Products

MFA at Privilege Elevation

VALIDATE THAT THE PROPER PRIVILEGED USER IS LAUNCHING PRIVILEGED COMMANDS

Multi-factor authentication (MFA) at login is not always the best choice, especially if that access and the normal commands cannot do any harm or access any sensitive information. However, the execution of a privileged command should always be protected from malicious actors by ensuring only authorized humans are launching privileged commands through MFA validation prior to privileged command execution. Centrify provides host-based technology, which cannot be circumvented to enforce multi-factor authentication upon privileged execution across Linux, UNIX and Windows servers.

ALLOW FOR STRONG VERIFICATION PRIOR TO PRIVILEGED COMMAND EXECUTION

  • Reinforce Zero Trust principles requiring strong verification of a privileged user prior to privileged command execution, enforced by an intelligent agent on each host.
  • Simplify IT Staff access when privileges are not required for day-to-day activity such as checking logs for investigative work.
centralized management

CENTRALIZED MFA SERVICE INTEGRATION

Whether apply MFA at system or vault login or during privilege elevation, integration with the Centrify Privileged Access Service allows a consistent and easily maintainable MFA service for ALL privileged access. With the broadest range of authenticators and out-of-the-box support for NIST Level 2 and 3 Assurance Levels. We got you covered.

MFA ON LINUX PRIVILEGE ELEVATION

MFA FOR UNIX/LINUX PRIVILEGE ELEVATION

A Zero Trust Privilege approach requires always Verifying Who is requesting privileged access. UNIX/Linux admins logging in to check the system is not considered risky and should not require MFA, however execution of any privileged commands should be configured to require MFA prior to execution leveraging Centrify’s centralized MFA services.

MFA ON PRIVILEGE ELEVATION

MFA FOR WINDOWS PRIVILEGE ELEVATION

A Zero Trust Privilege approach requires always Verifying Who is requesting privileged access.  Windows admins who need to execute privileged commands can be challenged for MFA, required to reauthenticate with their AD password or validate their identity with a Smart Card.

Centrify Supports a Broad Range of
Multi-factor Authenticators

LEARN MORE

Ready to protect against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial