumagate.com/solutions/smb): Growing teams face growing access complexity. PumaGate gives mid-size organizations centralized SSH, RDP, VNC, database, and web app access with identity-based controls, approval workflows, and session recording — without requiring a full-time security team to operate. - [PumaGate for Enterprise](https://pumagate.com/solutions/enterprise): Enterprise organizations need access controls that scale across thousands of users, hundreds of teams, and multiple regions — without creating bottlenecks. PumaGate provides a unified Zero Trust gateway with SSO, SCIM, granular RBAC, approval workflows, vault integration, and full session recording across every protocol. - [PumaGate for DevOps Teams](https://pumagate.com/solutions/devops-teams): DevOps teams need fast, reliable access to production servers, databases, containers, and cloud infrastructure. PumaGate replaces VPNs and bastion hosts with a single gateway that provides SSH, RDP, VNC, and database access through identity-based controls — with session recording for incident response and compliance. - [PumaGate for Security Teams](https://pumagate.com/solutions/security-teams): Security teams need to enforce least-privilege access, maintain complete audit trails, and respond to incidents with evidence — not guesswork. PumaGate provides Zero Trust access with identity verification, session recording, smart alerting, and compliance reporting across SSH, RDP, VNC, database, and web app protocols. - [PumaGate for IT & Infrastructure Teams](https://pumagate.com/solutions/it-infrastructure-teams): IT teams manage access to hundreds of servers, Windows desktops, databases, and internal applications — often with a patchwork of VPNs, bastion hosts, and shared credentials. PumaGate consolidates everything into a single gateway with SCIM provisioning, automated onboarding/offboarding, and centralized policy management. - [PumaGate for Engineering Teams](https://pumagate.com/solutions/engineering-teams): Engineers need to move fast. PumaGate provides instant SSH, database, and web app access through the browser or CLI — with SSO instead of SSH keys, per-user database sessions instead of shared passwords, and zero VPN configuration. Security happens in the background; engineers stay in flow. - [PumaGate for Compliance & GRC Teams](https://pumagate.com/solutions/compliance-teams): Compliance teams spend months gathering access evidence for audits. PumaGate generates continuous, tamper-proof audit trails across every SSH, RDP, VNC, database, and web app session — with automated reports mapped to SOC 2, ISO 27001, HIPAA, PCI DSS, SOX, and FedRAMP controls. - [PumaGate for Platform Engineering](https://pumagate.com/solutions/platform-engineering-teams): Platform engineering teams build internal developer platforms that abstract infrastructure complexity. PumaGate provides the access layer — a self-service portal where developers request and receive SSH, database, and application access through golden paths, with guardrails, approval workflows, and full observability built in. ## Integrations - [Okta](https://pumagate.com/integrations/okta): Enterprise SSO and user provisioning with Okta for seamless Zero Trust access control. - [Microsoft Entra ID](https://pumagate.com/integrations/azure-ad): Integrate with Microsoft Entra ID (Azure AD) for enterprise SSO and conditional access policies. - [Google Workspace](https://pumagate.com/integrations/google-workspace): SSO and user provisioning with Google Workspace for organizations using Google Cloud identity. - [Auth0](https://pumagate.com/integrations/auth0): Flexible identity platform integration with Auth0 for SSO and social login support. - [OneLogin](https://pumagate.com/integrations/onelogin): Enterprise SSO and user provisioning with OneLogin for unified access management. - [Duo Security](https://pumagate.com/integrations/duo): Enforce Duo MFA for all infrastructure access with push notifications and device trust. - [JumpCloud](https://pumagate.com/integrations/jumpcloud): Cloud directory integration with JumpCloud for SSO and device management. - [SAML 2.0](https://pumagate.com/integrations/saml): Connect any SAML 2.0 compliant identity provider for enterprise SSO integration. - [OpenID Connect](https://pumagate.com/integrations/oidc): Connect any OpenID Connect provider for modern OAuth 2.0 based authentication. - [Splunk](https://pumagate.com/integrations/splunk): Forward session recordings and audit logs to Splunk for security analysis and compliance. - [Elastic SIEM](https://pumagate.com/integrations/elastic-siem): Stream access events to Elastic SIEM for threat detection and security analytics. - [Microsoft Sentinel](https://pumagate.com/integrations/microsoft-sentinel): Forward audit logs to Microsoft Sentinel for cloud-native SIEM and security orchestration. - [Datadog](https://pumagate.com/integrations/datadog-logs): Send access logs and session metadata to Datadog for observability and security monitoring. - [PagerDuty](https://pumagate.com/integrations/pagerduty): On-call access provisioning and access alerts through PagerDuty incident management. - [HashiCorp Vault](https://pumagate.com/integrations/hashicorp-vault): Dynamic credential injection with HashiCorp Vault for just-in-time secrets. - [AWS Secrets Manager](https://pumagate.com/integrations/aws-secrets-manager): Retrieve and inject credentials from AWS Secrets Manager for AWS-native deployments. - [Slack](https://pumagate.com/integrations/slack): Access request notifications and approvals through Slack for instant team communication. - [Microsoft Teams](https://pumagate.com/integrations/microsoft-teams): Access notifications and approvals through Microsoft Teams for Microsoft-centric organizations. - [AWS](https://pumagate.com/integrations/aws): Secure access to AWS EC2, RDS, and other resources without exposing them to the internet. - [Google Cloud](https://pumagate.com/integrations/gcp): Secure access to GCE, Cloud SQL, and GKE without exposing resources publicly. - [Microsoft Azure](https://pumagate.com/integrations/azure): Secure access to Azure VMs, Azure SQL, and AKS with Entra ID integration. - [Ping Identity](https://pumagate.com/integrations/ping-identity): Enterprise SSO and adaptive authentication with Ping Identity for secure Zero Trust access to infrastructure. - [Keycloak](https://pumagate.com/integrations/keycloak-idp): Open-source SSO and identity federation with Keycloak for self-hosted Zero Trust authentication. - [CyberArk Vault](https://pumagate.com/integrations/cyberark-vault): Privileged credential retrieval from CyberArk Vault for enterprise-grade secrets injection. - [Sumo Logic](https://pumagate.com/integrations/sumo-logic): Cloud-native log analytics and SIEM with Sumo Logic for real-time access event intelligence. - [IBM QRadar](https://pumagate.com/integrations/ibm-qradar): Enterprise SIEM integration with IBM QRadar for advanced threat detection on infrastructure access. - [ServiceNow](https://pumagate.com/integrations/servicenow): IT service management integration with ServiceNow for automated access request ticketing and approval workflows. - [Opsgenie](https://pumagate.com/integrations/opsgenie): Incident-driven access management with Opsgenie for on-call alerting and escalation workflows. - [New Relic](https://pumagate.com/integrations/new-relic): Full-stack observability with New Relic for monitoring infrastructure access performance and security events. - [CrowdStrike](https://pumagate.com/integrations/crowdstrike): Device trust and endpoint posture verification with CrowdStrike Falcon for context-aware access control. - [SailPoint](https://pumagate.com/integrations/sailpoint): Identity governance and access certification with SailPoint for lifecycle management and compliance. ## Comparisons - [PumaGate vs Teleport](https://pumagate.com/compare/teleport): Compare browser-based Zero Trust access with certificate-based infrastructure access. - [PumaGate vs StrongDM](https://pumagate.com/compare/strongdm): Compare browser-based access and visual session recordings with client-based access. - [PumaGate vs Tailscale](https://pumagate.com/compare/tailscale): Compare Zero Trust gateway access with VPN mesh for infrastructure security. - [PumaGate vs HashiCorp Boundary](https://pumagate.com/compare/boundary): Compare managed Zero Trust access with self-hosted identity-based access. - [PumaGate vs Cloudflare Access](https://pumagate.com/compare/cloudflare-access): Compare purpose-built infrastructure access with broad Zero Trust network access. - [PumaGate vs CyberArk](https://pumagate.com/compare/cyberark): Compare modern cloud-native access with traditional enterprise PAM. - [PumaGate vs Fortinet VPN (FortiClient)](https://pumagate.com/compare/fortinet-vpn): Compare true Zero Trust per-resource access with traditional VPN — plus how PumaGate differs from Fortinet's own ZTNA. - [PumaGate vs Forcepoint VPN Client](https://pumagate.com/compare/forcepoint): Compare PumaGate's Zero Trust gateway with Forcepoint's VPN client — and see how both differ from Forcepoint's own Zero Trust solution. - [PumaGate vs Zscaler Private Access (ZPA)](https://pumagate.com/compare/zscaler-zpa): Compare PumaGate's session-level Zero Trust with Zscaler ZPA's connection-level access — and see why session recording changes everything. - [PumaGate vs Cisco VPN (AnyConnect / Secure Client)](https://pumagate.com/compare/cisco-vpn): Compare PumaGate's Zero Trust gateway with Cisco AnyConnect — the world's most deployed VPN client — and see why Zero Trust is fundamentally safer. - [PumaGate vs Sophos Connect](https://pumagate.com/compare/sophos-connect): Compare PumaGate's architecture-level Zero Trust — browser-based, agentless, per-resource access — with Sophos Connect's VPN approach and Sophos ZTNA. - [PumaGate vs Ubiquiti Teleport](https://pumagate.com/compare/ubiquiti-teleport): Compare PumaGate's Zero Trust per-resource gateway with Ubiquiti Teleport's hardware-dependent network VPN — and see why Zero Trust is fundamentally safer. - [PumaGate vs Palo Alto GlobalProtect VPN](https://pumagate.com/compare/palo-alto-vpn): Compare PumaGate's architecture-level Zero Trust — browser-based, per-resource access with full session recording — with Palo Alto's appliance-dependent GlobalProtect VPN and Prisma Access ZTNA. - [PumaGate vs BeyondTrust](https://pumagate.com/compare/beyondtrust): Compare PumaGate's lightweight Zero Trust gateway with BeyondTrust's enterprise PAM suite — and see how modern access differs from legacy PAM. - [PumaGate vs Delinea (Thycotic)](https://pumagate.com/compare/delinea): Compare PumaGate's unified Zero Trust gateway with Delinea's Secret Server and Connection Manager — modern access vs traditional PAM. - [PumaGate vs Twingate](https://pumagate.com/compare/twingate): Compare PumaGate's browser-based, session-recorded access with Twingate's client-based network access — and see why session-level control matters. - [PumaGate vs Netskope Private Access](https://pumagate.com/compare/netskope): Compare PumaGate's focused Zero Trust gateway with Netskope's SASE-embedded private access — purpose-built vs part of a larger platform. - [PumaGate vs NordLayer](https://pumagate.com/compare/nordlayer): Compare PumaGate's session-level Zero Trust with NordLayer's VPN-first approach — and see how per-resource access with audit trails changes security. - [PumaGate vs Keeper Security](https://pumagate.com/compare/keeper-security): Compare PumaGate's Zero Trust access gateway with Keeper's connection manager — and see how integrated SSO, recording, and Zero Trust differ from vault-based access. - [PumaGate vs Pritunl](https://pumagate.com/compare/pritunl): Compare PumaGate's Zero Trust per-resource access with Pritunl's network-level VPN — and see why session recording and identity-based access change security fundamentally. ## Tools - [SSH Config Builder](https://pumagate.com/tools/ssh-config-generator): Visual SSH config generator with ProxyJump chains, wildcard patterns, and hardening best practices - [OpenSSH Hardening Generator](https://pumagate.com/tools/ssh-hardening-generator): sshd_config generator with security profiles for different OS and OpenSSH versions - [Database Connection String Builder](https://pumagate.com/tools/db-connection-builder): Connection string generator for PostgreSQL, MySQL, MongoDB, Redis, SQL Server with code snippets - [Linux User Provisioning Generator](https://pumagate.com/tools/user-provisioning-generator): Generate idempotent Linux user setup scripts with SSH keys, sudo policies, and group membership - [Firewall Rules Generator](https://pumagate.com/tools/firewall-rules-generator): Define access policies and export as iptables, nftables, ufw, AWS Security Group, or Terraform rules - [Access Review Report Builder](https://pumagate.com/tools/access-review-builder): Generate quarterly audit reports with automated findings for SOC 2, HIPAA, and PCI-DSS - [SSH Key Inventory Auditor](https://pumagate.com/tools/ssh-key-auditor): Analyze SSH public keys for algorithm strength, duplicates, and security recommendations - [Compliance Access Control Mapper](https://pumagate.com/tools/compliance-mapper): Cross-reference access control requirements across SOC 2, HIPAA, PCI-DSS, ISO 27001, and NIST 800-53 - [Incident Response Playbook Generator](https://pumagate.com/tools/incident-response-playbook): Step-by-step response procedures for access-related security incidents - [Infrastructure Attack Surface Analyzer](https://pumagate.com/tools/attack-surface-analyzer): Risk-scored assessment of exposed services with prioritized hardening roadmap - [AD User Audit PowerShell Generator](https://pumagate.com/tools/ad-user-audit-generator): PowerShell scripts to list Active Directory users by activity within configurable time windows - [AD Password Reset PowerShell Generator](https://pumagate.com/tools/ad-password-reset-generator): Bulk password reset scripts for Active Directory users with group filtering and policy controls - [AD Authentication Audit PowerShell Generator](https://pumagate.com/tools/ad-auth-audit-generator): PowerShell scripts to list authentication events for AD users across Domain Controllers - [AD User Creation PowerShell Generator](https://pumagate.com/tools/ad-user-creation-generator): Create fully-configured Active Directory users with all attributes in single or bulk CSV mode - [AD Hardening Audit PowerShell Generator](https://pumagate.com/tools/ad-hardening-audit-generator): Comprehensive Active Directory security assessment aligned with CIS Benchmarks and NIST 800-53 - [LDAP Authentication with OpenSSH Guide](https://pumagate.com/tools/ldap-openssh-guide): Complete guide to LDAP authentication for OpenSSH using SSSD, PAM, and public key lookup - [RBAC Policy Generator](https://pumagate.com/tools/rbac-policy-generator): Define roles, permissions, and resource access rules. Export as JSON, YAML, or policy documents - [Zero Trust Readiness Assessment](https://pumagate.com/tools/zero-trust-readiness-checker): Evaluate your organization's Zero Trust readiness with scored assessment and recommendations - [SSH Login Banner Generator](https://pumagate.com/tools/ssh-banner-generator): Create legal warning banners for /etc/issue, /etc/motd, and sshd_config with compliance templates - [Network ACL Generator](https://pumagate.com/tools/network-acl-generator): Build access control lists for iptables, AWS Security Groups, Azure NSG, and GCP firewall rules - [Password Policy Generator](https://pumagate.com/tools/password-policy-generator): Create enterprise password policies with complexity rules, rotation schedules, and compliance mappings - [MFA Readiness Assessment](https://pumagate.com/tools/mfa-readiness-checker): Evaluate MFA deployment readiness with recommendations for methods, rollout, and user communication ## Optional - [Terms of Service](https://pumagate.com/terms): Usage terms and conditions - [Privacy Policy](https://pumagate.com/privacy): How PumaGate collects, uses, and protects your data - [Service Level Agreement](https://pumagate.com/sla): 99.9% uptime commitment and support response times - [SSO for Oracle E-Business Suite](https://pumagate.com/sso/legacy-apps/oracle-ebs): Eliminate password sprawl and enforce centralized identity for Oracle EBS with PumaGate's reverse-proxy SSO. No Oracle customization required. - [SSO for SAP ECC](https://pumagate.com/sso/legacy-apps/sap-ecc): Unify SAP ECC authentication with your corporate IdP. PumaGate adds SAML/OIDC SSO to SAP GUI and SAP Web interfaces without modifying the SAP stack. - [SSO for HCL Domino (Lotus Notes)](https://pumagate.com/sso/legacy-apps/hcl-domino): Add modern SAML/OIDC SSO to HCL Domino web applications without modifying NSF databases or Domino server configuration. - [SSO for SharePoint Server (On-Premise)](https://pumagate.com/sso/legacy-apps/sharepoint-on-premise): Replace ADFS complexity with PumaGate's modern SSO for SharePoint Server on-premise. Support Okta, Google Workspace, and any IdP — not just Active Directory. - [SSO for PeopleSoft](https://pumagate.com/sso/legacy-apps/peoplesoft): Add SAML/OIDC SSO to PeopleSoft without PeopleSoft PIA changes. Eliminate WebLogic SAML complexity and replace Oracle Access Manager. - [SSO for Siebel CRM](https://pumagate.com/sso/legacy-apps/siebel-crm): Add modern SAML/OIDC SSO to Siebel CRM Open UI and legacy High Interactivity mode. No Siebel Tools changes, no Oracle Access Manager required. - [SSO for IBM WebSphere](https://pumagate.com/sso/legacy-apps/ibm-websphere): Protect IBM WebSphere applications with SAML/OIDC SSO via PumaGate's reverse-proxy gateway. No WebSphere security domain or TAI modifications required. - [SSO for Oracle WebLogic](https://pumagate.com/sso/legacy-apps/oracle-weblogic): Protect Oracle WebLogic applications with SAML/OIDC SSO using PumaGate's reverse-proxy gateway. No WebLogic security provider changes or application modifications required. - [SSO for SAP NetWeaver Portal](https://pumagate.com/sso/legacy-apps/sap-netweaver): Protect SAP NetWeaver Portal with SAML/OIDC SSO using PumaGate's reverse-proxy gateway. No SAP UME modifications or Java stack changes required. - [SSO for JD Edwards EnterpriseOne](https://pumagate.com/sso/legacy-apps/jd-edwards): Protect JD Edwards EnterpriseOne with SAML/OIDC SSO using PumaGate's reverse-proxy gateway. No JDE server code modifications or CNC configuration required. - [SSO for Microsoft Dynamics AX](https://pumagate.com/sso/legacy-apps/microsoft-dynamics-ax): Protect Microsoft Dynamics AX with SAML/OIDC SSO using PumaGate's reverse-proxy gateway. No AOS configuration changes or X++ modifications required. - [SSO for Sage X3](https://pumagate.com/sso/legacy-apps/sage-x3): Protect Sage X3 with SAML/OIDC SSO using PumaGate's reverse-proxy gateway. No Sage X3 application server modifications or custom development required. - [Secure Access for Jenkins](https://pumagate.com/sso/web-apps/jenkins): Protect Jenkins with PumaGate's authenticated reverse proxy. Add enterprise SSO via HTTP header authentication while shielding your CI/CD pipeline from CVEs and zero-day vulnerabilities. - [Secure Access for Grafana](https://pumagate.com/sso/web-apps/grafana): Secure Grafana with PumaGate's authenticated proxy. Enable SAML/OIDC SSO via Grafana's auth.proxy feature while protecting your monitoring dashboards from CVEs and unauthorized access. - [Secure Access for Kibana](https://pumagate.com/sso/web-apps/kibana): Add enterprise SSO to Kibana using PumaGate's authenticated reverse proxy. Shield your log analytics and SIEM data from CVEs while enforcing centralized identity controls. - [Secure Access for GitLab Self-Managed](https://pumagate.com/sso/web-apps/gitlab): Add enterprise SSO to self-managed GitLab using PumaGate's authenticated reverse proxy. Shield your source code, CI/CD pipelines, and container registry from CVEs and unauthorized access. - [Secure Access for SonarQube](https://pumagate.com/sso/web-apps/sonarqube): Secure SonarQube with PumaGate's authenticated proxy. Enable enterprise SSO via HTTP header authentication and protect your code security findings from unauthorized access. - [Secure Access for Apache Guacamole](https://pumagate.com/sso/web-apps/apache-guacamole): Migrate from Apache Guacamole to PumaGate's native RDP/VNC implementation. Get built-in Kerberos authentication, Protected User support, SAML/OIDC SSO, and session recording without the Guacamole/Tomcat stack. - [Secure Access for Jira Data Center](https://pumagate.com/sso/web-apps/jira-datacenter): Secure Jira Data Center with PumaGate's authenticated reverse proxy. Enable enterprise SSO via HTTP header authentication while shielding your project management data from CVEs. - [Secure Access for Confluence Data Center](https://pumagate.com/sso/web-apps/confluence-datacenter): Add enterprise SSO to Confluence Data Center using PumaGate's authenticated proxy. Protect internal documentation, runbooks, and sensitive knowledge from CVEs and unauthorized access. - [Secure Access for pgAdmin](https://pumagate.com/sso/web-apps/pgadmin): Add enterprise SSO to pgAdmin using PumaGate's authenticated reverse proxy. Protect PostgreSQL database administration from unauthorized access and zero-day vulnerabilities. - [Secure Access for Rundeck](https://pumagate.com/sso/web-apps/rundeck): Secure Rundeck with PumaGate's authenticated reverse proxy. Enable enterprise SSO via preauthenticated mode while shielding your operations automation from CVEs and unauthorized access. - [Secure Access for Harbor](https://pumagate.com/sso/web-apps/harbor): Add enterprise SSO to Harbor container registry using PumaGate's authenticated proxy. Protect your container supply chain from CVEs and unauthorized image push/pull operations. - [Secure Access for Zabbix](https://pumagate.com/sso/web-apps/zabbix): Secure Zabbix with PumaGate's authenticated reverse proxy. Enable enterprise SSO via HTTP authentication and shield your infrastructure monitoring from CVEs and unauthorized access. - [Secure Access for Nexus Repository](https://pumagate.com/sso/web-apps/nexus-repository): Protect Nexus Repository with PumaGate's authenticated reverse proxy. Enable enterprise SSO via HTTP header authentication and shield your artifact management from CVEs and supply chain attacks. - [Secure Access for Wiki.js](https://pumagate.com/sso/web-apps/wikijs): Secure Wiki.js with PumaGate's authenticated reverse proxy. Enable SAML/OIDC SSO via HTTP header authentication while protecting internal documentation from unauthorized access. - [Secure Access for Prometheus](https://pumagate.com/sso/web-apps/prometheus): Prometheus has no built-in authentication. PumaGate's authenticated reverse proxy adds enterprise SSO and blocks unauthenticated access to your metrics, targets, and alert rules. - [Secure Access for MinIO](https://pumagate.com/sso/web-apps/minio): Secure MinIO Console with PumaGate's authenticated reverse proxy. Enable enterprise SSO and shield your object storage infrastructure from CVEs and unauthorized data access. - [Secure Access for Portainer](https://pumagate.com/sso/web-apps/portainer): Secure Portainer with PumaGate's authenticated proxy. Enable enterprise SSO and protect your Docker and Kubernetes management interface from CVEs and unauthorized container operations. - [Secure Access for Apache Airflow](https://pumagate.com/sso/web-apps/airflow): Add enterprise SSO to Apache Airflow using PumaGate's authenticated proxy. Shield your data pipelines, DAGs, and connections from CVEs and unauthorized execution. - [Secure Access for Apache Superset](https://pumagate.com/sso/web-apps/superset): Secure Apache Superset with PumaGate's authenticated reverse proxy. Enable enterprise SSO via REMOTE_USER and shield your business intelligence data from CVEs and unauthorized access. - [Secure Access for Gitea](https://pumagate.com/sso/web-apps/gitea): Secure Gitea with PumaGate's authenticated reverse proxy. Enable enterprise SSO via reverse proxy authentication and protect your source code from CVEs and unauthorized access. - [Secure Access for Mattermost](https://pumagate.com/sso/web-apps/mattermost): Secure self-hosted Mattermost with PumaGate's authenticated proxy. Enable enterprise SSO via GitLab-style proxy headers and shield team communications from unauthorized access. - [Secure Access for Redmine](https://pumagate.com/sso/web-apps/redmine): Secure Redmine with PumaGate's authenticated reverse proxy. Enable enterprise SSO via REMOTE_USER header authentication and protect project data from unauthorized access. - [Secure Access for NetBox](https://pumagate.com/sso/web-apps/netbox): Secure NetBox with PumaGate's authenticated reverse proxy. Enable enterprise SSO via REMOTE_USER and shield your network documentation from unauthorized access. - [Secure Access for AWX / Ansible Automation Platform](https://pumagate.com/sso/web-apps/awx): Secure AWX with PumaGate's authenticated reverse proxy. Enable enterprise SSO and protect your Ansible automation, playbooks, and machine credentials from CVEs and unauthorized access. - [Secure Access for phpMyAdmin](https://pumagate.com/sso/web-apps/phpmyadmin): Secure phpMyAdmin with PumaGate's authenticated reverse proxy. Add enterprise SSO and protect MySQL/MariaDB administration from CVEs, SQL injection, and unauthorized database access. - [Secure Access for Argo CD](https://pumagate.com/sso/web-apps/argocd): Secure Argo CD with PumaGate's authenticated reverse proxy. Enable enterprise SSO and shield your GitOps deployment pipeline from CVEs and unauthorized application sync operations. - [Secure Access for n8n](https://pumagate.com/sso/web-apps/n8n): Secure self-hosted n8n with PumaGate's authenticated proxy. Enable enterprise SSO and protect your automation workflows, API credentials, and integrations from unauthorized access. - [Secure Access for HashiCorp Consul](https://pumagate.com/sso/web-apps/consul): Secure HashiCorp Consul's web UI with PumaGate's authenticated proxy. Enable enterprise SSO and shield service discovery, KV store, and mesh configuration from unauthorized access. - [Secure Access for HashiCorp Vault UI](https://pumagate.com/sso/web-apps/vault-ui): Add an extra security layer to HashiCorp Vault with PumaGate's authenticated proxy. Shield the Vault UI from zero-day exploits while providing seamless SSO for secrets management access. - [Secure Access for Rancher](https://pumagate.com/sso/web-apps/rancher): Add authenticated proxy protection to Rancher with PumaGate. Shield your Kubernetes cluster management interface from CVEs while providing seamless SSO and complete access auditing. - [Secure Access for Backstage](https://pumagate.com/sso/web-apps/backstage): Secure Backstage with PumaGate's authenticated reverse proxy. Enable enterprise SSO and shield your developer portal, service catalog, and TechDocs from unauthorized access. - [Secure Access for Outline](https://pumagate.com/sso/web-apps/outline): Secure self-hosted Outline with PumaGate's authenticated proxy. Enable enterprise SSO and protect your team's knowledge base, documents, and internal processes from unauthorized access. - [Secure Access for Uptime Kuma](https://pumagate.com/sso/web-apps/uptime-kuma): Secure Uptime Kuma with PumaGate's authenticated reverse proxy. Enable enterprise SSO and shield your uptime monitoring, alerts, and status pages from unauthorized access and zero-day exploits. - [Secure Access for WeKan](https://pumagate.com/sso/web-apps/wekan): Secure self-hosted WeKan with PumaGate's authenticated proxy. Enable enterprise SSO and protect your Kanban boards, project workflows, and team assignments from unauthorized access. - [Secure Access for Traefik Dashboard](https://pumagate.com/sso/web-apps/traefik-dashboard): Secure self-hosted Traefik Dashboard with PumaGate's authenticated proxy. Enable enterprise SSO and protect your reverse proxy configuration, routing rules, and TLS certificates from unauthorized access. - [Secure Access for Drone CI](https://pumagate.com/sso/web-apps/drone-ci): Protect self-hosted Drone CI with PumaGate's authenticated proxy. Enable enterprise SSO and shield your continuous integration pipelines from unauthorized access and zero-day exploits. - [Secure Access for Metabase](https://pumagate.com/sso/web-apps/metabase): Secure self-hosted Metabase with PumaGate's authenticated proxy. Enable enterprise SSO and protect your dashboards, SQL queries, and business data from unauthorized access. - [Secure Access for JupyterHub](https://pumagate.com/sso/web-apps/jupyterhub): Protect JupyterHub with PumaGate's authenticated proxy. Enable enterprise SSO and secure your data science notebooks, ML models, and research data with zero trust access controls. - [Secure Access for code-server (VS Code)](https://pumagate.com/sso/web-apps/code-server): Protect code-server with PumaGate's authenticated proxy. Enable enterprise SSO for browser-based VS Code and secure source code access with identity verification and session recording. - [Secure Access for BookStack](https://pumagate.com/sso/web-apps/bookstack): Secure self-hosted BookStack with PumaGate's authenticated proxy. Enable enterprise SSO and protect your internal knowledge base, runbooks, and documentation from unauthorized access. - [Secure Access for Keycloak Admin Console](https://pumagate.com/sso/web-apps/keycloak-admin): Protect the Keycloak Admin Console with PumaGate's authenticated proxy. Add an additional identity verification layer and shield your IAM infrastructure from zero-day exploits. - [Secure Access for Proxmox VE](https://pumagate.com/sso/web-apps/proxmox): Secure Proxmox VE with PumaGate's authenticated proxy. Enable enterprise SSO for your hypervisor management interface and protect VMs, containers, and storage with zero trust access. - [Secure Access for Semaphore UI](https://pumagate.com/sso/web-apps/semaphore-ui): Protect Semaphore UI with PumaGate's authenticated proxy. Enable enterprise SSO for your Ansible automation dashboard and secure playbook execution, inventories, and credentials. - [Secure Access for Authentik](https://pumagate.com/sso/web-apps/authentik): Protect the Authentik Admin interface with PumaGate's authenticated proxy. Add defense-in-depth security to your identity platform and shield admin operations from zero-day exploits. - [Secure Access for Node-RED](https://pumagate.com/sso/web-apps/node-red): Protect Node-RED with PumaGate's authenticated proxy. Enable enterprise SSO and secure your IoT workflows, API integrations, and automation flows from unauthorized access. - [Secure Access for Woodpecker CI](https://pumagate.com/sso/web-apps/woodpecker-ci): Protect Woodpecker CI with PumaGate's authenticated proxy. Enable enterprise SSO for your container-native CI/CD platform and secure build pipelines, secrets, and deployment workflows. - [Secure Access for NocoDB](https://pumagate.com/sso/web-apps/nocodb): Secure self-hosted NocoDB with PumaGate's authenticated proxy. Enable enterprise SSO and protect your databases, forms, and collaborative workspaces from unauthorized access. - [Secure Access for Homer Dashboard](https://pumagate.com/sso/web-apps/homer): Secure self-hosted Homer Dashboard with PumaGate's authenticated proxy. Protect your internal service directory, links, and infrastructure map from unauthorized access. - [Secure Access for OpenProject](https://pumagate.com/sso/web-apps/openproject): Protect self-hosted OpenProject with PumaGate's authenticated proxy. Enable enterprise SSO and secure your project plans, work packages, and Gantt charts from unauthorized access. - [SSH SSO for SSO for SSH on Ubuntu Server](https://pumagate.com/sso/ssh/ubuntu-server): Add SAML/OIDC Single Sign-On to SSH on Ubuntu Server. Replace SSH keys with identity-based authentication via your corporate IdP. Deploy via local agent or gateway SSH proxy. Shield unpatched Ubuntu servers from zero-day SSH vulnerabilities like regreSSHion. - [SSH SSO for SSO for SSH on RHEL](https://pumagate.com/sso/ssh/rhel): Add SAML/OIDC SSO to SSH on Red Hat Enterprise Linux (RHEL). Replace SSH keys with identity-based access via Okta, Azure AD, or any SAML/OIDC IdP. Deploy via local agent or gateway SSH proxy. Protect RHEL servers from SSH zero-day exploits. - [SSH SSO for SSO for SSH on Debian](https://pumagate.com/sso/ssh/debian): Add SAML/OIDC SSO to SSH on Debian Linux. Replace SSH keys with corporate identity authentication. Deploy via local agent or gateway SSH proxy. Protect Debian servers running legacy stable releases from SSH zero-day vulnerabilities. - [SSH SSO for SSO for SSH on CentOS / Rocky / Alma Linux](https://pumagate.com/sso/ssh/centos-rocky-alma): Add SAML/OIDC SSO to SSH on CentOS, Rocky Linux, and AlmaLinux. Replace SSH keys with identity-based access. Deploy via local agent or gateway SSH proxy. Protect CentOS 7 servers from SSH zero-day vulnerabilities during their extended lifecycle. - [SSH SSO for SSO for SSH on Amazon Linux](https://pumagate.com/sso/ssh/amazon-linux): Add SAML/OIDC SSO to SSH on Amazon Linux 2 and Amazon Linux 2023 EC2 instances. Move beyond AWS key pairs and EC2 Instance Connect. Deploy via local agent or gateway SSH proxy. Shield EC2 instances from SSH zero-day vulnerabilities. - [SSH SSO for SSO for SSH on SUSE Linux Enterprise](https://pumagate.com/sso/ssh/suse-linux): Add SAML/OIDC SSO to SSH on SUSE Linux Enterprise Server. Replace SSH keys with identity-based access for SAP HANA, HPC, and enterprise workloads. Deploy via local agent or gateway SSH proxy. Protect SLES servers from SSH zero-day vulnerabilities. - [SSH SSO for SSH Zero-Day Protection](https://pumagate.com/sso/ssh/ssh-zero-day-protection): Protect Linux servers running outdated OpenSSH from zero-day exploits like regreSSHion (CVE-2024-6387) and Terrapin (CVE-2023-48795). PumaGate's gateway SSH proxy shields sshd from direct exploitation — patch on your schedule, not the attacker's. - [SSH SSO for Replace SSH Keys with Identity-Based Access](https://pumagate.com/sso/ssh/replace-ssh-keys): Replace static SSH keys with SAML/OIDC-authenticated short-lived certificates. Eliminate authorized_keys management, key rotation, and orphan key cleanup. PumaGate issues certificates after IdP authentication — keys expire automatically. - [SSH SSO for SSH Session Recording & Compliance](https://pumagate.com/sso/ssh/ssh-session-recording): Record every SSH session with identity-verified metadata. Replay sessions keystroke-by-keystroke for compliance, forensics, and incident response. Meet SOC 2, HIPAA, PCI DSS, and ISO 27001 requirements for privileged access auditing on Linux servers. - [SSH SSO for SSH MFA Enforcement](https://pumagate.com/sso/ssh/ssh-mfa-enforcement): Require MFA (Duo, FIDO2, push notification, biometrics) for every SSH session to Linux servers. Enforce your IdP's MFA policies on SSH without per-server configuration. Deploy via local agent or gateway SSH proxy. - [SSH SSO for Certificate Authority](https://pumagate.com/sso/ssh/ssh-certificate-authority): PumaGate operates a built-in certificate authority that issues short-lived certificates after SAML/OIDC authentication. Certificates expire automatically, eliminating SSH key rotation, authorized_keys management, and orphan access. Enterprise SSH PKI without the complexity. - [SSH SSO for SSH Access for Contractors & Third Parties](https://pumagate.com/sso/ssh/ssh-for-contractors): Grant contractors and third-party vendors temporary SSH access to Linux servers with automatic expiration. No SSH keys to distribute, share, or clean up. Identity-verified, MFA-protected, fully recorded SSH sessions. Revoke access instantly when the engagement ends. - [SSH SSO for SSO for SSH on Fedora](https://pumagate.com/sso/ssh/fedora): Add SAML/OIDC Single Sign-On to SSH on Fedora. Replace SSH keys with identity-based authentication via your corporate IdP. Deploy via local agent or gateway SSH proxy. Stay ahead of SSH zero-days on Fedora's fast-moving release cycle. - [SSH SSO for SSO for SSH on Oracle Linux](https://pumagate.com/sso/ssh/oracle-linux): Add SAML/OIDC Single Sign-On to SSH on Oracle Linux. Replace SSH keys with identity-based authentication via your corporate IdP. Deploy via local agent or gateway SSH proxy. Protect Oracle Database and enterprise application servers from SSH zero-day exploits. - [SSH SSO for SSO for SSH on Alpine Linux](https://pumagate.com/sso/ssh/alpine-linux): Add SAML/OIDC Single Sign-On to SSH on Alpine Linux. Replace SSH keys with identity-based authentication via your corporate IdP. Deploy via gateway SSH proxy for container hosts and minimal Alpine installations. Protect Alpine-based infrastructure from SSH zero-day vulnerabilities. - [SSH SSO for SSO for SSH on Arch Linux](https://pumagate.com/sso/ssh/arch-linux): Add SAML/OIDC Single Sign-On to SSH on Arch Linux. Replace SSH keys with identity-based authentication via your corporate IdP. Deploy via local agent or gateway SSH proxy. Secure rolling-release workstations and servers from SSH zero-day vulnerabilities. - [SSH SSO for SSO for SSH on Kali Linux](https://pumagate.com/sso/ssh/kali-linux): Add SAML/OIDC Single Sign-On to SSH on Kali Linux. Replace SSH keys with identity-based authentication for penetration testing labs and security infrastructure. Deploy via local agent or gateway SSH proxy. Enforce MFA and session recording on sensitive security operations. - [SSH SSO for SSO for SSH on FreeBSD](https://pumagate.com/sso/ssh/freebsd): Add SAML/OIDC Single Sign-On to SSH on FreeBSD. Replace SSH keys with identity-based authentication via your corporate IdP. Deploy via gateway SSH proxy for network appliances and servers, or local agent for FreeBSD systems with persistent installations. Protect FreeBSD infrastructure from SSH zero-day vulnerabilities. - [RDP SSO for Windows Server 2022 RDP SSO](https://pumagate.com/sso/rdp/windows-server-2022): Replace password-based RDP logins on Windows Server 2022 with enterprise SAML/OIDC Single Sign-On. Deploy via local agent or gateway-powered RDP proxy. Enforce MFA, record sessions, and unify access controls. - [RDP SSO for Windows Server 2019 RDP SSO](https://pumagate.com/sso/rdp/windows-server-2019): Add enterprise SSO to Windows Server 2019 RDP sessions. Authenticate via your corporate IdP instead of AD passwords. Deploy with local agent or gateway RDP proxy for agentless coverage. - [RDP SSO for Windows Server 2016 RDP SSO](https://pumagate.com/sso/rdp/windows-server-2016): Add modern SSO to Windows Server 2016 RDP. Replace AD password authentication with SAML/OIDC from any IdP. Shield aging infrastructure from RDP exploits via gateway proxy. - [RDP SSO for Windows Server 2012 R2 RDP SSO](https://pumagate.com/sso/rdp/windows-server-2012-r2): Windows Server 2012 R2 is end-of-life. Shield its RDP from zero-day exploits with PumaGate's gateway RDP proxy. Add SAML/OIDC SSO without installing anything on the server. - [RDP SSO for Windows Server 2008 R2 RDP Protection](https://pumagate.com/sso/rdp/windows-server-2008-r2): Windows Server 2008 R2 has been end-of-life since January 2020. Protect its RDP from BlueKeep, DejaBlue, and future zero-days with PumaGate's gateway RDP proxy. No agent required. - [RDP SSO for Azure AD / Entra ID RDP SSO](https://pumagate.com/sso/rdp/azure-ad-entra-id): Connect Azure AD / Microsoft Entra ID to Windows Server RDP via PumaGate. Enforce Conditional Access, MFA, and session recording on every RDP connection — without Azure AD Premium NPS complexity. - [RDP SSO for Okta SAML SSO for Windows RDP](https://pumagate.com/sso/rdp/okta-rdp-sso): Use Okta as your identity provider for Windows Server RDP access. PumaGate bridges Okta SAML/OIDC to RDP authentication with MFA enforcement, session recording, and centralized access policies. - [RDP SSO for RDP Zero-Day & BlueKeep Protection](https://pumagate.com/sso/rdp/rdp-bluekeep-zero-day-protection): Protect Windows servers from RDP zero-day vulnerabilities (BlueKeep CVE-2019-0708, DejaBlue, CVE-2024-38077) with PumaGate's gateway RDP proxy. No unauthenticated RDP traffic reaches your servers. - [RDP SSO for RDP Session Recording with SSO](https://pumagate.com/sso/rdp/rdp-session-recording): Capture visual recordings of every Windows RDP session with full identity context. Replay frame-by-frame for compliance, forensics, and training. SSO-authenticated — every recording is tied to a verified identity. - [RDP SSO for MFA for Windows RDP via SSO](https://pumagate.com/sso/rdp/rdp-mfa-enforcement): Add MFA to Windows Server RDP without NPS, RADIUS, or Azure AD Premium. PumaGate enforces your IdP's MFA (Duo, FIDO2, push, biometrics) on every RDP connection via SAML/OIDC SSO. - [RDP SSO for RDP Access Compliance](https://pumagate.com/sso/rdp/rdp-compliance-soc2-hipaa-pci): Achieve compliance for Windows RDP access with identity-verified SSO, MFA enforcement, session recording, and centralized audit trails. Satisfy SOC 2 CC6, HIPAA, PCI DSS 10.2, and ISO 27001 controls. - [RDP SSO for Replace RDP Jump Boxes with SSO Gateway](https://pumagate.com/sso/rdp/rdp-gateway-jumpbox-replacement): Eliminate RDP jump boxes and bastion hosts. PumaGate's gateway RDP proxy provides SAML/OIDC SSO, MFA, session recording, and zero-day protection — without managing jump servers. - [RDP SSO for RDP Ransomware Prevention](https://pumagate.com/sso/rdp/rdp-ransomware-prevention): RDP is the initial access vector in over 50% of ransomware attacks. PumaGate eliminates this risk with identity-verified SSO, MFA enforcement, and gateway-based RDP isolation. - [Database SSO for SSO for PostgreSQL](https://pumagate.com/sso/database/postgresql): Add SAML/OIDC Single Sign-On to PostgreSQL database connections. Replace shared database passwords with identity-based access via your corporate IdP. Every query is tied to an individual identity with full audit trail. - [Database SSO for SSO for MySQL / MariaDB](https://pumagate.com/sso/database/mysql): Add SAML/OIDC Single Sign-On to MySQL and MariaDB database connections. Replace shared database passwords with identity-based access. Full query audit trail with individual accountability. - [Database SSO for SSO for MongoDB](https://pumagate.com/sso/database/mongodb): Add SAML/OIDC Single Sign-On to MongoDB connections. Replace shared connection strings with identity-based access. Full query audit trail with individual accountability for every operation. - [Database SSO for SSO for Microsoft SQL Server](https://pumagate.com/sso/database/microsoft-sql-server): Add SAML/OIDC Single Sign-On to Microsoft SQL Server connections. Replace shared SA passwords with identity-based access. Full query audit trail with individual accountability for every T-SQL statement. - [Database SSO for SSO for Oracle Database](https://pumagate.com/sso/database/oracle): Add SAML/OIDC Single Sign-On to Oracle Database connections. Replace shared schema passwords with identity-based access. Full SQL audit trail with individual accountability for SOX, HIPAA, and PCI DSS. - [Database SSO for SSO for Elasticsearch](https://pumagate.com/sso/database/elasticsearch): Add SAML/OIDC Single Sign-On to Elasticsearch connections. Replace shared API keys and basic auth with identity-based access. Full query audit trail with individual accountability for every REST API call. - [Database SSO for SSO for Redis](https://pumagate.com/sso/database/redis): Add SAML/OIDC Single Sign-On to Redis connections. Replace shared AUTH passwords with identity-based access via your corporate IdP. Full command audit trail with individual accountability. - [Database SSO for SSO for CockroachDB](https://pumagate.com/sso/database/cockroachdb): Add SAML/OIDC Single Sign-On to CockroachDB connections. Replace database credentials with identity-based access. Full SQL audit trail with individual accountability. - [Database SSO for SSO for Apache Cassandra](https://pumagate.com/sso/database/cassandra): Add SAML/OIDC Single Sign-On to Apache Cassandra connections. Replace shared credentials with identity-based access. Full CQL audit trail with individual accountability. - [Database SSO for SSO for ClickHouse](https://pumagate.com/sso/database/clickhouse): Add SAML/OIDC Single Sign-On to ClickHouse connections. Replace shared credentials with identity-based access. Full SQL audit trail for analytics query accountability. - [Database SSO for SSO for Neo4j](https://pumagate.com/sso/database/neo4j): Add SAML/OIDC Single Sign-On to Neo4j connections. Replace shared credentials with identity-based access. Full Cypher query audit trail with individual accountability. - [Database SSO for SSO for InfluxDB](https://pumagate.com/sso/database/influxdb): Add SAML/OIDC Single Sign-On to InfluxDB connections. Replace API tokens with identity-based access. Full query audit trail for time-series data with individual accountability. - [VNC SSO for Proxmox VE VNC SSO](https://pumagate.com/sso/vnc/proxmox-ve): Replace shared passwords and unauthenticated VNC ports on Proxmox VE with enterprise SAML/OIDC Single Sign-On. Enforce MFA, record every console session, and eliminate direct VNC port exposure. - [VNC SSO for Ubuntu Desktop VNC SSO](https://pumagate.com/sso/vnc/ubuntu-desktop): Replace VNC password-only authentication on Ubuntu desktops with enterprise SAML/OIDC SSO. Enforce MFA, encrypt all sessions, and eliminate unprotected VNC port exposure. - [VNC SSO for RHEL Workstation VNC SSO](https://pumagate.com/sso/vnc/rhel-workstation): Replace VNC password authentication on RHEL and CentOS workstations with enterprise SAML/OIDC SSO. Enforce MFA, record sessions, and eliminate exposed VNC ports for remote administration. - [VNC SSO for TigerVNC Server SSO](https://pumagate.com/sso/vnc/tigervnc): Replace TigerVNC's weak password authentication with enterprise SAML/OIDC SSO. Enforce MFA, record every session, and eliminate direct VNC port exposure across your Linux server fleet. - [VNC SSO for Raspberry Pi VNC SSO](https://pumagate.com/sso/vnc/raspberry-pi): Replace RealVNC password authentication on Raspberry Pi with enterprise SAML/OIDC SSO. Enforce MFA, record sessions, and secure headless Pi management without exposing VNC ports. - [VNC SSO for macOS Screen Sharing VNC SSO](https://pumagate.com/sso/vnc/macos-screen-sharing): Replace macOS Screen Sharing's password-based VNC authentication with enterprise SAML/OIDC SSO. Enforce MFA, record sessions, and eliminate direct VNC port exposure on Mac endpoints.