With Privileged Access Service, you can require multi-factor authentication for two distinct situations:
- As part of the login process so that users who are attempting to log in to Centrify-managed computers must provide multiple forms of authentication before they are granted access.
- As part of a re-authentication process so that users who are attempting to use Application, Network, and Desktop rights on Windows machines, or command rights with elevated privileges or in a restricted shell on UNIX machines, must provide a password and another form of authentication before they can execute the selected command.
To configure the types of authentication challenges allowed in each situation, you can prepare one or more authentication profiles in the Admin Portal. If you have already configured authentication profiles for other purposes, you can reuse those profiles for multi-factor authentication or add new profiles specifically for the computers you manage using Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service. You can prepare one profile to use for both login access and for the use elevated privileges or you can prepare separate profiles for each situation.