Institute Access Control and Governance Policies for Machines
Centrally manage machine identities and their credentials within the Centrify Platform to establish an enterprise root of trust that powers secure just-in-time privileged access for humans and applications. Dynamically-discovered machines have enterprise identity services instantly turned on, and Centrify Platform becomes the trusted source for centralized privileged access security policies enforced locally. The trust is mutual. Trusted machines and the apps that run on them can seamlessly leverage Centrify Platform services eliminating the need for per-app service accounts
Secure Dynamic Cloud and On-Premises Infrastructure
Establish Machine Identities for a Strong Root of Trust
Centrify Platform continuously monitors dynamic cloud environments, automates enrollment of discovered machines, and manages an immutable identity per machine. Machines enrolled in the Platform leverage the Centrify Client and its machine identity for mutual authentication that establishes trust.
Enforce Trusted Privileged Access Security Policies
Eliminate the risks associated with making privileged access convenient versus secure. Unlike tools that enable privileged access by creating temporary local admin accounts that could be rogue accounts, with Centrify, a machine mutually authenticates with the Centrify Platform to pull trusted privileged access security policies for local enforcement. The result is a robust yet secure set of identity services that control access to each computer's applications, files, and folders.
Leverage Centrify Platform Machine Identities to Automate Secure Access for Applications
Centrally enroll and manage Linux and Windows machines in the Centrify Platform to establish trust that can be delegated to workloads. Trusted applications and microservices are granted secure access to vaulted credentials and secrets without the hassle and cost of managing local identities and without increasing your attack surface. For even better security, trusted applications can obtain cryptographic, short-lived tokens from the Centrify Platform’s STS instead of long-lived, static passwords.
Empower Cloud and DevOps Teams
Applications and microservices need seamless privileged access to configuration data and passwords often secured in a vault. Granting vault access through service accounts per application expands your attack surface and overhead. Centrify Cloud Suite governs vault access for workloads via delegated machine credentials. Based on a machine's identity, a token obtained from the Centrify Platform grants the workload a scoped set of vault services without requiring a dedicated service account.
Eliminate Application Passwords with Centrify’s Secure Token Service
The Centrify Platform provides a Secure Token Service (STS) to eliminate the use of passwords in applications and reduce your attack surface. Trusted applications use machine identities to obtain cryptographic, short-lived tokens instead of relying on long-lived passwords for authentication and authorization. Federated authentication between machines ensures workloads can access other services on other machines securely. Machine identities are OAuth confidential clients and PKI certificates.
