Skip to content
Delinea Blog > Why We're Acquiring StrongDM: Bringing Continuous Authorization to the Delinea Platform

Why We're Acquiring StrongDM: Bringing Continuous Authorization to the Delinea Platform

Published January 2026
Read time 6 minutes
What you will learn
StrongDM solves the problem of extending privileged access into environments where traditional session-based controls simply don't fit in a way that aligns with our direction for the Delinea Platform.

When my team evaluated StrongDM, we weren't looking for another secrets manager or another vault. We were looking for technology that could extend privileged access into environments where traditional session-based controls simply don't fit—CI/CD pipelines, Kubernetes clusters, ephemeral infrastructure, and increasingly, autonomous AI agents making thousands of access decisions without human intervention.

StrongDM solves that problem in a way that aligns with our direction for the Delinea Platform. Here's why this acquisition matters and what it will mean for our customers.

The problem we're solving

Traditional PAM was designed for humans logging into systems. You authenticate, establish a session, and maintain standing access until that session ends. That model works well for interactive use cases, and it's not going away—it remains foundational to how Delinea protects privileged access today.

But modern infrastructure doesn't wait for humans. A CI/CD pipeline deploying to production at 2 AM doesn't have someone available to approve access. A Kubernetes pod spinning up needs credentials immediately, and it'll be gone in minutes. An AI agent executing a multi-step workflow might need to access databases, APIs, and cloud resources in rapid succession, each action requiring different permissions.

Organizations have tried to solve this by over-provisioning service accounts, embedding long-lived credentials in code, or creating broad IAM roles that violate least privilege. These are security risks masquerading as operational necessities.

StrongDM takes a different approach: continuous, JIT runtime authorization evaluated at the moment of action, not at session establishment.

What makes StrongDM different

Authorization at the protocol level

Most access control systems make a binary decision at connection time: can this identity access this resource? Once you're in, you're in.

StrongDM evaluates authorization continuously, down to the data inside the protocol. For a database connection, this means policies can govern not just whether you can connect, but which tables you can query, which rows match your authorization context, and which operations you can perform—evaluated in real-time as each query executes.

This granularity matters enormously for agentic AI. When an autonomous agent is executing a complex workflow, you don't want to grant it broad database access and hope it behaves. You want each action the agent takes to be authorized independently, scoped to exactly what that specific operation requires. If the agent attempts to access data outside its authorized scope, the request fails immediately—not after a post-hoc audit finds the violation.

StrongDM's Cedar-based policy engine makes this practical. Cedar, developed by AWS and used in their Verified Permissions service, provides a policy language that's both expressive enough for complex authorization logic and fast enough to evaluate inline without adding latency to every request. Policies are defined declaratively, version-controlled, and testable—which matters when you're governing thousands of automated decisions per minute.

Built for engineers, not against them

One thing that stood out in our evaluation: StrongDM was clearly built by people who understand how engineers actually work.

There's no heavyweight agent to deploy. CLI workflows that DevOps teams already use continue to work—StrongDM integrates via lightweight proxies and SDK hooks that feel native to the toolchain. Engineers don't need to learn a new workflow or wait for tickets to get access to do their jobs. They authenticate once, and authorization happens transparently based on what they're actually trying to do.

For IT administrators, policy management is centralized but not bureaucratic. You define authorization policies in Cedar, attach them to identity contexts, and they apply consistently whether the access is coming from a human engineer, a CI/CD pipeline, or an AI agent. When something doesn't work, the audit trail tells you exactly why—which policy denied the request, what context was evaluated, and what would need to change.

This ease of use isn't a nice-to-have. It's essential for adoption. Security tools that create friction get bypassed. We've seen it countless times: teams embedding credentials in environment variables, sharing service accounts, or creating overly permissive IAM roles because the "secure" path was too slow. StrongDM removes that excuse by making the secure path the easy path.

Unified visibility through the identity graph

StrongDM's authorization decisions will feed directly into Delinea's identity graph, providing centralized visibility into access patterns across your entire estate.

This means security teams will get a unified view of who—and what—is accessing privileged resources, whether that's a human administrator using Secret Server, a DevOps engineer accessing cloud infrastructure through StrongDM, or an AI agent executing automated workflows. You can answer questions like:

  • Which service accounts have accessed production databases this week?
  • What permissions has this AI agent actually used versus what it was granted?
  • Which CI/CD pipelines have access to secrets they've never retrieved?

This visibility is critical for governance. You can't enforce least privilege if you don't know what access is actually being used. The identity graph gives compliance teams the audit trail they need while giving security teams the intelligence to identify over-provisioned access and potential threats.

How this fits our platform vision

At Delinea, we've been building a new class of identity security platform—one that governs privileged access across humans, machines, and AI systems. StrongDM will accelerate that vision by filling a critical capability gap.

Our existing platform excels at vault-based secrets management, session-based privileged access, and governance for human-driven workflows. StrongDM will extend those capabilities into continuous, always-on environments where access is ephemeral, high-velocity, and increasingly autonomous.

The integration points are natural:

  • Secret Server continues to be the authoritative vault for secrets, and with StrongDM will provide just-in-time delivery to workloads that need them.
  • Privilege Manager governs endpoint access, while StrongDM will govern infrastructure and data access for automated workloads.
  • Platform Services will provide the identity graph and policy management layer that spans both human and machine access.

This isn't a bolt-on acquisition. It's a strategic addition that will extend our core platform into environments we couldn't adequately address before.

What this means for customers

For DevOps and Platform Engineering teams: You will get secure access to infrastructure, databases, and cloud resources without changing how you work.  Pipelines keep running. Automation stays fast. The security team becomes an enabler of secure access that is governed by policy, not tickets, and doesn’t delay critical DevOps and engineering workloads. 

For Security and Compliance teams: You will get centralized visibility and policy control across all privileged access, including the automated workloads that have historically been blind spots. Audit trails are complete.  Least privilege is enforceable. Governance can effectively scale with automation. 

For organizations adopting AI: You will strengthen your foundation for governing agentic systems that increasingly require privileged access to perform useful work. As AI agents become more autonomous, the ability to authorize each action in real-time—not just grant broad access and hope for the best—becomes essential.

Looking ahead

The transaction is currently expected to close in Q1, subject to customary approvals, including regulatory review. Until then, Delinea, and StrongDM remain separate and independent companies. We will use the regulatory review period to plan our roadmap. Expect to see StrongDM capabilities appearing in the Delinea Platform shortly after close.

If you're interested in early access or want to discuss how StrongDM fits your environment, reach out to your Delinea account team or visit https://delinea.com/events/webinars/delinea-and-strongdm-technical-deep-dive-ams.

Privileged access is evolving. The organizations that thrive will be those that can secure automation, AI, and always-on infrastructure without sacrificing the speed that makes modern engineering possible. That's what we're building.

Related Topics
Related Posts
Delinea + StrongDM: Redefining Identity Security for the Agentic AI Era
Best practices for managing access controls in your ERP System
Session recording now available within the Delinea Platform