Let vendors in. Keep your directory—and your sanity—intact.
Contractors, vendors, and MSPs need real access to do real work. The usual tradeoffs—AD account sprawl, standing VPN profiles, a screenshot of a password on someone's desktop—are where breaches start. Wardengate gives external users a narrow, temporary path in, with every session attributed to the human who actually connected.
Time-bound by default
Every vendor session has a start, an end, and an auto-revoke. Nothing lingers, nothing requires a calendar reminder to clean up.
Nothing to install
External users connect through a browser or a standard client. No endpoint agent, no VPN profile, no support ticket with a contractor's laptop.
Attribution without sprawl
External identities stay in their own plane. You do not create an AD user per contractor, and you do not lose the connection back to a named human.
Vendor access with a built-in expiration date
From the invite email to the automatic revoke, every step of a third-party engagement is mediated by the gateway. Nothing outlives the grant, and nothing short-circuits the approval chain.
Lifecycle phases
Vendor invite
external IdPEmail invite links to an external identity — no AD account, no VPN profile
Scoped policy
target · verb · timeTarget, protocol, verbs, and duration — defined before anyone connects
Named approval
named reviewerA reviewer on your side confirms scope and window before the session starts
Auto offboard
revoke · rotateGrant expires, sessions terminate, credentials rotate — no calendar reminder
Nothing outlives the grant
When the window closes, sessions end and credentials rotate — without someone chasing a calendar reminder or a partner who forgot to delete their key.
External access path
Grant activeContractors, vendors, and MSP engineers stay in their own identity plane.
Scoped policy and brokered sessions — the only path into your estate.
Named approvers gate entry; a timer ends the grant without a human chasing it.
Brokered session
Time-bound, recorded, credential-injected at the gateway
Clean attribution
Every connection tied to the named external engineer who connected
Zero directory sprawl
External identities stay outside your domain — no contractor AD accounts
Audit-ready record
Approval metadata travels with the session for investigations and reviews
Who it's for
One gateway pattern, three external access profiles
Contractors, vendors, and MSPs arrive with different contracts and cadences. Wardengate applies the same brokered model to all of them — scoped grants, named approval, automatic expiry.
Contractors
Project-scopedDatabase consultants, integrators, and implementation partners who need narrow access for a declared window — then leave.
Vendors
Ticket-boundSoftware vendors supporting production systems under an active change ticket, with approvers who know the work.
MSPs
Engineer-attributedManaged service providers whose whole team used to share one service account — now each engineer connects as themselves.
The third-party trust tax
External access is where well-run environments quietly unravel
The systems that govern employees—identity provider, endpoint policy, access reviews—rarely reach external users cleanly. So teams improvise: a spare AD account, a shared jump host password, a quick firewall rule that nobody ever writes down. Each shortcut is reasonable in isolation, and together they are the biggest unmanaged risk in most estates.
The shortcut stack
How external access usually gets improvised
- Spare AD accountNever reviewed
- Shared jump host passwordRotated never
- Quick firewall ruleUndocumented
- Contractor moves onAccess lingers
With Wardengate
One brokered path, one approval chain, one offboard action — no parallel accounts or forgotten credentials.
Accounts that outlive engagements
The vendor finished the project six months ago. Their AD account is still enabled, their VPN profile still works, and nobody can say for certain what it has access to.
Shared credentials for the MSP
The managed service provider logs in as svc-msp on fifty hosts. Every engineer on their team is the same user to your logs, and rotating that password takes a change window.
Opaque remote tools
Contractors bring their own remote-access software. Your security team has no visibility into what it does, what it connects to, or what it captures on the way.
Approval by email thread
Who authorized Friday night maintenance on the ERP database? The answer is somewhere in a mailbox, nobody is quite sure which one, and the engineer has already moved on.
Credential lifecycle
Time-bound credentials, zero-install access, clean attribution
A single workflow covers the full lifecycle of third-party access— from the moment a vendor is invited to the moment their engagement ends.
Provision without directory sprawl
Invite a contractor by email. They authenticate through their own IdP or a lightweight external identity—Wardengate links the session to that identity without creating a domain account inside your estate.
Scope the grant narrowly
Access is defined by target, protocol, and verbs—not by group membership. A database vendor gets read-only SQL on one schema, for four hours, on the two hosts that actually matter.
Inject credentials at connect time
The gateway brokers the real credentials. The contractor never sees the password, the key, or the connection string. When the grant expires, there is nothing sitting on their laptop to leak.
Offboard in one click
Revoking a vendor is a policy change, not a hunt across systems. Active sessions terminate, pending approvals are voided, and the attribution trail stays intact for the audit file.
Why it holds up
The gateway is the only path to the target. External users cannot route around it, because there is no parallel account, no standing tunnel, and no shared secret to reuse.
When the engagement ends or the contract changes, offboarding is enforced centrally. You are not relying on a partner to delete credentials they were supposed to have deleted six months ago.
Approval workflows
A real approval chain, not an email and a fingers-crossed emoji
Every external session starts from a named request and a named approver. The approval metadata travels with the session record, so months later there is no question about who authorized what.
Planned maintenance windows
Vendors request access to specific systems for a declared window. Named approvers on your side confirm the work, the scope, and the duration before a single session starts.
Urgent support calls
When a priority-one ticket lands at 2 a.m., an on-call approver can grant scoped access in under a minute from a mobile device—with the full approval record attached to the session.
Continuous MSP operations
For long-running engagements, standing policies let the MSP request bounded access per task. Each connection is still attributed to the specific engineer, with their identity and the approval ticket on record.
Offboarding
The offboarding story your contracts already assume is true
Every vendor contract promises prompt removal of access when the engagement ends. In practice, that removal depends on someone remembering to disable a dozen accounts scattered across systems. Wardengate centralizes the grant, so removing it is one change in one place.
What happens at revocation
- Active sessions terminate immediately—no waiting for a directory sync to propagate.
- Pending approval requests are voided and annotated with the reason.
- Brokered credentials are rotated so any captured material stops working.
- The historical session record stays intact for audit, investigation, and contractual review.
What your team stops doing
- Chasing down forgotten AD accounts when a vendor moves on.
- Rotating shared service passwords because an MSP engineer rolled off.
- Guessing whether that contractor still has VPN access.
- Explaining to the auditor why a disabled user appears in last month's SSH logs.
Related
External access sits inside a broader control story
Zero Trust
Continuous verification for every privileged session — people, pipelines, and partners.
ExploreCompliance
Structured evidence exports for SOC 2, HIPAA, PCI-DSS, and the audits vendors trigger.
ExploreCase studies
How teams retired contractor account sprawl and simplified vendor access reviews.
ExploreExternal access, cleanly
Retire the contractor-account graveyard
Walk through your current vendor-access workflow with our team and see how quickly a brokered model can replace it.