Understand the platform before you deploy
Conceptual guides for architects and security leads — how the control plane fits together, how authorization works, and how each protocol path is brokered. For install steps and admin tasks, continue in documentation.
Platform
Platform guides
- Platform
Platform architecture
Layered control plane: gateway connectors, policy engine, recording pipeline, and audit store.
- Platform
Deployment models
Standalone, active/standby, horizontal scale, and multi-region gateway — when each fits.
- Quickstart
Your first privileged session
Fifteen-minute path from install to a brokered, recorded, identity-bound session.
- Platform
Session authorization model
How users, targets, accounts, protocols, and time windows combine into enforceable grants.
- Platform
Command & connection control
Block, approve, or mask high-risk commands and connections before they execute.
Capabilities
Capabilities guides
- Capability
Identity-bound policy
Entitlements follow people and roles from your IdP — not network location or shared accounts.
- Capability
Just-in-time access
Time-bound, approval-gated elevation with automatic revocation when the window closes.
- Capability
Secrets brokering
Inject credentials at connect time — operators never see or hold standing secrets.
Evaluating alternatives?
See how Wardengate compares
Head-to-head guides for VPN, legacy PAM, bastions, and other privileged access patterns.