MFA at System Login

Ensure Only Authorized Humans Access Critical Infrastructure

Privileged access to systems is often the primary attack interface, which must be protected from cyber adversaries who wish to steal information or do harm in an environment. Enforcing strong authentication through multi-factor authentication (MFA) bolsters identity assurance and ensures that only authorized humans access critical systems. Centrify’s MFA at login for Linux, UNIX, and Windows systems is host-enforced and cannot be circumvented.

Supported Authenticators

Zero Trust Demands Identity Assurance

Reinforce Zero Trust principles requiring strong verification of a user’s identity before authentication to critical infrastructure.

Halt in-progress attacks with step-up authentication support for a broad range of authenticators and form factors.

Enforce MFA on each computer at login to prevent humans or malware from circumventing (or bypassing) security policies.

Centralized MFA Service for All Privileged Access

Whether applying MFA at system login, vault login, or during privilege elevation, the Centrify Platform powers a consistent and easily maintainable MFA Service for ALL privileged access. Centrify Platform MFA service delivers out-of-the-box support for NIST Level 2 and 3 Assurance Levels.

Local MFA Capabilities for Linux and UNIX

The Centrify Client is configured with a centralized policy to step up authentication at login with a call out to a Centrify or 3rd party pluggable authentication module that challenges the user for MFA. Local enforcement simplifies the environment where systems directly communicate with the OTP.

Windows MFA Natively Integrated into the Login Process

Secure access to Windows systems with host-enforced MFA that verifies the identity of the user accessing the server. Host-enforced MFA cannot be bypassed by malicious attackers and streamlines the login process for authorized privileged users with seamless integration into the Windows login process.

Centrify Mobile App for Push Notification and Workflow

Centrify Mobile App for iOS and Android delivers a simple interface for MFA notifications. The Mobile App also provides an interface to manage OATH tokens where the Centrify Vault Suite manages the seed or secret. This interface validates the OTP codes for privileged applications or services that require OATH-compliant MFA, such as the AWS^® Console.

Authenticators Supported by Centrify

Mobile push notifications to the Centrify Mobile App for iOS and Android with simple swipe after unlock to verify authentication.

One or more security questions can be used, as the simplest form of authentication using something the user knows.

Phone Call with PIN Verification can be used with any phone number in the Centrify Platform’s directory service — mobile, office, or home numbers.

Text Message (SMS) Confirmation Code can be used with any phone number in the Centrify Platform’s directory service — mobile, office, or home numbers.

Email Confirmation Code can be used with the email address in the Centrify Platform’s directory service.

OATH OTP Tokens such as managed by Google Authenticator or Centrify Mobile App, can be used to validate the user is who they say they are.

Third-Party RADIUS Authentication via RADIUS integration takes advantage of your existing MFA system such as RSA^® SecurID^™, Duo Security^® or Symantec^® VIP.

FIDO U2F Security Keys represent a super simple solution to deploy that also provides the highest identity assurance when combined with the user’s password.

FIDO2 support the latest FIDO Alliance specifications for passwordless authentication and on-device authenticators such as Microsoft Hello, Apple’s FaceID and TouchID biometrics.