Machine Identity, Delegated Machine Credentials, and Credential Management

Institute Access Control and Governance Policies for Machines

Centrally manage machine identities and their credentials within the Centrify Platform to establish an enterprise root of trust that powers secure just-in-time privileged access for humans and applications. Dynamically-discovered machines have enterprise identity services instantly turned on, and Centrify Platform becomes the trusted source for centralized privileged access security policies enforced locally. The trust is mutual. Trusted machines and the apps that run on them can seamlessly leverage Centrify Platform services eliminating the need for per-app service accounts

Secure Dynamic Cloud and On-Premises Infrastructure

Automate best practices for root of trust for all enrolled machines.
Locally enforce centralized security policies versus provisioning local admin accounts.
Enable workloads to securely leverage services without creating new service accounts.
Simplify compliance through centrally managed security policies for users and machines.

Establish Machine Identities for a Strong Root of Trust

Centrify Platform continuously monitors dynamic cloud environments, automates enrollment of discovered machines, and manages an immutable identity per machine. Machines enrolled in the Platform leverage the Centrify Client and its machine identity for mutual authentication that establishes trust.


Enforce Trusted Privileged Access Security Policies

Eliminate the risks associated with making privileged access convenient versus secure. Unlike tools that enable privileged access by creating temporary local admin accounts that could be rogue accounts, with Centrify, a machine mutually authenticates with the Centrify Platform to pull trusted privileged access security policies for local enforcement. The result is a robust yet secure set of identity services that control access to each computer's applications, files, and folders.


Leverage Centrify Platform Machine Identities to Automate Secure Access for Applications

Centrally enroll and manage Linux and Windows machines in the Centrify Platform to establish trust that can be delegated to workloads. Trusted applications and microservices are granted secure access to vaulted credentials and secrets without the hassle and cost of managing local identities and without increasing your attack surface. For even better security, trusted applications can obtain cryptographic, short-lived tokens from the Centrify Platform’s STS instead of long-lived, static passwords.


Empower Cloud and DevOps Teams

Applications and microservices need seamless privileged access to configuration data and passwords often secured in a vault. Granting vault access through service accounts per application expands your attack surface and overhead. Centrify Cloud Suite governs vault access for workloads via delegated machine credentials. Based on a machine's identity, a token obtained from the Centrify Platform grants the workload a scoped set of vault services without requiring a dedicated service account.


Eliminate Application Passwords with Centrify’s Secure Token Service

The Centrify Platform provides a Secure Token Service (STS) to eliminate the use of passwords in applications and reduce your attack surface. Trusted applications use machine identities to obtain cryptographic, short-lived tokens instead of relying on long-lived passwords for authentication and authorization. Federated authentication between machines ensures workloads can access other services on other machines securely. Machine identities are OAuth confidential clients and PKI certificates.

Learn More About Centrify Cloud Suite

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us