Identity Assurance for Privileged Access
Each year hackers create new vulnerabilities, exploits, and tools to evolve their attack strategies and breach enterprise defenses. Centrify Platform’s risk-based multi-factor authentication (MFA) stops these attacks in their tracks with a layered approach to security that spans all privileged access.
MFA Everywhere You Need It
Adaptive MFA for privileged access blocks cyber-attacks at multiple points in the attack chain — and protects even when credentials are compromised.
Simplify and Secure
Stop in-progress attacks leveraging stolen credentials
Simplify with one MFA solution for all privileged access
Dynamic policies that won’t disrupt productivity
Broad Authenticator Support
Authentication Profiles determine whether to challenge a user with one or two factors and which authenticators to present to the user.
- Push notification to phone or smartwatch
- Security questions
- Interactive phone call
- Text (SMS) message confirmation code
- Email confirmation code
- OATH-compliant tokens
- Third-party RADIUS authentication
- FIDO U2F and FIDO2 security keys
Flexible MFA Policy Service
Centrify Platform’s MFA Authentication Service enforces identity assurance for all privileged access. Flexible MFA policies apply authentication profiles based on privileged access type – server login, privilege elevation, or vault services. Authentication profiles define acceptable factors and whether to require one or two. Policies also specify grace periods where repeated MFA challenges are not required.
Behavior-Based MFA for Session Initiation and Password Checkout
Identify anomalous behavior in real-time — not tomorrow or next month — by enforcing behavior-based policies. With a combination of risk-level, roles, and MFA, Centrify Platform automates informed decisions on granting privileged access. Dynamic policies protect critical infrastructure when users' credentials are compromised by prompting for a second factor or denying access.
Centrify Mobile App
Centrify Mobile App for iOS and Android provides a convenient alternative user interface for MFA notifications and workflow requests for approval. Centrify Mobile App also provides an interface to manage OATH-compliant OTP tokens where the seed or secret is vaulted. These OTP tokens can be used with services that enforce OATH-compliant MFA such as the AWS® Management Console.