Securing your private business application data requires a comprehensive strategy. Of course you need to secure access to applications to ensure only valid users have access. But you also need to secure the underlying resources that power those apps, as well as the devices used to access them.
When it comes to protecting devices, it’s clear that Windows PCs present the largest attack surface, based on their huge deployment numbers. With Centrify Identity Service, IT can integrate hassle-free MFA for Windows login, so that users can get secure access to their PCs, as well as the resources and applications they need to be productive.
How it Works
When users log in to their PCs with their domain credentials, they simply present a second factor of authentication as well. There’s no extra authentication screen, or separate application — simply the native Windows login prompt. Centrify then validates the second factor, and makes the appropriate authentication decision. Authenticated users are then granted access to their local machine, securely and easily.
In order to make login a simple and fast as possible for employees, Centrify supports a flexible set of “possession factors,” including:
Secure mobile push notification
Interactive phone call
Third party RADIUS- or OATH-compliant tokens
MFA+SSO=Security and Convenience
Centrify Identity Service also provides the ability to leverage Integrated Windows Authentication (IWA) once the user has authenticated, to provide seamless single sign on to applications from that machine, all based on policy. This means IT can revoke access across devices and apps from a single console, and users have no per-application passwords to enter or remember.