Products

Federation Service

Secure Privileged Access Without Managing Identities

Each new identity created is one more target for the bad guys to go after and increases the risk that their attack strategies will successfully breach enterprise defenses. Centrify Platform’s federation enables secure privileged access for humans and applications without creating new identities.

Identity Federation for Humans and Applications

Federation diagram

Centrify Platform’s federation service delivers SAML, OpenID Connect, and OAuth2 support for humans and applications.

Simplify and Secure

Govern privileged access without duplicating identities

Simplify with one Secure Token Service for privileged access

Replace service accounts with short-lived tokens

diagram-Federation-1

Secure Privileged Access to the Centrify Platform

Centrify Platform’s federation service includes a built-in SAML Service Provider that enables users from other trust realms (identity providers) to log in to the Centrify Platform. Context furnished from the identity provider to the Centrify Platform is used to map users into pre-defined roles that govern their privilege — without any prior knowledge of the user. As a result, organizations quickly onboard outsourced IT and 3rd party vendors with a single sign-on experience and reduce the risk and administrative overhead of managing duplicate user identities.

diagram-Federation-2

Secure Token Service

For increased security, Centrify Platform’s federation service provides a Secure Token Service (STS) to eliminate the use of passwords in applications and reduce your attack surface. Trusted applications use the STS APIs to obtain cryptographic, short-lived tokens instead of relying on long-lived passwords for authentication and authorization.

diagram-Federation-3

Broad Token Support

  • OAuth2
  • OpenID Connect
  • PKI certs
  • SSH certs
  • SAML
  • OATH
diagram-Federation-4

Short-Lived Access to Web Apps

Leveraging Centrify’s secure token service, organizations can minimize the risk associated with remote access threats. Admins or workloads that need access to web admin consoles leverage the STS to generate SAML and OAuth2 tokens for secure access. This model enables seamless and short-lived access to web admin consoles from the Centrify Portal and from workloads running on Centrify managed systems.

diagram-Federation-5

API Access to Centrify Platform Services

Centrify's STS enables workloads to securely leverage Centrify services without creating new service accounts that expand your attack surface. The STS generates scoped OAuth2 tokens based on a machine's identity that grant applications and microservices access to Vault Suite APIs and other Centrify Platform services.

diagram-Federation-6

Eliminate Weak Passwords for Application-to-Application Access

Increase security with identity federation and short-lived tokens for application-to-application access versus creating per-app service accounts that expand the attack surface. Centrify Platform acts as the Identity Provider (IdP) on behalf of server applications on trusted systems. This enables client applications, leveraging their host’s machine identity, to request temporary credentials for federated access to the server application. 

Ready to Protect Against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial