Shared Account & Credential Vault

Secure Your Shared Accounts and Credentials

Centrify Vault Suite reduces the complexities associated with securing and sharing access to privileged accounts. Continuous discovery of systems and automated enrollment in the Centrify Platform ensures privileged access governance where shared account credentials are either vaulted or eliminated. Access to these accounts is brokered for users, services, and applications.

Reduce Risk When Sharing Privileged Accounts

Automate discovery and enrollment of systems and service accounts for privileged access governance.
Enforce centralized control over who can access credentials and audit administrator activity — including third-party access.
Simplify and automate shared account password management and reconciliation for superuser and service accounts.
Single location for emergency access to superuser passwords for all on-premises and cloud-based infrastructure.
Step-up authentication and secure access to infrastructure without knowing privileged account passwords.
Replace static credentials with federated authentication and short-lived credentials such as OAuth2 and SAML tokens.

Automate Discovery of Systems and Service Accounts

Continuously discover systems in AWS and automate enrollment in the Centrify Platform to retain visibility and control over privileged access. Automate discovery of on-premises Windows and domain-joined Linux and UNIX systems and their service accounts in Active Directory and take them under management. Discover and manage domain accounts used to launch Windows. Discover other resources such as network devices using Centrify’s port scanning method.

Password Vault, password vaulting, enterprise password management by Centrify

Secure Checkout of Account Credentials

Authorized IT, whether internal or outsourced, and third-party vendors can check out passwords for shared accounts, including service, application, and database accounts for a limited duration. Centrify provides the option to take passwords under its complete control. It automatically changes the password after the checkout expires, reconciles passwords, or simply stores the password for future access without changing it.

Enterprise Password Vault, Enterprise Password Management

Session Establishment Without Disclosing Passwords

Authorized users can access resources using shared accounts without knowing the passwords, and Centrify will not expose the passwords. IT admins can use shared accounts without encountering the risk of password sharing or unauthorized access.


Streamline Secure Privileged Access for Local Clients

Users initiate RDP and SSH sessions directly from their local machine for privileged access that doesn’t disrupt their daily routine. Maintain the same level of security and control for privileged sessions with monitoring, session termination, and multi-factor authentication (MFA).

screen-Access Request & Approval Workflow

Govern Privileged Access to Systems and Service Accounts

Developers can create local service accounts with passwords stored and managed in Centrify Vault Suite or create a service account within the Centrify Platform to enable authentication to systems and workloads via short-lived credentials. Applications can also take advantage of their host’s machine identity to request temporary credentials for federated access to other machines and workloads.


OAuth for Federated Authentication

OAuth compliant systems and workloads can be configured with a confidential client account within the Centrify platform in order to request access or bearer authorization tokens in order to gain access to a scoped set of Vault Suite functions. Centrify provides OAuth 2.0 capabilities for both clients and servers.


SAML Assertions for Web Access

Servers or applications that need access to web apps leverage the Centrify Platform’s Secure Token Service (STS) to generate SAML assertions. Centrify’s STS also brokers workload requests for SAML assertions from third-party Identity Providers (IDPs) such as Okta. This model enables seamless and short-lived access to web admin consoles from the Centrify Portal and from workloads running on Centrify managed systems.

Exposing the Myths Around Password Vaults

Client-Based Password Reconciliation

Out-of-sync passwords interrupt IT operations and impact security. With Centrify Vault Suite, client-driven password reconciliation for local accounts is simple. Organizations can reset passwords, unlock accounts on Windows machines, and rotate passwords without creating privileged accounts that increase their attack surface.


Behavior-Based Policies for Checkouts and Privileged Sessions

Identify anomalous behavior while it is happening by enforcing risk-based policies for users who are initiating a privileged session or checking out a credential. Combining risk-level with role-based access controls (RBAC), user context, and multi-factor authentication (MFA) enables intelligent, automated, real-time decisions on whether to grant privileged access, prompt for MFA, or block access.


Government-Grade, Secure and Encrypted Storage for Your Data

Your data is securely stored using the Centrify Vault Suite for all user, resource, account, credential, and secrets information. Centrify also supports SafeNet KeySecure management appliances from Gemalto as an alternative for encrypted storage of account credentials and secrets.

Centrify Break-Glass Access to Passwords Demo

Watch this video to learn how to get controlled, emergency access to privileged account passwords from your mobile device.

Learn More About Centrify Vault Suite

Ready to Protect Against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial