Platform

Privileged Identity Management

Standing administrator access is one of the most common gaps in enterprise identity programs. Replace it with time-bound elevation, separation of duties, and automatic cleanup when the window closes.

The Lifecycle Your Auditors Expect

Users select role, duration, and business justification, with optional ticket reference and scheduled start. Approvers receive email, Microsoft Teams message, or both.

Approve or deny from the admin console, User Portal, or Teams adaptive card. Custodeum assigns the entitlement automatically, holds the active window, supports extension requests, and revokes at end time, with every step logged.

Request

Role & duration

Approve

Portal or Teams

Grant

Auto-assigned

Active

Time-bound window

Extend

Optional renewal

Revoke

Auto at expiry

Multi-System, One Person

The same employee may hold privileged accounts across Okta, Entra, and Active Directory. Custodeum binds them to a single login with eligibility and approvers configured per system.

  • Okta admin roles and privileged groups
  • Entra directory roles
  • AD privileged groups via agent
  • Google Workspace where enabled
Approval Everywhere

Approvers act without admin console access from the User Portal, Microsoft Teams adaptive cards, or the full operator view.

  • User Portal PIM Approvals
  • Teams Self-Service Request Hub
  • Separation of duties enforced
  • Requesters cannot approve own requests
Ticketing as Evidence

Attach existing ServiceNow or Jira tickets or create them automatically on request, grant, and revoke.

  • Catalog variable mapping
  • Extension requests reuse original ticket
  • ITSM stays system of record
Administration & Audit

Global settings, per-system eligibility rules, privileged account inventory, and filterable audit log with approver identity on every decision.

  • Emergency break-glass paths
  • Vault integration for checkout
  • Scheduled and extension requests
  • Exportable CSV audit log

Why PIM Belongs in Your Identity Operations Platform

Point solutions for privileged access often sit outside governance and support workflows. Custodeum PIM shares the same identity model, Teams notification fabric, ticketing integrations, and audit store as campaigns, automation, and delegated support in one operational layer, not another silo.

Governance
Automation
Support
Teams
PIM
Audit

One identity model, one audit store, not another privileged-access silo

See User Portal Self-Service See Microsoft Teams Integration Explore Security & Access Audit & Compliance