ROBUST CREDENTIAL MANAGEMENT GOES BEYOND VAULTING AND CREDENTIAL ROTATION
Robust Credential Management goes beyond vaulting and rotation of static credentials such as passwords and SSH keys to provide additional credential and authentication services for systems and applications. With the Centrify Privileged Access Service developers get the best of both worlds where applications can use either checkout managed static credentials from a vault or leverage federation technologies for client-to-server authentication depending on which is best for the application.
OPTIMIZE CLIENT-SERVER & MICROSERVICES AUTHENTICATION
Centralized system and service accounts enable streamlined access to services provided by the Centrify Zero Trust Privilege solution.
Authorize appropriate clients with rights to request temporary federation credentials (SAML or OAuth) for servers that trust the Centrify Service for network-based authentication.
Provide developers with application-to-application authentication choices.
Leverage federated authentication models to reinforce the Zero Trust principle that passwords alone should not be trusted for remote client access.
CENTRALIZED SYSTEMS AND SERVICE ACCOUNTS
Developers building applications have a choice to either create local service accounts and use the Centrify Account Passwords and Secrets Vault to vault and rotate these credentials or to create a service account within the Centrify Zero Trust Privilege platform, which leverages centralized authentication services to enable authentication to servers and hosted services with temporary credentials. Applications can also take advantage of the hosting computer’s account that is automatically managed by Centrify to request temporary credentials for access to other servers and hosted services.
OAUTH FOR CONFIDENTIAL CLIENT AUTHENTICATION
OAuth compliant servers or services can be configured with a confidential client account within the Centrify platform in order to request access or bearer authorization tokens on order to gain access to specific functions of the server. Centrify provides full OAuth 2.0 capabilities for both clients and servers.
SAML TOKENS FOR WEB ACCESS
Servers or applications that need access to web applications or hosted services can leverage the Centrify Zero Trust Privilege solution to request a SAML token for the external application. This capability also enables servers or applications with an account in Centrify to request a SAML token to be send to a third-party Identity Provider (IDP) such as Idaptive, which can then provide temporary credentials for downstream applications that trust the IDP. This model enables seamless and temporary access to external web services by servers and client application accounts managed by Centrify.