11 April,19 at 11:51 AM
There is a relatively new feature within the Centrify Identity Platform called ‘Use My Account’, and it was created with smart card users in mind. It allows users to log into a remote Linux machine via SSH, using Active Directory credentials that require smart card authentication. These Linux machines can exist internally or externally, so this feature is great for remote Admins who need to access both on-premise and Cloud Linux machines, while still maintaining compliance to their security policy requiring all access to be protected by their Active Directory smart card and Pin. The great part about this ‘Use My Account’ feature is that it solves these requirements without a VPN, and without the need for another Active Directory machine in the cloud, nor requiring any type of syncing of the on-premise AD to the cloud. Access is granted to specific Admins using AD Group memberships, allowing for simple RBAC management using familiar AD tools. Additionally these remote sessions will be audited and recorded, and all sessions will be available for real-time monitoring and termination by authorized security personnel.
A lot of Public Sector Administrators will find the above requirements familiar, as more and more are building out their hybrid networks with computer resources running in an external cloud, yet they are still required to maintain security compliance by requiring smart card authentication on all machines.
I have a video recording where I present the Centrify ‘Use My Account’ feature and how it solves the above requirements, along with instructions on how it was set up. The overall steps include:
The video recording of my presentation, demo and setup of this new feature, and how it works for remote Linux Admins, is online here.