Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Federal Customers and “2 factor everything” Continued

11 April,19 at 11:50 AM

I previously wrote (here) about how Centrify can assist federal IT departments “2-factor Everything” in terms of logging in to machines and privilege elevation.   But what about the handling of shared accounts like Unix root and Windows Administrator?  This is where Centrify Privilege Service (CPS) comes in.


CPS will secure and manage your shared accounts, and it can be deployed as either a SaaS or internally within your own network or private cloud.  Additionally, CPS allows you to configure your portal to use smartcards for your initial authentication, thus providing a “2-factor” requirement for initial user logins.  You could configure CPS to use IWA so that users connecting from an internal network are not re-authenticated, however most of my federal customers prefer to always require users to type in their smart card pin before giving them access.  After logging in with their smart card, administrators can now use CPS to check out the password of any shared account, or alternatively they could be allowed to log in remotely as this shared account without ever knowing the password.  Either way both of these actions are protected by a “2-factor” authentication process. 


Centrify’s Robertson has already written a great blog on how to setup your CIS/CPS tenant to use smart cards, with detailed examples and even a video.   This blog can be found here.