Transition from traditional credentials to modern methods without business disruption is crucial. This capability is not typically available on traditional PAM solutions. SSH keys serve both as identification and authorization. What happens when we decouple the two according to the best practices of Zero Trust? Identity through existing SSH keys & authorization through policy engines and role-based access controls. In this session we will explore the possibilities of short-lived certificates & identity-based access via bastions or proxies.