Privileged Access Management
Agent-based architecture. Vendor's product centrally manages credentials for access to target servers.
Long-lived end-user credentials are authorized and authenticated before being transparently swapped out for unique, often single-use or limit-limited credentials which grant temporary access to target servers. Some vendors may offer protocol aware features like session recording and playback.
Products often assume different all areas of the network be connected and routable such that clients have a network pathway available to reach target servers.