Resources Library

The following white papers, datasheets, online webinars, chalktalk and product demos provide easy-to-grasp overviews of Centrify solutions' features and architecture.


Analyst & Partner Reports

Centrify Cited as a Strong Performer by Independent Research Firm in its Privileged Identity Management Wave™ Report

Centrify Cited as a Strong Performer by Independent Research Firm in its Privileged Identity Management Wave™ Report

In the Forrester Research, Inc., Feb. 3 report, “The Forrester Wave™: Privileged Identity Management, Q1 2014”, analysts evaluated nine vendors based on 18 key criteria, including current offering, strategy and market presence. Centrify Server Suite was the only solution to earn the highest possible score for its Active Directory Bridge and tied for the highest scores in privileged session spawning, privileged session recording, and privilege escalation. Centrify also earned the highest possible score for customer satisfaction.

Three Important Reasons for Privileged Access Management and one Surprising Benefit (by Enterprise Management Associates)

Three Important Reasons for Privileged Access Management and one Surprising Benefit (by Enterprise Management Associates)

In this report Enterprise Management Associates (EMA) analysts explore the ways in which gaining visibility and control over high-privilege access helps organizations achieve regulatory compliance, assure responsible governance, and improve security all while reducing IT operational costs. The characteristics of an effective privileged access management solution are examined, along with evidence from EMA research that supports the values of a more consistent approach to operational IT control.

Centrify Private Vendor Watchlist Profile: Bridging Linux/Mac/Mobile Platforms for Increased Security and Managed Access Control via Microsoft AD

Centrify Private Vendor Watchlist Profile: Bridging Linux/Mac/Mobile Platforms for Increased Security and Managed Access Control via Microsoft AD

In this vendor profile, IDC's Sally Hudson concludes that Centrify is a company to watch because of its "established, proven record of accomplishment" in the IAM space. Hudson notes that "Centrify's ability to grow out and expand its product line to meet the emerging needs of the customer has been insightful and impressive. Centrify has successfully identified existing and emerging customer pain points, such as management, audit, and PIM, and focused on delivering appropriate solutions."

Software Firm Eases Compliance Improves Security by Linking Heterogeneous Systems (by Microsoft)

Software Firm Eases Compliance Improves Security by Linking Heterogeneous Systems (by Microsoft)

This set of customer stories, created by Microsoft's Interop Vendor Alliance organization, profiles customers in a number of industries who were able to strengthen security and streamline operations using Centrify solutions to extend Active Directory services to their non-Windows platforms.

Centrify Adds Value to Active Directory – And the Business (by Enterprise Strategy Group)

Centrify Adds Value to Active Directory – And the Business (by Enterprise Strategy Group)

Enterprise Strategy Group reviews the factors that are prompting organizations to invest in Identity and Access Management initiatives. It examines the Active Directory-centric solution that Centrify delivers, concluding, "DirectControl and DirectAudit can help address some of the most troublesome IAM issues related to ... meeting regulatory compliance mandates and improving internal security."

Using Microsoft Active Directory to Address Sarbanes-Oxley (SOX) Compliance in Heterogeneous Environments (by Robert Francis Group)

Using Microsoft Active Directory to Address Sarbanes-Oxley (SOX) Compliance in Heterogeneous Environments (by Robert Francis Group)

In a heterogeneous environment of Windows, Unix, Linux and Mac systems, having a strategy for consolidated identity and policy management will make the difference between passing or failing an audit or inspection. In this white paper, the Robert Frances Group, a recognized leader in business and technical consulting to Global 2000 IT executives, demonstrates the value organizations can realize from building and deploying comprehensive, consistent, and policy-driven controls that leverage a proven technology already in place: Active Directory.


Compliance Solutions

Addressing APRA - PPG 234 Compliance through Centralised Identity and Access Management in Active Directory

Addressing APRA - PPG 234 Compliance through Centralised Identity and Access Management in Active Directory

The Australian Prudential Regulation Authority (APRA) lays out a comprehensive set of IT security requirements that are an ongoing focus for IT managers in financial organisations and enterprises in Australia. APRA-PPG 234 addresses security issues in a comprehensive manner, covering everything from identity assurance and access controls to accountability and audit. This White Paper details how Centrify Suite and Active Directory can address a large portion of security controls and risk management requirements addressed in APRA- PPG234. In addition, requirements related to monitoring of IT security controls as detailed in the guidelines are discussed in the context of the capabilities of Centrify DirectAudit.

FISMA Compliance through Centralized Identity & Access Management Leveraging Microsoft Active Directory

FISMA Compliance through Centralized Identity & Access Management Leveraging Microsoft Active Directory

The Federal Information Security Management Act (FISMA) lays out a comprehensive set of security requirements that are currently top-of-mind for federal IT managers. FISMA addresses security issues in a comprehensive manner, covering everything from identity management to physical building security. This white paper focuses specifically on identity and access management (IAM) issues, using the guidance provided by NIST Special Publication 800-53, Revision 2, Recommended Security Controls for Federal Information Systems, as a roadmap.

Using Microsoft Active Directory to Address Payment Card Industry (PCI) Data Security Standard Requirements in Heterogeneous Environments

Using Microsoft Active Directory to Address Payment Card Industry (PCI) Data Security Standard Requirements in Heterogeneous Environments

The Security Standards Council of the Payment Card Industry (PCI) owns and maintains the Data Security Standard (DSS), which is a rigorous set of requirements that all merchants, payment processors, point-of-sale vendors, and financial institutions must follow in order to retain their right to use the payment system. This white paper describes how Active Directory combined with DirectControl and DirectAudit can address specific PCI DSS requirements.

Centrify DirectControl & Regulatory Compliance

Centrify DirectControl & Regulatory Compliance

This white paper cuts through the jungle of regulatory compliance requirements by providing a succinct overview of the four major compliance regulations faced by U.S. and European Union companies — and those doing business with them — and what those regulations mean to the IT community. You'll learn how these laws map to IT solution areas, and how Centrify DirectControl enables you to harness the power of Active Directory to meet security, access control, policy, auditing and reporting requirements for your heterogeneous environment.

Using Microsoft Active Directory to Address Sarbanes-Oxley (SOX) Compliance in Heterogeneous Environments (by Robert Francis Group)

Using Microsoft Active Directory to Address Sarbanes-Oxley (SOX) Compliance in Heterogeneous Environments (by Robert Francis Group)

In a heterogeneous environment of Windows, Unix, Linux and Mac systems, having a strategy for consolidated identity and policy management will make the difference between passing or failing an audit or inspection. In this white paper, the Robert Frances Group, a recognized leader in business and technical consulting to Global 2000 IT executives, demonstrates the value organizations can realize from building and deploying comprehensive, consistent, and policy-driven controls that leverage a proven technology already in place: Active Directory.


The Centrify Vision

A Practical Path to Unified Identity Across Data Center, Cloud and Mobile

A Practical Path to Unified Identity Across Data Center, Cloud and Mobile

The major trends challenging IT organizations today are the increasing heterogeneity and hybridization of platforms inside and outside the organization, the rush to deploy SaaS applications and the explosion in smart phone and tablet devices users are bringing to work to for personal productivity. This fractured identity environment results in significant management challenges for IT and frustration and lower productivity for users forced to remember multiple usernames and passwords. Centrify's unified identity architecture ensures your on-premise Active Directory infrastructure can be securely leveraged to quickly bring servers (UNIX ,Linux, Windows), applications (on-premise, SaaS and mobile) and endpoints (Mac and Mobile devices) into line with security best practice and compliance.


Centrify User Suite

Office 365 Single Sign-On: High Availability without High Complexity

Office 365 Single Sign-On: High Availability without High Complexity

This technology brief will explain why highly reliable SSO between your on-premise network and O365 is so important, why that implementation is surprisingly difficult to achieve using the accessory tools provided with O365, and how Centrify leverages your preexisting, multiple-site Active Directory (AD) infrastructure to make SSO reliable yet simple.

Stop Password Sprawl with SaaS Single Sign-On via Active Directory

Stop Password Sprawl with SaaS Single Sign-On via Active Directory

Organizations are rushing to SaaS in an effort to move business initiatives along faster than the traditional cycle of implementation, integration and on-going maintenance associated with on-premise applications. And lost in the rush to adopt SaaS applications is the cost and complexity of managing an additional identity silo for each new application including integration costs, increased help desk load and lower productivity as users struggle with multiple passwords, password policies and frustrating login interfaces for browsers and client applications on mobile devices. Using Centrify for SaaS organizations can address password sprawl with single sign-on — and zero sign-on for mobile apps — while also centralizing control over an ever-increasing numbers of SaaS applications. Users get single sign-on and self-service features that let them locate, lock or wipe their mobile devices and also reset their Active Directory passwords. IT gets an easy-to-deploy, cloud-based service for access control and visibility to SaaS application usage which seamlessly integrates into Microsoft Active Directory.

Improving Mobile Device Security and Management with Active Directory

Improving Mobile Device Security and Management with Active Directory

As more and more workers bring personal devices to work for increased productivity and mobile access organizations must quickly respond to the security and compliance risks posed by largely unmanaged access to corporate information. Enterprises can expect to see tablet sales alone increase by 250% in 2012, primarily iPads, which users are connecting to corporate email and other network services at unprecedented rates. To address these trends IT organizations need to deploy comprehensive and cost-effective solutions that secure and manage all the devices that are part of this 'consumerization of IT' trend — iOS and Android smart phones and tablets and Mac OS laptops.


Centrify Server Suite

Top 3 Reasons to Give Insiders a Unified Identity

Top 3 Reasons to Give Insiders a Unified Identity

Although much publicity around computer security points to hackers and other outside attacks, insider threats can be particularly insidious and dangerous, whether caused by malice or employee negligence. In its list of the eight most significant cyber security threats for 2013, Forbes cited internal threats as No. 3, noting that internal attacks can be “the most devastating” due to the amount of damage privileged users can inflict and the type of data they can access.

How Global Financial Firms Can Effectively Address Technology Risk Guidelines

How Global Financial Firms Can Effectively Address Technology Risk Guidelines

The MAS guidelines for Internet Banking and Technology Risk Management (TRM), issued in June 2013, identify security and risk management issues in a comprehensive manner, covering everything from identity assurance and access controls to accountability and audit. This white paper details how products from Centrify—a leading provider of Unified Identity Services across data center, cloud, and mobile—addresses critical portions of the security controls and risk management requirements defined in the MAS TRM Guidelines.

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

Capturing the detailed actions of privileged users is even more critical in today's business environment that is driving cost efficiencies through IT outsourcing, off-shoring and supplementing IT staff with contractors. Security and compliance issues also exist with third-parties including Cloud Providers, Service Providers and ISVs. And every major compliance regulation requires organizations to document what users actually do with the privileges and rights granted to them and how their actions impact the IT environment. Traditional approaches, such as log files, cannot fully meet these requirements. Log files are well suited to aggregating and correlating events and management data for alerting and reporting purposes. But for a full accounting of what specific actions were taken on a specific system, at a specific time, by a specific user, there is no substitute for a high-fidelity recording of individual user sessions. By recording all privileged user activity (screen actions, events and metadata) a complete picture of intentions and impacts can be achieved. Organizations need to ensure that every privileged session can be audited across their extended enterprise creating a high level of visibility on UNIX, Linux and Windows systems whether in the data center or in cloud computing environments. Additionally, the auditing approach should scale up to meet organizations growing needs without interruptions and with minimal administrative resources. The solution should be realized with a proven architectural approach that is fault tolerant, reliable and highly scalable across thousands of systems and users. Centrify DirectAudit solves these critical business and technical challenges with an auditing solution that makes the capture and collection, and search and replay of user session activity simple. DirectAudit can also be deployed on all modern Windows releases as well as all major distributions of UNIX and Linux providing a complete solution for real-time and historical privileged user activity auditing across the broad set platforms in the heterogeneous enterprise.

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond

For Windows environments, it is critical that organizations can delegate administration and establish granular privileges quickly and efficiently to restrict administrators so they only access the servers and resources required to perform their job and only during the approved times to perform specific tasks. This white paper examines the security, compliance and efficiency issues surrounding least privilege management for Windows servers, and explains where native Windows tools fall short. It then describes how Centrify DirectAuthorize for Windows eliminates the problem of too many users having broad and unmanaged administrative powers by delivering secure delegation of privileged access and granularly enforcing who can perform what administrative functions.

Enforcing Enterprise-Out Security For Cloud Servers

Enforcing Enterprise-Out Security For Cloud Servers

Cloud-based computing models offer the promise of a highly scalable compute infrastructure without having to acquire, install and maintain any additional hardware. However, implementing this new compute model using even the most trusted service providers requires a security solution that empowers IT to maintain control over user and network access to those hosted virtual machines. Security becomes even more important given the regulatory climate and audit pressures surrounding PCI, SOX, BASEL II and HIPAA. Centrify solves these difficult problems by providing an enterprise-out security enforcement approach that leverages existing Active Directory-based security policy enforcement and IPsecbased server and domain isolation. Together, these technologies enable rapid expansion of cloud compute capacity while still maintaining a secure environment.

Protecting Sensitive Information through IPsec-Based Server and Domain Isolation

Protecting Sensitive Information through IPsec-Based Server and Domain Isolation

Learn how to leverage the native IPsec support built into today's operating systems to add an additional layer of protection that does not require costly hardware upgrades or modifications to existing applications. This white paper also describes Centrify DirectSecure's innovative, software-based approach to deploying a peer-to-peer IPsec solution that can dynamically isolate cross-platform systems and enable end-to-end encryption of data in motion.

Implementing Detailed User-Level Auditing of UNIX and Linux Systems Using Centrify DirectAudit

Implementing Detailed User-Level Auditing of UNIX and Linux Systems Using Centrify DirectAudit

Organizations today are facing a growing list of IT security challenges, from complying with Sarbanes-Oxley, HIPAA and Payment Card Industry standards, to protecting against the threat of insider attacks. This white paper examines the compelling business and technical case for centralized auditing of mission-critical UNIX and Linux systems, describes how Centrify DirectAudit's integrated architecture enables you to meet regulatory requirements and protect against insider threats, and describes how DirectAudit can help you better troubleshoot UNIX/Linux availability problems.

Centrally Controlling, Securing and Auditing Access to Cross-Platform Systems and Applications Using the Centrify Suite

Centrally Controlling, Securing and Auditing Access to Cross-Platform Systems and Applications Using the Centrify Suite

How to leverage an infrastructure you already own - Microsoft Active Directory - to strengthen security, enhance regulatory compliance initiatives, reduce IT expense and complexity, and improve end-user productivity.

Software Firm Eases Compliance Improves Security by Linking Heterogeneous Systems (by Microsoft)

Software Firm Eases Compliance Improves Security by Linking Heterogeneous Systems (by Microsoft)

This set of customer stories, created by Microsoft's Interop Vendor Alliance organization, profiles customers in a number of industries who were able to strengthen security and streamline operations using Centrify solutions to extend Active Directory services to their non-Windows platforms.

Centrify Adds Value to Active Directory – And the Business (by Enterprise Strategy Group)

Centrify Adds Value to Active Directory – And the Business (by Enterprise Strategy Group)

Enterprise Strategy Group reviews the factors that are prompting organizations to invest in Identity and Access Management initiatives. It examines the Active Directory-centric solution that Centrify delivers, concluding, "DirectControl and DirectAudit can help address some of the most troublesome IAM issues related to ... meeting regulatory compliance mandates and improving internal security."

Centrify's Solution for NIS Migration

Centrify's Solution for NIS Migration

Sun Microsystem's Network Information Service (NIS, originally known as Sun Yellow Pages) has been the primary choice for managing Unix identity information in a networked environment for many years. Unfortunately, NIS has several shortcomings in the areas of security, manageability, and network dependency, and its successor, NIS+, was never widely accepted as a standard. This white paper examines the challenges of migrating NIS deployments to a central repository, and explains in detail how a combination of Microsoft Active Directory and Centrify DirectControl can deliver a cost-effective solution that strengthens security while improving IT efficiency.

Top Five Benefits of Using Windows Group Policy to Secure and Manage UNIX, Linux and Mac Systems

Top Five Benefits of Using Windows Group Policy to Secure and Manage UNIX, Linux and Mac Systems

Applying standardized security and configuration policies to enforce IT security requirements and meet government and industry regulations remains one of the most difficult challenges for organizations with large numbers of mixed Windows, Linux, UNIX and Mac computers. Since the release of Windows 2000, IT administrators have used Group Policy to globally distribute computer and user policies across their Windows environment. No single solution addresses the same need across all Linux vendors and distributions, and the same is true of UNIX vendors. Centrify DirectControl's ability to extend Windows Group Policy to Linux, UNIX and Mac systems now points the way toward consolidated, centralized and consistent cross-platform policy enforcement.

Centrify DirectControl for Samba

Centrify DirectControl for Samba

Samba, one of the most popular Open Source technologies in use, allows IT administrators to share directories and files hosted on UNIX and Linux systems with Windows users. However, Samba can be difficult to deploy, and its inability to centrally store UNIX identity information in Active Directory makes it unworkable in most enterprise scenarios. This white paper describes how you can use Centrify DirectControl to make Samba more secure, more manageable, and enterprise ready.

Active Directory and DirectControl

Active Directory and DirectControl

With the popularity of Active Directory, many organizations would like to leverage their Active Directory investment and integrate its services with their Unix, Linux, Mac and Java platforms. This white paper describes the enterprise capabilities of Active Directory and how Centrify DirectControl enables organizations to integrate non-Microsoft platforms with Active Directory.

Centrify's Solution for Migrating Unix Directories to Active Directory

Centrify's Solution for Migrating Unix Directories to Active Directory

In the Unix and Linux world, multiple directory technologies exist for handling user accounts, passwords, system access and usage policy. An ideal solution for consolidation would be to leverage Active Directory for access management beyond Windows. This white paper discusses how organizations can migrate existing Unix directory systems to Active Directory using the Centrify DirectControl suite and Centrify's unique Zones technology.

Using Centrify DirectControl with VMware ESX Server

Using Centrify DirectControl with VMware ESX Server

This white paper provides an overview of the features and benefits of ESX Server and Centrify DirectControl, and describes how an organization can realize substantial benefits by using DirectControl to enable Active Directory services on ESX Server.

Integrating Centrify DirectControl with Identity Management Systems

Integrating Centrify DirectControl with Identity Management Systems

This white paper provides detailed examples of how to integrate Centrify DirectControl with commercial off-the-shelf Identity Management Systems. It demonstrates how to handle common Identity Management events and discusses how DirectControl can simplify provisioning tasks and strengthen security when used in an environment that includes LDAP-based systems, databases, and portal servers.

Single Sign-On for SAP NetWeaver on UNIX or Linux with Centrify

Single Sign-On for SAP NetWeaver on UNIX or Linux with Centrify

Many of the largest, most recognizable and successful organizations use SAP NetWeaver solutions on UNIX or Linux. But to the end-users within those organizations who access SAP either through SAPgui or through the browser, this means yet another username and password they have to remember. To IT managers, SAP represents yet another authentication silo to manage. In addition, given the sensitive nature of the data stored in SAP systems, there is a compelling need from both a security and compliance perspective to ensure that sensitive data is communicated in a highly secure manner. In most organizations, Microsoft's Active Directory is now the de facto standard for providing authentication and identity management for Windows systems and applications. Centrify DirectControl extends the reach of Active Directory to UNIX, Linux, Mac, Java/web and database environments. Centrify DirectControl for SAP goes one step farther by enabling Active Directory-based single sign-on and optional encryption for SAP. This means users using either SAPgui or a web browser can leverage their Active Directory credentials to access SAP running on UNIX or Linux without having to remember or re-enter another username and password. And auditors and security professionals can feel safe that access to SAP is more secure due to DirectControl's use of Kerberos. This white paper describes how Centrify DirectControl for SAP delivers single sign-on and optional encryption capabilities for SAP on UNIX or Linux and how this ability translates into major benefits in the form of increased security, ease of use and enterprise readiness.

Single Sign-On and Federation for Java/Web with Centrify DirectControl and Microsoft Active Directory

Single Sign-On and Federation for Java/Web with Centrify DirectControl and Microsoft Active Directory

Applications running on Apache, JBoss, Tomcat, WebLogic and WebSphere have traditionally required additional authentication and identity stores that are inefficient and expensive to manage and pose security risks due to gaps in maintaining and deprovisioning accounts. Complying with SOX, HIPAA, PCI, and other government and industry regulations is also more difficult. Enterprise efficiency is impacted as well, with IT constantly provisioning and resetting passwords. Moreover, external users and partners cannot participate in federated scenarios. This white paper describes how Centrify DirectControl for Java/Web delivers single sign-on capabilities for web applications and provides major benefits in the form of increased security, ease of use and enterprise readiness.