Validate That the Proper Privileged User Is Launching Privileged Commands
Multi-factor authentication (MFA) at login is not always the best choice, especially if that access and the normal commands cannot do any harm or access any sensitive information. However, the execution of a privileged command should always be protected from malicious actors by ensuring only authorized humans are launching privileged commands through MFA validation prior to privileged command execution. Centrify provides host-based technology, which cannot be circumvented to enforce multi-factor authentication upon privileged execution across Linux, UNIX and Windows servers.
Allow for Strong Verification Prior to Privileged Command Execution
Reinforce Zero Trust principles requiring strong verification of a privileged user prior to privileged command execution, enforced by an intelligent agent on each host.
Simplify IT Staff access when privileges are not required for day-to-day activity such as checking logs for investigative work.
Centralized MFA Service Integration
Whether apply MFA at system or vault login or during privilege elevation, integration with the Centrify Privileged Access Service allows a consistent and easily maintainable MFA service for ALL privileged access. With the broadest range of authenticators and out-of-the-box support for NIST Level 2 and 3 Assurance Levels. We got you covered.
MFA For UNIX/Linux Privilege Elevation
A Zero Trust Privilege approach requires always Verifying Who is requesting privileged access. UNIX/Linux admins logging in to check the system is not considered risky and should not require MFA, however execution of any privileged commands should be configured to require MFA prior to execution leveraging Centrify’s centralized MFA services.
MFA for Windows Privilege Elevation
A Zero Trust Privilege approach requires always Verifying Who is requesting privileged access. Windows admins who need to execute privileged commands can be challenged for MFA, required to reauthenticate with their AD password or validate their identity with a Smart Card.