Ensure Only Authorized Humans Access Critical Infrastructure
Privileged access to systems is often the primary attack interface, which must be protected from cyber adversaries who wish to steal information or do harm in an environment. Enforcing strong authentication through multi-factor authentication (MFA) bolsters identity assurance and ensures that only authorized humans are accessing critical systems. Centrify’s MFA at login for Linux, UNIX and Windows systems is host-enforced and cannot be circumvented.
Zero Trust Demands Identity Assurance

Centralized MFA Service for All Privileged Access
Whether applying MFA at system login, vault login or during privilege elevation the Centrify Platform powers a consistent and easily maintainable MFA Service for ALL privileged access. Centrify MFA Service delivers out-of-the-box support for NIST Level 2 and 3 Assurance Levels.

Local MFA Capabilities for Linux and UNIX
The Centrify Agent is configured with a centralized policy to step-up authentication at login with a call out to a Centrify or 3rd party pluggable authentication module that challenges the user for MFA. Local enforcement simplifies the environment where systems directly communicate with the OTP.

Windows MFA Natively Integrated into the Login Process
Secure access to Windows systems with host-enforced MFA that verifies the authenticity of the user accessing the server. Host-enforced MFA cannot be bypassed by malicious attackers and streamlines the login process for authorized privileged users with seamless integration into the Windows login process.

Centrify Mobile App for Push Notification and Workflow
Centrify Mobile App for iOS and Android delivers a simple interface for MFA notifications. The Mobile App also provides an interface to manage OATH tokens where the Centrify Vault Suite manages the seed or secret. This interface validates the OTP codes for privileged applications or services that require OATH-compliant MFA such as the AWS® Console.
Smart Cards
Centrify Authentication Service supports Smart Cards for authentication at the highest assurance level after users are validated and verified against the corporate directory. Centrify’s support for CAC, CAC NG, PIV and PIV-I Smart Card-based Linux login combined with stringent security policy enforcement across Linux and Windows, simplifies compliance with federal guidelines for high-security environments.
RSA
Security administrators can use existing RSA Ace/Server-based authentication and authentication policies with Centrify MFA Authentication Service. In addition to using Centrify Zones, roles, and rights to authenticate via Active Directory, the RSA Ace/Server policies are centrally defined and enforced on login to the Centrify protected server, as well as on privilege elevation on that server.