Credential Management

Robust Credential Management Goes Beyond Vaulting and Credential Rotation

Robust Credential Management goes beyond vaulting and rotation of static credentials such as passwords and SSH keys to provide additional credential and authentication services for systems and applications. With the Centrify Privileged Access Service developers get the best of both worlds where applications can either checkout managed static credentials from a vault or leverage federation technologies for client-to-server authentication depending on which is best for the application.

Optimize Client-Server & Microservices Authentication

centralized management

Centralized Systems and Service Accounts

Developers building applications have a choice to either create local service accounts and use the Centrify Account Passwords and Secrets Vault to vault and rotate these credentials or to create a service account within the Centrify Zero Trust Privilege platform, which leverages centralized authentication services to enable authentication to servers and hosted services with temporary credentials. Applications can also take advantage of the hosting computer’s account that is automatically managed by Centrify to request temporary credentials for access to other servers and hosted services.


OAuth for Confidential Client Authentication

OAuth compliant servers or services can be configured with a confidential client account within the Centrify platform in order to request access or bearer authorization tokens on order to gain access to specific functions of the server. Centrify provides full OAuth 2.0 capabilities for both clients and servers.


SAML Tokens for Web Access

Servers or applications that need access to web applications or hosted services can leverage the Centrify Zero Trust Privilege solution to request a SAML token for the external application. This capability also enables servers or applications with an account in Centrify to request a SAML token to be send to a third-party Identity Provider (IDP) such as Idaptive, which can then provide temporary credentials for downstream applications that trust the IDP. This model enables seamless and temporary access to external web services by servers and client application accounts managed by Centrify.

Password Reconciliation

Client-Based Password Reconciliation

As many organizations are painfully aware, out-of-sync passwords can interrupt IT operations and impact security. But they don’t have to worry ― Centrify got them covered by offering client-driven password reconciliation for local accounts. In turn, organizations can do password resets, account unlock on Windows machines, password rotation, and many other account operations without having to rely on the Centrify Gateway Connector or more importantly without increasing their attack surface with extra privileged accounts.

Learn how organizations can establish core privileged access controls across their growing attack surface.

Learn More About Credential Management

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us