Anchor Connect
Anchor Connect brokers approved access between users and target resources. It keeps session launch, target context, lifecycle status, and evidence connected to Anchor’s control plane.
The component is meant to replace the messy access paths that grow around privileged systems over time. Users get a cleaner browser-first session path, while security teams keep the session tied to policy, resource context, and audit evidence.
Anchor Connect
Brokered access keeps sessions tied to policy and audit context.
User Access request
Engine Policy decision
Connect Brokered session path
Target Managed resource
Evidence Session lifecycle
What It Does
Section titled “What It Does”- Receives approved launch context from Anchor Engine.
- Brokers sessions to target resources through a controlled access path.
- Keeps session lifecycle events tied to users, resources, accounts, and policy decisions.
- Supports browser-first privileged access workflows.
- Provides a cleaner access model than unmanaged jump paths and disconnected proxy tools.
Why It Matters
Section titled “Why It Matters”The sales point is not “another proxy.” The value is that session access is governed by the same model that understands the user, resource, account, scope, policy, and reason for access.
| Legacy PAM or IAM pattern | Common gap | Anchor Connect approach |
|---|---|---|
| Jump hosts and proxy tools are managed separately from policy and inventory. | Session access works, but request reason, target context, and audit trail are fragmented. | Anchor Connect keeps brokered sessions tied to Anchor Engine decisions and resource context. |
| IAM grants access to a system or group, then leaves session behavior to other tools. | Standing privilege and unmanaged session paths can persist longer than intended. | Anchor Connect supports policy-gated, session-oriented access with lifecycle evidence. |
| Proxy estates become their own administration problem. | Teams scale access paths, logging, and support separately from the PAM model. | Connect provides a focused session boundary that remains attached to Anchor policy and evidence. |
High-Level Security Controls
Section titled “High-Level Security Controls”| Control | Anchor Connect posture |
|---|---|
| Policy gate | Sessions require approved launch context from Anchor Engine. |
| Boundary control | Connect is documented as a controlled component boundary, not a public network map. |
| Lifecycle evidence | Session start, status, termination, actor, and target context remain reviewable. |
| Access path clarity | Users launch approved sessions without relying on unmanaged jump paths. |
| Technical depth | Public docs explain the brokered access model; registered technical materials cover customer-specific runbooks. |