Centrify for Apple Mac OS X

Apple Mac OS X Integration with Active Directory


The Centrify Server Suite centrally secures and manages Apple Mac systems — along with 450 versions of Windows, Linux and UNIX — by integrating them with your existing Microsoft Active Directory services.  

Apple Mac desktops and laptops are increasingly being utilized in today’s workplaces. Employees are bringing their own Macs to work and many organizations are choosing to deploy Macs to their users. Yet managing Macs and securing access to corporate networks and data can be challenging — especially for organizations that rely on Microsoft management solutions. With Centrify, organizations can manage and secure Macs with the same tools they use to manage PCs. By leveraging existing management tools and processes across a broad range of popular devices, organizations can lower IT costs and achieve increased worker productivity and security.

With the Centrify Server Suite you can:

  • Gain visibility into identity-related risks and mitigate internal threats.  Automated discovery of violations of identity and access management best practices, and simplified privileged access management and auditing link all privileged activity back to an individual.
  • Streamline regulatory compliance across Windows, Mac, Linux and UNIX systems.  A single, unified identity architecture enables enterprise-wide session auditing and compliance reporting while enforcing a least-privilege security model.
  • Reduce costs and increase productivity.  A single, integrated solution for unified identity, privileged access management, and activity auditing leverages your existing investments in identity infrastructure, versus deploying a myriad of single purpose and platform specific products.

Built on a single architecture, the Centrify Server Suite has been chosen by over 5,000 enterprise customers worldwide for its quick-to-deploy, easy-to-manage next-generation technology. The Centrify Server Suite is packaged in several editions to suit your needs.

Smart Card Support

Centrify Identity Service, Mac Smart Card Edition supports CAC, CAC NG, PIV and PIV-I smart card-based login to Active Directory in the same fashion as Windows systems, ensuring strong authentication and single sign-on to other applications and services for Active Directory users. Smart card login combined with Centrify's ability to enforce security policies required in high security environments helps to ensure compliance with corporate and federal policies, enabling further adoption of Mac OS X systems in these environments.

Centrify's support for the DoD's Common Access Card (CAC) standard is certified by the Joint Interoperability Test Command (JITC), bringing Mac OS X (and Red Hat Linux systems) into compliance with Homeland Security Presidential Directive 12 (HSPD-12).

No special user configuration is required on the local system because all authentication and access control data is stored in Microsoft Active Directory. Server Suite supports both online and offline login with smart cards. This would enable an organization to, for example, require users logging on to a Mac laptop on an airplane to authenticate using their smart card.

To streamline deployment of smart card-protected systems, Server Suite automates the configuration of the system to support smart card login as well as to ensure that the system trusts the root certificate authorities that are trusted by Active Directory when a Mac joins the domain. Active Directory enforces smart card access to Windows systems through the Account option "Smart card is required for interactive logon" policy. Server Suite enforces this policy on Mac systems as well, giving you the ability to enforce smart card access consistently across your organization.

Server Suite also provides Group Policies to enable centralized management of smart card login. These Group Policies can be used to require a Mac to go into screen lock or to force a logout when the smart card is removed from the reader during a session. This policy enforcement on Mac systems enables organizations to easily enable the secured usage of Macs within their Windows environments leveraging the same tools, procedures and policies that they are already familiar with today.