Secure Your Shared Accounts and Credentials
Centrify Vault Suite reduces the complexities associated with securing and sharing access to privileged accounts. Discovery of systems and automated enrollment in the Centrify Platform ensures privileged access governance where shared account credentials are either vaulted or eliminated. Access to these accounts is brokered for users, services, and applications.
Reduce Risk When Sharing Privileged Accounts

Secure Checkout of Account Credentials
Authorized IT, whether internal or outsourced, and third-party vendors can check out passwords for shared accounts, including service, application, and database accounts for a limited duration. Centrify provides the option to take passwords under its complete control. It automatically changes the password after the checkout expires, reconciles passwords, or simply stores the password for future access without changing it.

Session Establishment Without Disclosing Passwords
Authorized users can access resources using shared accounts without knowing the passwords, and Centrify will not expose the passwords. IT admins can use shared accounts without encountering the risk of password sharing or unauthorized access.

Streamline Secure Privileged Access for Local Clients
Users initiate RDP and SSH sessions directly from their local machine for privileged access that doesn’t disrupt their daily routine. Maintain the same level of security and control for privileged sessions with monitoring and session termination.

Govern Privileged Access to Systems and Service Accounts
Developers can create local service accounts with passwords stored and managed in Centrify Vault Suite or create a service account within the Centrify Platform to enable authentication to systems and workloads via short-lived credentials. Applications can also take advantage of their host’s machine identity to request temporary credentials for federated access to other machines and workloads.

SAML Assertions for Web Access
Centrify’s STS brokers workload requests for SAML assertions from third-party Identity Providers (IDPs) such as Okta. This model enables seamless and short-lived access to the Centrify Portal.

Behavior-Based Policies for Checkouts and Privileged Sessions
Identify anomalous behavior while it is happening by enforcing risk-based policies for users who are initiating a privileged session or checking out a credential. Combining risk-level with role-based access controls (RBAC), user context, and multi-factor authentication (MFA) enables intelligent, automated, real-time decisions on whether to grant privileged access, prompt for MFA, or block access.