Secure Your Shared Accounts and Credentials
Centrify Vault Suite reduces the complexities associated with securing and sharing access to privileged accounts. Continuous discovery of systems and automated enrollment in the Centrify Platform ensures privileged access governance where shared account credentials are either vaulted or eliminated. Access to these accounts is brokered for users, services, and applications.
Reduce Risk When Sharing Privileged Accounts
Automate Discovery of Systems and Service Accounts
Continuously discover systems in AWS and automate enrollment in the Centrify Platform to retain visibility and control over privileged access. Automate discovery of on-premises Windows and domain-joined Linux and UNIX systems and their service accounts in Active Directory and take them under management. Discover and manage domain accounts used to launch Windows. Discover other resources such as network devices using Centrify’s port scanning method.
Secure Checkout of Account Credentials
Authorized IT, whether internal or outsourced, and third-party vendors can check out passwords for shared accounts, including service, application, and database accounts for a limited duration. Centrify provides the option to take passwords under its complete control. It automatically changes the password after the checkout expires, reconciles passwords, or simply stores the password for future access without changing it.
Session Establishment Without Disclosing Passwords
Authorized users can access resources using shared accounts without knowing the passwords, and Centrify will not expose the passwords. IT admins can use shared accounts without encountering the risk of password sharing or unauthorized access.
Streamline Secure Privileged Access for Local Clients
Users initiate RDP and SSH sessions directly from their local machine for privileged access that doesn’t disrupt their daily routine. Maintain the same level of security and control for privileged sessions with monitoring, session termination, and multi-factor authentication (MFA).
Govern Privileged Access to Systems and Service Accounts
Developers can create local service accounts with passwords stored and managed in Centrify Vault Suite or create a service account within the Centrify Platform to enable authentication to systems and workloads via short-lived credentials. Applications can also take advantage of their host’s machine identity to request temporary credentials for federated access to other machines and workloads.
OAuth for Federated Authentication
OAuth compliant systems and workloads can be configured with a confidential client account within the Centrify platform in order to request access or bearer authorization tokens in order to gain access to a scoped set of Vault Suite functions. Centrify provides OAuth 2.0 capabilities for both clients and servers.
SAML Assertions for Web Access
Servers or applications that need access to web apps leverage the Centrify Platform’s Secure Token Service (STS) to generate SAML assertions. Centrify’s STS also brokers workload requests for SAML assertions from third-party Identity Providers (IDPs) such as Okta. This model enables seamless and short-lived access to web admin consoles from the Centrify Portal and from workloads running on Centrify managed systems.
Client-Based Password Reconciliation
Out-of-sync passwords interrupt IT operations and impact security. With Centrify Vault Suite, client-driven password reconciliation for local accounts is simple. Organizations can reset passwords, unlock accounts on Windows machines, and rotate passwords without creating privileged accounts that increase their attack surface.
Behavior-Based Policies for Checkouts and Privileged Sessions
Identify anomalous behavior while it is happening by enforcing risk-based policies for users who are initiating a privileged session or checking out a credential. Combining risk-level with role-based access controls (RBAC), user context, and multi-factor authentication (MFA) enables intelligent, automated, real-time decisions on whether to grant privileged access, prompt for MFA, or block access.
Government-Grade, Secure and Encrypted Storage for Your Data
Your data is securely stored using the Centrify Vault Suite for all user, resource, account, credential, and secrets information. Centrify also supports SafeNet KeySecure management appliances from Gemalto as an alternative for encrypted storage of account credentials and secrets.
Centrify Break-Glass Access to Passwords Demo
Watch this video to learn how to get controlled, emergency access to privileged account passwords from your mobile device.
Tony Goulding: OK, here we are on my iPhone and you see here we have the Centrify native app that provides an alternative way of accessing Windows, UNIX, and Linux servers or network devices under Centrify management.
Tony Goulding: In this scenario, I need to checkout the root password for a server that's in single user mode and off the network. Further still, the network is down so I'm unable to use my laptop to browse to the Centrify Privileged Access Service vault portal to checkout the password. But since I still have cellular access, I can leverage this app.
Tony Goulding: So let's open the app. Since the app gives access to administrative functions, I'm prompted to validate my identity. I’ll use the Face Scan.
Tony Goulding: The landing page shows the various managed systems I can access.
Tony Goulding: In the list we see a windows domain controller and member server, and a few Linux boxes including the Red Hat Linux server I'm interested in. Tapping the FM-Red Hat 1 entry takes me to a list of accounts I can access based on my Centrify roles. I'll click the Checkout button for the root account. Note again that since this is a privileged operation inside the Centrify app, I'm validated again with my Face ID.
Tony Goulding: The app retrieves the password from the Centrify vault and I'm able to write that down, walk up to the Linux console and login to begin diagnosing the issue.
Tony Goulding: Navigating back you can see various account passwords I have checked out and once I'm done fixing the Linux box, I can check the password back in. Under the covers, the Centrify Privileged Access Service will rotate the password to prevent any subsequent misuse.
Tony Goulding: So there we see the convenience of using a native mobile application available on iOS and Android, to checkout passwords in emergency break-glass scenarios, even when the regular network is not available.
Learn More About Centrify Vault Suite
Centrify Vault Suite
It’s become evident that cyber-attackers are no longer “hacking” to carry out data breaches — they...
2021 Gartner Magic Quadrant for Privileged Access Management
Gartner Identifies Centrify as a Leader in the 2021 Privileged Access Management Magic Quadrant.