Centrify Cloud

Identity Management Delivered from the Cloud

Centrify is the first and only security vendor to deliver global identity management solutions for both end users and privileged users as Software-as-a-Service (SaaS), with Centrify Identity Service™ and Centrify Privilege Service™.

Centrify’s cloud-based identity management solutions are architected for enterprise scale and high availability. They solve business problems around security and identity for large multi-national companies and small businesses worldwide. Centrify’s commitment as a global security provider is evidenced by the facts: our cloud-based identity solutions are available in 15 different languages and delivered from data centers in every major geography around the globe, with available follow-the-sun 24/7 support.

Centrify Identity Service and Centrify Privilege Service, our SaaS identity management solutions, are secure, simple to deploy, and easy to use. These services are enabled by Centrify’s unique product architecture that combines world-class hosting technologies, state-of-the-art systems and processes, and our own software to ensure the confidentiality, integrity and availability of customer data and service functionality. Together, these products and technologies comprise the Centrify Cloud.

Both Identity Service and Privilege Service are built upon the Centrify Identity Platform, a fully redundant, multi-tenant service architecture built from the ground up for security in the cloud. The Identity Platform is fundamental to our ability to provide world-class features, always-on functionality, global availability, and data security to our 5,000+ customers in the form of cloud-based solutions every day and in every geography.

The Centrify Cloud

The Centrify Cloud is composed of:

  • The Centrify Identity Platform
  • Centrify Identity Service
  • Centrify Privilege Service
  • SSAE 16 SOC 2 Type II compliant and audited systems and controls
  • Physical and virtual infrastructure hosted globally on Microsoft Azure

Users and administrators access services delivered by the Centrify Cloud via both web and mobile user interfaces. When necessary to connect to on-premises resources, the Centrify Connector securely connects your on-premises applications, directory service, and servers, network devices, and shared accounts to the Centrify Cloud. The Active Directory Users and Computers (ADUC) extensions enable mobile device and Mac management using Active Directory Group Policy. Centrify’s audit and reporting feature set for privileged session monitoring can be optionally integrated with Centrify Privilege Service.


Centrify Identity Platform

The Centrify Identity Platform is the industry’s first cloud-based platform built to provide secure, always-on identity management services for end users and privileged users. Technically, the Identity Platform is a set of secure interfaces published as RESTful APIs that provide core services for secure data storage, directories for users, resources and applications, authentication services (including multi-factor), policy services, and reporting.

Centrify Directory
The Centrify Directory is an optional directory service built into the platform, for customers without an on-premises directory service such as Active Directory or LDAP, or who prefer to use a combination of Active Directory or LDAP and a separate Centrify Directory. For example, an organization can use a hybrid of Active Directory or LDAP for internal identities and the Centrify Directory for external users such as contractors, partners, or customers.

Federated Directory
The Federated Directory service enables users from external directories to authenticate into the Centrify Cloud, to access apps or resources. Federation is enabled by establishing a trust relationship between the Centrify host and the external users’ identity provider (IdP). These external users access the Centrify service using their own credentials.

Policy Engine
The Policy Engine allows IT to build secure app, resource, access, and device policies, with the most robust set of parameters available. Using combinations of device type, location, time, user, app type, network, and more, IT can build custom per-app access policies to mitigate identity-based data risks. In non-hybrid environments, customers can manage mobile device policy directly through Active Directory if they prefer.

The Policy Engine also powers the capabilities of Identity Service to provision and de-provision users with popular SaaS applications and Active Directory, LDAP, the Centrify Directory, external users, or any combination.

Authentication Engine
The Authentication Engine leverages Active Directory, LDAP, the Centrify Directory, external users, or any combination, to manage authentication and access to apps, servers and infrastructure, shared accounts, and user devices.

Integrated into the Authentication Engine is Multi-Factor Authentication (MFA), which allows IT to implement strong authentication for specific apps, servers and accounts, or other infrastructure — all from the cloud. Centrify’s MFA was designed to be simple yet powerful, and is seamlessly integrated with the Centrify Mobile App. Users don’t have to become authentication experts, and IT can deploy secure authentication as needed for both end users and privileged users.

Reporting Engine
The Reporting Engine allows IT to monitor and report on user actions, app, resource and shared account access, device usage, and much more. Fully customizable reports allow granular reporting across an enterprise, or just for specific apps or resources and accounts — as needed by IT.

Secure Data Store
The Secure Data Store is a true multi-tenant data architecture, with per-tenant encryption to secure data-at-rest and computer-to-computer certificate-based authentication and encryption to secure data-in-motion both inside and outside the Centrify Cloud. Depending on your needs, you can choose from additional options for different levels of data and compute isolation in the Centrify Cloud hosted on Microsoft Azure.

Workflow Engine
The Workflow Engine enables resources to be configured for an approval workflow. End users can request access to the resource. The line of business owner can approve the request, triggering automatic provisioning of the resource to the requestor.

Centrify Identity Service

Centrify Identity Service is built on top of the Identity Platform. Centrify Identity Service is the only IDaaS solution that integrates single sign-on, provisioning and MFA with enterprise mobility and Mac management.

Centrify Privilege Service

Centrify Privilege Service is built on top of the Identity Platform. Centrify Privilege Service is the only true cloud-based privileged identity management (PIM) solution that combines shared account password management, secure remote access, and privileged session monitoring in a SaaS package.

Centrify Service Portals and the Centrify Mobile App

End users and IT administrators access Centrify Identity Service and Privilege Service via both web and mobile apps, including a native mobile app from Centrify. Portals for end users, privileged users and administrators present a common user interface within the user’s browser or app.

User Portal
The User Portal for Identity Service provides one click (or one-tap) access to cloud and on-premises apps. Apps are made available based on user role, and managed by IT, and the portal is available across desktops, laptops and mobile devices.

In addition, the User Portal allows for optional self-service device management. Users can locate, lock, or wipe lost or stolen devices, as well as enroll new devices to be managed by IT — without requiring assistance or time from IT.

Admin Portal
The Admin Portal portal allows IT to administer both Identity Service and Privilege Service within a common user interface. Administrators can define and implement app, device, resource, and account policy, as well as report on user, app, and device activity, resource and password access, and remote management sessions. Admins can set up automated user account provisioning, define app, resource and password access policies, configure Cloud Connectors for on-premises connectivity, enable SSO, deploy MFA, manage mobile apps and devices and on-premises and cloud-based resources, accounts and passwords, and more, all from a common cloud portal.

Privilege Manager
The Privilege Manager portal provides always-on access for authorized users to manage servers, network devices, accounts, and passwords. Privileged users can add or import new resources, checkout passwords, and launch remote management sessions using their own credentials or those of a shared account. All user activity within Privilege Manager is audited. Customers can optionally audit session activity per-resource.

Centrify Mobile App
The Centrify Mobile App provides integrated application SSO, device management, and MFA to users’ mobile devices. The Centrify Mobile App allows users to enroll their devices in corporate policy — enabling simple one-tap access to business apps, as well as complete device management.

For ISVs and other developers, Centrify's Mobile Authentication Services SDK enables them to write apps that leverage the Centrify Cloud Service to provide Zero Sign-On leveraging their organization's Active Directory.

Optional On-Premises Software

Centrify Cloud also offers optional software in the form of the Centrify Connector as well as Active Directory Users and Computers (ADUC) extensions to seamlessly connect the Centrify Cloud to on-premises infrastructure. This allows IT to use on-premises Active Directory or LDAP for single sign-on and user policy, and can also make on-premises apps available to remote users without the need for VPN.

Centrify Connector
The Centrify Connector is an easy-to-install Windows service that runs behind your firewall to provide a real-time Active Directory or LDAP proxy to connect user profiles and group policy without synchronizing data to the cloud. You keep control of your valuable Active Directory or LDAP data while extending a common-sense user experience to your end-users.

The Centrify Connector also provides an On-Premises App Gateway — available as a feature of Centrify Identity Service, App+ Edition — to provide secure, encrypted access to behind-the-firewall apps without the hassles of VPN.

Centrify ADUC Extension for Active Directory-based Mobile and Mac Management
The Centrify Connector can also install a collection of extensions to standard Windows-based management tools without any AD schema changes. The Centrify ADUC extension shows the devices that are associated with a user's Active Directory profile — inside the Active Directory user interface. A Centrify provided extension to the Windows Group Policy Objects Editor (“GPOE”) lets you set up configuration and security policies that can be automatically applied to mobile devices.

Centrify Audit Services
Centrify Server Suite audit and reporting features for privileged session monitoring can be optionally integrated with Centrify Privilege Service to provide video capture and playback of privileged users’ remote management sessions.