Here is an example TechIDManager deployment for an MSP’s client that has one domain controller, three other servers, and four laptop computers that are rarely connected to the network.
You want to have unique domain accounts for each tech to access all of the computers and servers, and unique local accounts for each tech to access each laptop.
You are disabling all built-in local admin accounts on the laptops.
You deploy PAM agents to one domain controller to create and maintain unique domain accounts for each tech. Techs then use their domain accounts to access all three the servers, and possibly the laptops (if they are on the network with the domain controller.)
You deploy a PAM agent to each of the four laptops to create and maintain unique local accounts for each tech incase a tech needs access to one of those laptops and it is offline.
The total agent counts deployed in this example are:
5 PAM agent