PRIVILEGE ELEVATION

Seamless Privilege Elevation with Dynamic Access Restrictions

Protect all your critical Windows, Linux and UNIX systems by centrally controlling exactly who can access what and when. Centrify lets you configure dynamic privileges so that users can only use privilege for a specified period of time, at specific times, on certain servers, or by a range of other criteria.

Centrify eliminates the problem of too many users having too many broad, unmanaged administrative privileges. Through granular enforcement of a least-privilege access model, users get access to exactly what they need to do their jobs, but nothing more. The net result is organizations can improve security, reduce risks and more easily meet compliance requirements.

You can also grant internal users — such as help desk reps, developers and system administrators — or external users — such as vendors, contractors or outsourced IT partners — temporary additional privileges for a single project, a short-term assignment or to participate in a program outside their normal job scope.

On-Demand Privilege Elevation

When a user needs to elevate their access privileges to run a specific application or perform a privileged operation, they can do so quickly and easily. Centrify makes it seamless to elevate privilege based on roles tightly integrated with Active Directory users and groups. And because Infrastructure Services is an integrated solution built on a common technology, privilege elevation can be used as one of the triggers to begin auditing of the user session.

Users can elevate privileges based on Centrify roles that leverage group membership in Active Directory. Users can elevate privileges per-command, or open a privileged shell (with whitelisted commands) in Linux or UNIX, or one-click to a specific role or open a privileged desktop in Windows.

On-demand privilege elevation is seamless and eliminates the need to re-enter passwords, check out temporary passwords or submit help desk requests for access while maintaining least-privilege access and increasing security.

Just-in-time Privilege

IT admins can request access to the specific systems and network devices they need to manage for just the amount of time they need — from anywhere. A simple, intuitive interface enables administrators to request a new role assignment on a specific resource, access to privileged account credentials or to request a privileged session to perform a designated task. Access is granted or denied through an automated, multi-level management approval workflow.

Elevate Privilege and Dynamically Enforce Access Rights

  • Allow users to quickly elevate privilege, and optionally require users to re-enter credentials (password or smart card) or prompt for an additional factor of authentication before elevation.
  • Restrict the access rights of privileged roles to specific systems, services or applications, with the ability to enforce privileges by time allotment, job function, system, services and applications.
  • Enable just-in-time privilege via workflow-based management approvals for new role assignments to perform additional tasks, password checkouts or privileged sessions.
  • Enforce privilege and privilege elevation in remote connections across the network — not just when users login to specific servers.
  • Automatically trigger session recordings based on user, role, system or privilege elevation to comply with your audit policy.
  • Verify that use of privilege is associated with a trouble ticket by executing checks when privilege is elevated.