Improving security: access and privilege management

Centrify provides its identity management, access control, and privilege management features for Linux and UNIX computers through a combination of features provided by Access Manager and by the Centrify agent on the computers you want to manage.

You can install Access Manager and related management tools on one or more Windows computers. For example, the central console for performing most identity management, access control, and privilege management tasks is Access Manager. From Access Manager, you can perform all of the following common administrative tasks:

  • Define and manage identity attributes for the Active Directory users who need access to Linux and UNIX computers.
  • Import and migrate UNIX users, groups, and network information from local configuration files and NIS maps.
  • Define and manage rights that allow users to run command-line programs, PAM applications, and secure shell operations.
  • Select rights to create role-based access control role definitions and assign those roles to the appropriate users and groups.
  • Delegate administrative tasks and control the specific permissions granted to users who are managing the computers in your organization.

For example, you can use Access Manager to delegate specific administrative tasks—such as the ability to add and remove users or assign roles—to a particular user or group. As an administrator, you can also use Access Manager to configure roles that have specific start and expiration dates or that limit the availability of a role to specific days of the week or hours of the day. You can use zones in combination with rights and roles to restrict or grant access to specific Linux and UNIX computers in your organization.

Through the use of zones and roles, Centrify provides granular control over who can do what, and control over where and when those users should be granted elevated privileges.