You are here: Home / PARTNERS / CENTRIFY

CENTRIFY

Centrify enables organizations to strengthen security, enhance compliance efforts, and reduce operational costs by centrally managing their heterogeneous systems and applications using Active Directory. More than 3500 enterprise customers, including over 40% of the Fortune 50, have selected the Centrify Suite for its quick-to-deploy and easy-to-manage approach for securing their heterogeneous computing environment.

IT Security & Compliance

Keep your complex, heterogeneous physical and virtual data centers secure and compliant with centralized management of user access rights, privileges and activity.

In cross-platform environments, establishing accountability by linking entitlements and actions to named users can be a complex task. Active Directory provides a central repository for Windows user accounts. But entitlements to UNIX and Linux systems in particular (which are key platforms for business-critical data) may reside in multiple identity silos such as NIS, LDAP databases, or platform-specific proprietary directories, or they may be managed locally system by system.

Compliance requirements such as Sarbanes-Oxley, FISMA and PCI, as well as security best practices, have a few simple concepts in common: organizations must limit access to business-critical systems only to named users whose job role requires it, and they must audit and report on what those users do.

Centrify addresses these IT security and compliance requirements with a comprehensive identity and access management solution that uses Microsoft Active Directory to centralize authentication, administration, access control, authorization and auditing of non-Microsoft systems and applications — whether physical or virtual, on-premise or cloud-based.

Unix / Linux Identity Management

Reduce risk and streamline operations by eliminating redundant identity stores and tying access controls and superuser privileges to a single, centrally managed Active Directory identity.

Identity Management – Consolidate disparate UNIX and Linux identity stores into Active Directory to streamline operations and enforce separation of duties.

Superuser Privilege Management – Implement a least-privilege security model for Linux and UNIX systems with flexible, role-based controls that protect privileged operations while still granting users the privileges they need to perform their job.

Security Policy Enforcement – Centrally enforce security and configuration policies across Linux, UNIX and Mac systems using familiar Windows Group Policy tools.

NIS-to-Active-Directory Migration – Replace NIS with Active Directory — a fault-tolerant LDAP database that seamlessly integrates Kerberos-based authentication — to enhance security while simplifying your environment.

Mac OS Desktop Management

Use familiar Windows-based tools and processes to apply consistent access, configuration and security policies across your Mac OS X desktops.

The Challenge

As Mac OS X systems continue to move onto corporate desktops, IT managers are looking for a way to accommodate their users’ choice of platform without having to add additional management infrastructure and hire or train additional staff. While IT desktop support personnel can centrally configure security, desktop and application settings for Windows users using Group Policy, sometimes Macs are still managed one by one. Security issues, such as turning off Internet sharing, may be missed by personnel who do not have extensive Mac domain knowledge.

The Centrify Solution

Centrify DirectControl for Mac OS X addresses these needs by joining Mac systems to your Active Directory domain, enabling centralized authentication and access control, along with automated security and configuration management. With Centrify, IT desktop support personnel can use familiar Windows tools and processes to:

  • Manage all Mac user accounts centrally in Active Directory
  • Separate Macs into logical management groups and delegate administrative rights so that only Mac users can access them and only Mac administrators can manage them
  • Centrally lock down and configure Macs using Windows Group Policy — our industry-leading Mac support includes user and computer policies, plus support for advanced features such as loopback processing
  • Configure home directories using a variety options designed to fit enterprises of all sizes
  • Implement smart card authentication

Best of all, Centrify DirectControl for Mac OS X is not a point product but part of the Centrify Suite’s comprehensive solution for centralized identity and access management for 280 versions of Linux and UNIX systems.

SAP, Web and Database Single Sign-On

Improve end-user satisfaction and streamline operations by tying access to SAP, web applications, and databases to a user’s Active Directory account.

The Challenge

End-user access to SAP, web applications and databases is an area fraught with risk for organizations with complex, cross-platform environments. While the Active Directory account of an exiting employee may be de-provisioned quickly, entitlements to SAP, intranets, HR systems, partner portals, and other apps may not be disabled for hours, days – or ever.

In such environments end-users are also frustrated trying to manage multiple accounts and passwords, and help desk resources are drained doing account resets.

Many current solutions require a separate authentication server, which often does not deliver true single sign-on but single sign-on just to the authentication server; the authentication server either has a separate identity store from Active Directory or must be synchronized with Active Directory. These complex architectures are expensive to license and deploy, and represent additional points of failure. These solutions may also rely on non-native, one-size-fits-all authentication clients that are difficult to deploy and configure.

The Solution

Centrify addresses these challenges with true single sign-on directly to Active Directory for SAP, web applications running on Apache, JBoss, Tomcat, WebLogic and WebSphere, and databases such as DB2. Native authentication modules plug seamlessly into the underlying Centrify agent on the managed application host systems, eliminating the need for separate authentication servers. Centrify’s industry-standard solution delivers single sign-on for both intranets and inhouse web apps, as well as federated single sign-on for extranets and B2B applications. With Centrify you can:

  • Improve IT efficiency by leveraging existing accounts and skill sets
  • Enhance end-user productivity and satisfaction by giving them a single Active Directory account to access all of their applications
  • Close security gaps caused by delays in provisioning/de-provisioning and by orphan accounts

Through the same architecture, Centrify also secures the underlying host system, covering the industry’s widest range of Linux and UNIX platforms.

Centrify Suite

The Centrify Suite centrally secures cross-platform data centers through Active Directory-based identity and access management of UNIX, Linux and Mac systems, workstations and applications.

Centrify DirectControl – Centralized Authentication and Access Control Leveraging Microsoft Active Directory

Control who can log into which system, enforce security policies, and consolidate user accounts.

Centrify DirectControl delivers secure access control and centralized identity management by seamlessly integrating your UNIX, Linux and Mac systems and applications with Microsoft Active Directory. DirectControl effectively turns a non-Microsoft system into an Active Directory client, enabling you to secure that system using the same authentication and Group Policy services currently deployed for your Windows systems. DirectControl is non-intrusive, easy to deploy and manage, and is the only solution that enables fine-grained access control through its unique Zone technology.

Centrify DirectAuthorize – Centralized, Role-Based Privilege Management for UNIX and Linux

Control how and when users can access UNIX & Linux systems and enforce what they can do without sharing privileged passwords.

Centrify DirectAuthorize’s centralized, role-based privilege management features help you manage and enforce fine-grained control over user access and privileges on UNIX and Linux systems. According to Gartner, UNIX and Linux systems inherently lack a scalable and simple model for administrative delegation, and organizations that give too many users root permission run unnecessary security risks and will invariably fail audits. By controlling how users access systems and what they can do, DirectAuthorize enables you to lock down sensitive systems and eliminate uncontrolled use of root accounts and passwords. DirectAuthorize also delivers robust entitlement management for UNIX and Linux that goes well beyond complex, script-based authorization management products.

Centrify DirectAudit - Detailed Auditing of User Activity on UNIX & Linux

Audit in detail what users do on UNIX & Linux systems, report on user sessions and monitor for suspicious activity.

Centrify DirectAudit helps you comply with regulatory requirements, perform in-depth troubleshooting, and protect against insider threats for your UNIX and Linux systems. DirectAudit’s detailed logging strengthens your compliance reporting and helps you spot suspicious activity by showing which users accessed what systems, what commands they executed, and what changes they made to key files and data. With DirectAudit you can also perform immediate, in-depth troubleshooting by replaying and reporting on user activity that may have contributed to system failures. And its real-time monitoring of current user sessions enables you to spot suspicious activity.

Centrify DirectSecure – Dynamically Segment and Isolate Cross-Platform Systems

Leverage your existing Active Directory infrastructure to secure access to sensitive information in mixed Windows, UNIX and Linux environments.

Centrify DirectSecure is a policy-based software solution that secures sensitive information by dynamically isolating and protecting cross-platform systems and enabling optional end-to-end encryption of data in motion. By leveraging your existing Active Directory infrastructure and the native IPsec support built into today’s operating systems, DirectSecure seamlessly blocks untrusted systems from communicating with trusted systems, and does so without the need to change your network or applications. The net result is improved adherence to regulatory compliance initiatives as well an additional layer of policy-driven protection against network attacks for mixed Windows, UNIX, and Linux environments, and prevention of unauthorized access to trusted computing resources and data. Organizations with distributed, heterogeneous systems are using DirectSecure to:

  • Protect against external threats by isolating the enterprise from rogue or unmanaged computers or users
  • Isolate servers holding sensitive information from the rest of the enterprise
  • Encrypt data in motion
  • Establish secure communication channels over public or open networks
  • Isolate an individual tenant’s network within an ISP’s multi-tenant environment

Centrify DirectManage – Centralized Management and User Administration of UNIX, Linux and Mac

With Centrify DirectManage you can quickly integrate heterogeneous systems into Active Directory and efficiently administer and manage them through this integrated tool set.

Centrify DirectManage is an integrated set of tools that centralize the discovery, management and user administration of UNIX, Linux and Mac systems through integration into Active Directory-based tools and processes. In addition to administrative interfaces needed to deploy, configure and manage Centrify solutions, Centrify DirectManage includes additional tools that to help you rapidly migrate identities into Active Directory, manage policies, and generate reports. With DirectManage you can:

  • Discover UNIX, Linux or Mac systems within your environment and determine their readiness to join Active Directory
  • Simplify the deployment of Centrify security solutions to UNIX, Linux and Mac systems
  • Rapidly migrate existing accounts and access rights into Active Directory
  • Centrally manage system security and configuration policies
  • Centrally administer user accounts, entitlements and security policies
  • Delegate the management of access rights, accounts, privileges and security policies
  • Centralize monitoring and auditing of user-level activity

If you have a question or a comment, or would like more information or a demonstration, please let us know by completing the Contact Us box on the right side of this page.