The Authentication Service improves security and reduces overhead by consolidating user identity profiles and attributes across all platforms. The Authentication Service allows you to properly verify who requests privileged access. This can be achieved by leveraging enterprise directory identities, eliminating local accounts and decreasing the overall number of accounts and passwords, therefore reducing the attack surface.
The privilege elevation service provides role-based authorization to enable you to perform administrative tasks on specific computers during specific periods of time. You can configure role definitions for UNIX computers, Windows computers, or apply definitions to both UNIX and Windows computers. However, the specific types of rights available are unique for UNIX and Windows computers. For example, you can specify command line rights for UNIX computers that can be executed in a standard shell or within a restricted shell environment. For Windows computers, you can elevate user rights for a desktop or a specific application or service.