Centrify Infrastructure Services (Privilege Service) can securely store account and password combinations for local accounts.
In a break glass scenario, an authorized user can checkout a password using the Centrify mobile app.
The password can subsequently be checked in manually or automatically after a set period of time and potentially rotated if it is a managed password.
The following are prerequisites for password checkout to be available to users:
- Centrify Portal with Infrastructure Services
- User in a Centrify role with privilege service administrative rights
- User with view permissions to relevant Systems and view and checkout permissions for the Accounts in the
The following steps will enable an authorized user to checkout and check-in passwords using the Centrify App on an iOS mobile device:
1. Enroll user's iOS device to the Centrify Portal:
A mobile device enrollment can be initiated from the Centrify User Portal Devices tab by clicking on Add Devices
Alternatively, the Centrify App can be downloaded and installed directly from the Apple App Store:
2. Open the Centrify App and log in with user credentials for accessing the Centrify Portal:
3. Enroll the mobile device:
4. Click on the dropfown menu and open the Systems tab:
5. Select a system with the account password to be checked out for the break glass scenario:
6. Click 'Checkout' to display the password
Note: The App will prompt for a PIN to be set for the Centrify App if one has not already been set.
Fingerprint authentication using Touch ID can also optionally be enabled:
7. The password can be checked back in manually using the Checkin button or will automatically check-in after a configrable period of time and in the case of a managed password be rotated so it is no longer known to the user: