Centrify has you covered when it comes to auditing and reporting privileged access for compliance and governance purposes. Centrify Zero Trust Privilege solutions help customers assure continuous transparency into their compliance posture, addressing key regulations such as Sarbanes-Oxley (SOX), PCI DSS, MAS, NIST, FISMA, etc.

With Centrify You Can :

Demonstrate Compliance and Simplify Forensic Investigations

Show that security controls are in place and working as designed and provide proof of compliance.

Establish Individual Accountability

Recorded privileged sessions and activity are attributed to an individual to deliver individual accountability. The searchable playback feature gives IT security managers and auditors the ability to see exactly what users did and identify the source of a security incident.

Streamline Integration with SIEM, Alerting and Reporting Tools

Privileged access data is captured and stored to enable robust querying by log management tools and integration with external reporting tools.Streamlined integration with SIEM and alerting tools such as Micro Focus ArcSight, IBM QRadar and Splunk help further identify risks or suspicious activity quickly.

Report on Access, Checkout/Session and Use of Privilege Across Infrastructure

Gain comprehensive visibility with unified access and activity reporting. Customizable and built-in queries and out-of-box reports for SOX and PCI regulatory compliance provide information on privileged account access controls, password checkout and privileged sessions across Windows, Linux, UNIX and network infrastructure.

Centrify’s Privileged Access Management solutions help customers consolidate identities, deliver cross-platform, least-privilege access and control shared accounts, while securing remote access and auditing all privileged sessions.

With Centrify You Can :

Consolidate and Manage Privileged Identities

Centrify privileged identity and access management (PIAM) functions allow properly verifying who requests privileged access.

Manage Privileged Accounts and Sessions

Discover privileged accounts on systems, devices and applications for subsequent management. The privileged accounts are protected by vaulting their credentials. Access to those accounts is then brokered for human users, services and applications.

Centrify privileged access session management (PASM) functions establish sessions with possible credential injection, and full session recording. Passwords and other credentials for privileged accounts are actively managed, such as being changed at definable intervals or upon occurrence of specific events.

Centrify Secrets Vault can also provide application-to-application password management (AAPM).

Elevate and Delegate Privilege

Specific privileges are granted on the managed system by CentrifyAgents to logged in users. This includes host-based command control (filtering) and privilege elevation, the latter in the form of allowing particular commands to be run with a higher level of privileges.This fulfils essential functions of Privileged Elevation and Delegation Management (PEDM).

Centrify Zero Trust Privilege solutions empower customers to leverage enterprise directory identities, eliminate local accounts and decrease the overall number of accounts and passwords. This ultimately reduces the attack surface.

Many vendors simply focus on either privileged account and session management (PASM) or privileged elevation and delegation management (PEDM) and do not account for the identity itself.

Centrify Zero Trust Privilege solutions help consolidate identities by leveraging common enterprise authentication services across your on-premise and cloud-based infrastructure.

With Centrify You Can :

Broker Authentication for the Hybrid Cloud

The Simplicity of a Single Identity. The Power of Active Directory

Simplify user authentication to Linux servers from any directory service including Active Directory, LDAP and cloud directories.   –  Learn More

Popular and Powerful Identity Consolidation.   –  Learn More

Consolidate User Profiles. Enforce Separation of Duties. –  Learn More

Manage Identities Across Platforms in Microsoft Active Directory:

Secure Linux and UNIX with the same identity services currently used to secure access to Microsoft Windows systems.

Centralize discovery, management and user administration for Linux and UNIX systems to enable rapid identity consolidation into Active Directory.

Take advantage of Centrify’s award-winning and field-proven Active Directory Bridging capabilities.

Enforce Group Policies –  Learn more

Complex Active Directory Environment Support –  Learn more

Thousands of Successful Deployments Enabled Through

Powerful Tools –  Learn more

Secure Identities , Access and Privilege for All Infrastructure

Broker Authentication, Centralize Authentication, Extend Enterprise Authentication, Simplify Authentication, Rapidly Integrate Authentication, Reduce Complexity of Enterprise Authentication. –  Learn More

Authenticate To Linux and Windows Servers With Any Directory Services

Users can authenticate directly to resources in your data center or an Infrastructure-as-a-Service (IaaS) environment. Centrify Authentication Service via the Centrify Identity Broker manages the authentication seamlessly to any LDAP, Active Directory or cloud directory. –  Learn More

Single Point of Authentication Control for Geographically Distributed Infrastructure

Enable centralized authentication and access controls to geographically dispersed infrastructure, leveraging identities from one or more Active Directory environments, LDAP Directories or cloud directories such as Centrify Directory or Google Directory. –  Learn More

Centrify Zero Trust Privilege solutions address the various challenges of privileged accounts, ranging from vaulting shared passwords or secrets to gateway and host-based session auditing and video capture capabilities that serve both audit and security needs.

Centrify Zero Trust Privilege solutions help consolidate identities by leveraging common enterprise authentication services across your on-premise and cloud-based infrastructure.

With Centrify You Can :

1.   Discover All Instances of Privileged User Accounts in accordance with Microsoft’s Red Forest design

2.   Establish Custom Workflows for Obtaining Privileged Access

3.   Securely Store Privileged User Credentials in a Vault with Check-In and Check-Out Functionality. Enforce automatic password rotation after each use.

4.   Securely Store Application-to-Application Passwords/Secrets in a Vault

Remove the need for hard-coded passwords or secrets in applications, scripts and for service accounts, minimizing the risk created by developers having access to accounts with elevated privileges.

5.   Establish Gateway- and Host-Based Session Auditing and Video Capture

Capture and collect data in a high-fidelity recording of each privileged session on any server or network device across your on-premises and cloud-based infrastructure. Store sessions in an easily searchable SQL server database for a holistic view of exactly what happened on any system, by any or all users and at any given time. –  Learn More

6.   Monitor and Terminate Suspicious Activity in Real-Time  Learn More

7.   Prevent Spoofed or Bypassed Access with Advanced Monitoring

Discover rogue activity such as the creation and storage of SSH key pairs that would make it easy to bypass security controls, and attribute activity to the individual user. Audit all SSH session activity at the process level in forensic detail for security review, corrective action and compliance reporting.

8.   Easily Integrate with SIEM, Alerting and Reporting Tools  –  Learn More

9.   Leverage an Indexed and Searchable Database of Session Activity

Record all privileged sessions and metadata, attributing activity to an individual to deliver a comprehensive picture of intentions and outcomes. Searchable playback feature gives IT security managers and auditors the ability to see exactly what users did and identify abuse of privilege or the source of a security incident.

Centrify has you covered when it comes to applying a just-in-time, least-privilege approach to your day-to-day operations while making assigning, changing, and auditing privileges easy.

Centrify Zero Trust Privilege solutions help increase security accountability by having fewer shared accounts and vaulted credentials.

Centrify privilege elevation capabilities allow you to easily assign or revoke privileges for users across Windows, Linux and UNIX systems.

With Centrify You Can :

Simplify Least Privilege via Role-Based Access Controls

Least-privilege access gives you strong controls over your users’ privilege and reduces your risk from a range of threats.

Centrify’s patented Zones technology provides highly granular, role-based access controls that simplify the implementation of a least-privilege model across Windows, Linux and UNIX systems.

Allow Self-Service Role Requests for Just-in-Time Privilege

Minimize security risk by enabling administrators to systematically request a new role to obtain the rights they need to perform tasks. Access request for privileged roles enables organizations to grant long-lived or temporary privileges and roles with a flexible, just-in-time model that accommodates fluctuating business needs.

Seamlessly Elevate Privilege with Dynamic Access Restrictions

Secure your Windows, Linux and UNIX systems by controlling exactly who can access what and when. Unlike de-centralized, single-purpose tools like sudo, Centrify enables the configuration of dynamic privileges so that users can only elevate privilege at specific times, for a length of time and on certain servers. You can also isolate servers based on time and trust relationships to further protect sensitive data.

Leverage Powerful Tools to Automate Privilege Creation and Assignment

Centrify provides a powerful set of tools to simplify adoption and management of a least-privilege access model. The Centrify privilege elevation service includes tools and APIs to :

[ Assess identity-related risk ] [ Assign pre-defined roles and rights ] [ Import existing sudo-files ] [ Automate the creation of new roles and rights ] [ Create reports ] [ Meet audit requirements ]


Centrify Zero Trust Privilege solutions empower IT organizations to use federated privilege access for third parties, targeted access to infrastructure without a virtual private network (VPN) and host-enforced privilege elevation to minimize your risk exposure

Centrify Zero Trust Privilege solutions allow for identity federation to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration.

In addition, Centrify provides targeted, VPN-less access to critical infrastructure.

With Centrify You Can :

Secure Access to Servers, Network Devices and IaaS

IT users launch SSH and RDP sessions for resources directly from the Centrify admin portal or local clients. In addition, step-up authentication for identity assurance protects your critical assets.

Secure Access for Employees and Third Parties – Remote and On-Site

Centrify enables you to authenticate your internal and outsourced IT users through Active Directory, LDAP and the Centrify Directory.  You can use one or any combination of these identity stores or grant granular, federated privileged access to resources for business partners and third-party vendors.

Grant Access to Specific Resources

Unlike a VPN that gives users visibility to the entire network, Centrify enables you to grant access to resources on a per-resource basis. Give your most privileged internal IT admins access to as much of your infrastructure as necessary, while limiting access by an outsourced team to only the servers and network hardware their role requires.

Secure Remote Access that Follows Your Administrators

Your IT admins can log in and securely access resources from any location that can reach the CentrifyZero Trust Privilege Services. For privileged user logins outside the corporate network, you can require multi-factor authentication (MFA) for security stronger than a user name and password. –  Learn More

Strengthen Protection for Privileged Access to Critical Systems with Adaptive MFA

Guard against cyber-attacks by combining risk-level with role-based access controls, user context and multi-factor authentication (MFA) to enable intelligent, automated and real-time decisions for granting privileged access to users who are remotely accessing servers, on password checkout or when using a shared account to log into remote systems.

Companies are rethinking their approach to privileged access management and strengthening their company’s identity maturity with a Zero Trust approach — one that allows the least amount of privilege to perform the job without hampering access to the tools and information needed to get the job done. It’s a critical and practical approach to privilege – embraced in the nick of time.


1.   Identify the nine major areas needed for your company to achieve strong privileged access management.

2.   Compare the features and capabilities to look for when selecting a solution.

3.   Provide important questions to ask your IT partner or vendor to determine if their offering will meet your needs.

4.   Offer a shortlist of suitable vendors along with a time-saving chart.

5.   Present an overview of analysts and influencers who share additional information on your selection process.