CENTRALLY MANAGE MACHINE IDENTITIES AND THEIR CREDENTIALS
Centrally manage machine identities and their credentials within Active Directory or the Centrify Zero Trust Privilege Services to establish an enterprise root of trust for machine-to-machine authentication based on a centralized trust model. Machine identities support federated authentication from machine-to-machine so that applications running on these systems can take advantage of the underlying authentication service to seamlessly access other services on other computers within the enterprise, leveraging Kerberos or PKI authentication mechanisms.
ESTABLISH MACHINE IDENTITIES FOR AN ENTERPRISE ROOT OF TRUST
Establish best practices for strong root of trust for all machines accessing other enterprise services.
Ensure compliance through centrally managing security policies.
LEVERAGE ACTIVE DIRECTORY MACHINE IDENTITIES TO SUPPORT KERBEROS AUTHENTICATION SERVICES
Centrally manage both Unix/LINUX and Windows machine identities in AD to support Kerberos Authentication Services and avoid the maintenance and cost of managing local identities.
SUPPORT OF AUTO-ISSUANCE & RENEWAL OF COMPUTER PKI CREDENTIALS
Centrify Agent for Linux and UNIX systems enforces Microsoft® group policies such as the certificate policies to both establish trusts with enterprise-trusted certificate authorities as well as auto-issue and auto-renewal of computer certificates from Microsoft Certificate Authorities leveraging the same policies that you may already be using for Windows systems. This greatly simplifies the computer certificate management taking advantage of existing infrastructure and management processes in place for Windows systems. Applications can take advantage of the computer PKI credentials through existing OpenSSL functions, which automatically use the computer credentials and enterprise trusts.
centrify authentication service
The Centrify Authentication Service data sheet outlines how customer can go beyond the vault and properly verify who requests privileged access. This can be achieved by leveraging enterprise directory identities, eliminating local accounts, and decreasing the overall number of accounts and passwords, therefore reducing the attack surface.