Frequently Asked Questions

Find answers to common questions about Thand Agent and just-in-time access management.

Table of contents

  1. General Questions
    1. Why is it called Thand?
    2. What is Thand Agent?
    3. How does Thand improve security?
    4. What’s the difference between Thand Agent, Server, and Cloud?

General Questions

Why is it called Thand?

In Sindarin, Thand/Tirith e-Daur/en-Eryn (‘Shield/Guard of the Forest’) where ‘en’ (of the) causes a mixed mutation. In Tolkien’s legendarium.

What is Thand Agent?

Thand Agent is an open-source privilege access management (PAM) and just-in-time access (JIT) solution for cloud infrastructure, SaaS applications, and local systems. It eliminates standing privileges by providing temporary access only when needed, automatically revoking permissions when tasks are complete.

How does Thand improve security?

Thand addresses several critical security issues:

  • Eliminates static credentials that can be leaked or compromised
  • Removes over-privileged users by granting only necessary permissions
  • Provides complete audit trails for compliance and security monitoring
  • Prevents persistent threats by automatically revoking access
  • Reduces attack surface through zero standing privileges

What’s the difference between Thand Agent, Server, and Cloud?

  • Thand Agent: Runs on your local machine, manages sessions and provides authentication
  • Thand Server: Deployed in your infrastructure, acts as a “login server” for access requests
  • Thand Cloud: Optional proprietary service that provides centralized management, AI insights, and analytics

Still have questions? Open an issue or reach out to our team!