Grant Just Enough Privilege Across Windows, Linux and UNIX
Reduce the risk of attack through individuals with too much privilege. Implementing least privilege access limits potential damage from security breaches. Thus, the flexible, fine-grained Centrify Privilege Elevation Service lets your users get work done, reduces risk and makes implementing a just-in-time, least privilege model easy with role-based access controls.
A Single Source of Identity Makes Assigning, Changing, and Auditing Privileges Easy
Reduce the risk of attack through individuals with too much privilege. Implementing least privilege access limits potential damage from security breaches.
Increase security and accountability by having fewer shared accounts and vaulted credentials. Easily assign or revoke privileges for users across Windows, Linux and UNIX systems.
Realize operational efficiencies through integrated authorization, authentication and audit that leverages existing investments in Active Directory.
Leverage a single corporate policy across a wide variety of platforms.
Prove compliance with regulations and industry mandates to auditors with a single view into the control and security of user privileges.
Ensure all privileged activity is tied to an individual. Users log in as themselves, seamlessly elevate privilege and all activity is audited.
Enable just-in-time privilege by requiring workflow-based management approvals for credential checkouts, privileged sessions and privileged roles.
Role-Based Access Controls Make Least Privilege Easy
Least privilege access gives you strong controls over your users’ privilege and reduces your risk from a range of threats. Centrify’s patented Zones technology provides highly granular, role-based access controls that simplify the implementation of a least-privilege model across Windows, Linux and UNIX systems.
Seamless Privilege Elevation with Dynamic Access Restrictions
Secure your Windows, Linux and UNIX systems by controlling exactly who can access what and when. Unlike de-centralized single-purpose tools like sudo, Centrify enables the configuration of dynamic privileges so that users can only elevate privilege at specific times, for a length of time and on certain servers. You can also isolate servers based on time and trust relationships to further protect sensitive data.
Powerful Tools Automate Privilege Creation and Assignment
Centrify provides a powerful set of tools to simplify adoption and management of a least privilege access model. Centrify Zero Trust Privilege Services include tools and APIs to assess identity-related risk, assign pre-defined roles and rights, import existing sudo files, automate the creation of new roles and rights, create reports and meet audit requirements.
See Centrify Privilege Elevation Service in Action
Centrify Privilege Elevation Service: Privilege Elevation for Citrix Xen
Watch this video to learn how Centrify Zero Trust Privilege Services help elevate privilege for Citrix Xen.
Tony Goulding: If you're a Centrify customer watching this, you're familiar with how our infrastructure services such as Privilege Elevation work in traditional bare metal or virtual Windows, Linux, and Unix, environments.
Tony Goulding: But what about Citrix Xen? No problem. The same technology can be used to govern privileged access to applications streamed with Citrix XenApp to your Citrix Receiver client.
Tony Goulding: Let's assume I'm a web administrator wanting to perform some maintenance using IIS on a Windows machine.
Tony Goulding: Here I am on my local system. I'm going to open a browser and click on my Citrix Receiver bookmark to open a new session.
Tony Goulding: Following our best practice of logging in as myself with the least amount of privilege, I’ll need to elevate privilege to manage the web server.
Tony Goulding: You can see 3 application icons available to me. For demo, they all run IIS Manager, but in different ways to showcase how Centrify services can be applied in this Citrix Xen environment, similar to how it applies in the non-Citrix world.
Tony Goulding: For the first demo, I'm simply going to try and run IIS Manager as myself. As you see, I don't get visibility to the locally-configured web server or the administration tools.
Tony Goulding: The middle icon represents IIS Manager with privilege elevation. So, if I've been granted a role that allows me to do this, IIS Manager will run with Administrative privileges. Now we see the local web server and I have access to the various tools to manage it.
Tony Goulding: Finally, let's assume we want a bit more identity assurance about the user attempting to run this app. As you see, the Centrify Platform is being queried to determine what 2nd factors are configured for this user. I'm being asked first for my password. I'm being prompted for a 2nd factor of authentication. I’ll answer the question…and we're off to the races again. MFA on privilege elevation is a unique capability of Centrify. As you know, Centrify supports a raft of 2nd factors both out of the box as well as 3rd-parties such as RSA SecurID, Yubikey, and Duo.
Tony Goulding: Note that, just like in the traditional environment, Centrify's Auditing and Session Recording work as expected so you have full end-end visibility of privileged activity including visual session recording and playback.
Tony Goulding: This demo showed privileged access security around streamed apps. But what about Xen Desktop? Here again, Centrify's infrastructure services works seamlessly as you would expect, governing login to the Desktop with optional MFA on login, and then privilege elevation to govern access to applications.
Tony Goulding: So, in summary, all the power and benefits of Centrify Infrastructure services you depend on in your more traditional Windows, Linux, and UNIX world can also be used to protect access to your streamed applications or your remote Xen Desktop sessions.