Equipment vendors, system integrators, and managed service providers need access to your OT systems. But giving them the keys to your kingdom isn’t the answer. WALLIX lets you delegate precisely scoped access with full accountability for every action.
THE CHALLENGE
Why 3rd Party Delegated Management is a Risk ?
HOW IT WORKS
WALLIX creates a managed boundary between your vendors and your systems. Vendors get a portal with access only to their assigned assets. You maintain full visibility and control while they do their work.
Create a vendor organisation in WALLIX with defined boundaries. Assign specific systems they can access. Set access windows, approval requirements, and session policies. The vendor gets a branded portal – no VPN configuration required.
Let vendors manage their own users within your policies. When a vendor adds a technician, that person inherits the vendor’s access boundaries – they can only see systems assigned to their organisation.
Vendor technicians connect through the portal to their assigned systems. Access can require your approval before sessions start. Time limits ensure access doesn’t persist beyond the maintenance window.
Session recordings show exactly what each vendor did. Reports break down access by vendor organisation. When something goes wrong, you have evidence.
IMPACT
A direct comparison of with and without WALLIX 3rd Party Management
| Aspect | Whitout WALLIX | With WALLIX |
|---|---|---|
| Vendor Onboarding | ❌ VPN setup, credential creation | ✅ Portal link, instant access |
| Access Boundaries | ❌ Network-level, often too broad | ✅ System-level, precisely scoped |
| User Management | ❌ You manage vendor | ✅ Vendors manage within boundaries |
| Session Visibility | ❌ No insight into vendor actions | ✅ Full recording, real-time view |
| Access Revocation | ❌ Manual, often forgotten | ✅ Automatic expiration, instant revoke |
| Dispute Resolution | ❌ No evidence of actions | ✅ Timestamped session recordings |
CAPABILITIES
The technical foundations that enable vendor access management to OT environments.
Each vendor organisation is isolated. Vendors see only their assigned systems and users. No visibility into other vendors or your internal operations.
Vendor admins manage their own users within your policy framework. Add, remove, and modify technicians without involving your team.
Require your sign-off before vendor sessions start. Route approvals based on system criticality, time of day, or custom rules.
Break down access, sessions, and activities by vendor. Compare vendor behaviour patterns. Generate compliance evidence.
FAQ
How do vendors access the system – do they need a VPN?
No VPN required. Vendors access through a web portal with their organisation’s branding.
Can vendors add their own users without our involvement?
Yes, with delegated administration enabled. Vendor admins can add users who inherit the organisation’s access boundaries.
What happens when a vendor contract ends?
Disable the vendor organisation with one action. All associated users immediately lose access. Session recordings are retained for compliance.
How do we handle emergency vendor access outside business hours?
Configure emergency access policies per vendor. Options include pre-approved emergency windows or on-call approver escalation.
Can different vendor technicians have different access levels?
Yes. Within a vendor organisation, you can define roles with different system access.
See how WALLIX enables secure, accountable vendor access to your OT systems.
