Multi Factor Authentication | MFA Solution

Increase Assurance with MFA at Vault to Minimize Risk

Privileged user access requires multi-factor authentication (MFA) to comply with regulations and ensure that only authorized human users access privileged accounts and systems versus malware or bots impersonating your IT staff. Centrify provides MFA capabilities from the simplest of authenticators to the most advanced and aligns with NIST Authenticator Assurance Level 2 or 3. Centrify can trigger MFA during vault login, password checkout, SSH key and secret retrieval, and login session initiation.

Ensure Compliance with Robust MFA Services

Reinforce the Zero Trust principle that remote users should not be trusted without MFA to assure authorized human access.

Enable compliance with industry regulations such as PCI and HIPAA for privileged access to sensitive data.

Out of the box support for NIST Assurance Level 2 or 3 for secure and compliant access.

MFA for Vault Operations

Authentication policies define the factors required for vault access based on the user's context when logging into the Centrify Vault Suite. Centrify Platform provides multi-factor authentication (MFA) or step-up authentication for various vault operations such as account password checkout or privileged account login.

Native Support for Advanced Federated Authentication

Users can authenticate from an external authentication system into the Centrify Vault Suite via Active Directory with Kerberos/IWA or via an Identity Provider (IDP) such as Okta^®, Ping Identity^® or Microsoft^® ADFS or Azure^™ using SAML. Third parties such as outsourced IT support, external developers, or vendor support can authenticate their staff internally and access the Centrify Vault Suite via federation to eliminate manual account management for third-party access to your sensitive systems.

Authenticators Supported by Centrify

Mobile push notifications to the Centrify Mobile App for iOS and Android with simple swipe after unlock to verify authentication.

One or more security questions can be used, as the simplest form of authentication using something the user knows.

Phone Call with PIN Verification can be used with any phone number in the Centrify Platform’s directory service — mobile, office, or home numbers.

Text Message (SMS) Confirmation Code can be used with any phone number in the Centrify Platform’s directory service — mobile, office, or home numbers.

Email Confirmation Code can be used with the email address in the Centrify Platform’s directory service.

OATH OTP Tokens such as managed by Google Authenticator or Centrify Mobile App, can be used to validate the user is who they say they are.

Third-Party RADIUS Authentication via RADIUS integration takes advantage of your existing MFA system such as RSA^® SecurID^™, Duo Security^® or Symantec^® VIP.

FIDO U2F Security Keys represent a super simple solution to deploy that also provides the highest identity assurance when combined with the user’s password.

FIDO2 support the latest FIDO Alliance specifications for passwordless authentication and on-device authenticators such as Microsoft Hello, Apple’s FaceID and TouchID biometrics.