Robust Credential Management Goes Beyond Vaulting and Credential Rotation
Robust Credential Management goes beyond vaulting and rotation of static credentials such as passwords and SSH keys to provide additional credential and authentication services for systems and applications. With the Centrify Privileged Access Service developers get the best of both worlds where applications can either checkout managed static credentials from a vault or leverage federation technologies for client-to-server authentication depending on which is best for the application.
Optimize Client-Server & Microservices Authentication
Centralized Systems and Service Accounts
Developers building applications have a choice to either create local service accounts and use the Centrify Account Passwords and Secrets Vault to vault and rotate these credentials or to create a service account within the Centrify Zero Trust Privilege platform, which leverages centralized authentication services to enable authentication to servers and hosted services with temporary credentials. Applications can also take advantage of the hosting computer’s account that is automatically managed by Centrify to request temporary credentials for access to other servers and hosted services.
OAuth for Confidential Client Authentication
OAuth compliant servers or services can be configured with a confidential client account within the Centrify platform in order to request access or bearer authorization tokens on order to gain access to specific functions of the server. Centrify provides full OAuth 2.0 capabilities for both clients and servers.
SAML Tokens for Web Access
Servers or applications that need access to web applications or hosted services can leverage the Centrify Zero Trust Privilege solution to request a SAML token for the external application. This capability also enables servers or applications with an account in Centrify to request a SAML token to be send to a third-party Identity Provider (IDP) such as Idaptive, which can then provide temporary credentials for downstream applications that trust the IDP. This model enables seamless and temporary access to external web services by servers and client application accounts managed by Centrify.
Client-Based Password Reconciliation
As many organizations are painfully aware, out-of-sync passwords can interrupt IT operations and impact security. But they don’t have to worry ― Centrify got them covered by offering client-driven password reconciliation for local accounts. In turn, organizations can do password resets, account unlock on Windows machines, password rotation, and many other account operations without having to rely on the Centrify Gateway Connector or more importantly without increasing their attack surface with extra privileged accounts.
Learn how organizations can establish core privileged access controls across their growing attack surface.
Learn More About Credential Management
Centrify Deployment Options
At Centrify, we understand that not all companies are equal and that their business needs and ways...
Implement Client-Based Password Reconciliation to Ensure Business Application Availability
This white paper details the capabilities and benefits of Centrify Client-based password...