Centrify provides a powerful set of tools to simplify adoption and management of a least privilege access model. Centrify Zero Trust Privilege Services include tools and APIs to assess identity-related risk, assign pre-defined roles and rights, import existing sudo files, automate the creation of new roles and rights, create reports and meet audit requirements.
Application Rights Builder
The Centrify Application Rights Builder makes setting up application privileges easy for Windows administrators. You simply select an application or a running process to which your user(s) need access and the Centrify Application Rights Builder figures out all the privilege dependencies needed to run that application — including file paths and command arguments. Match criteria values can be edited at any time and you can make any set of application privileges a template for the creation of rights across servers.
The Centrify Application Rights Builder provides pre-defined application rights for 18 consoles, for a total of 28 pre-defined rights for managing Windows Server. These pre-defined rights make it easy to get started with privilege management for your Windows servers. For example, you can quickly grant your admins the right to manage Windows services without having to give them local administrator accounts.
The Centrify sudo Migration Wizard helps you to easily migrate your local sudoers files to a centralized authorization model in Active Directory, which is integrated with an identity and auditing policy. This allows you to move from local to centralized authorization, simplifying enforcement of roles and privileges and eliminating local file management and the need for distributed file synchronization.
The Centrify sudo Migration Wizard retrieves sudoers files and stages that information within a Centrify Zone. The import wizard allows you to:
- Create or leverage existing Active Directory groups that map to the sudoers file user alias.
- Create computer roles to match the scope defined within the sudoers file host alias.
- Create Centrify rights.
- Create Centrify privileged commands from the sudoers file command alias.
- Augment privileged commands for the UID to run as based on the sudoers file run as alias.
Centrify Zero Trust Privilege Services include in addition the Centrify Access Module for PowerShell, which consists of the following:
- Application programming interfaces in the form of PowerShell command-line programs, or cmdlets, which are packaged in dynamic link libraries (.DLLs).
- A PowerShell help file that includes complete cmdlet reference information and a scripting guide.
- Sample scripts to illustrate administrative tasks.
- On Windows computers, you can use the Centrify Management Access Module for Windows PowerShell to develop your own custom scripts which access, create or modify Centrify-specific data in Active Directory. You can also create custom report scripts using cmdlets specifically designed to query Centrify data.
Centrify Zero Trust Privilege Agent for UNIX/Linux includes a powerful CLI administration tool to support full policy management from either command line or shell scripts to enable UNIX/Linux administrators to use their tool of choice for policy management. With this CLI there is no need to use any Windows tools such as MMC consoles or PowerShell. Sample scripts are provided to illustrate administrative tasks.