The Vault Suite product is designed to implement the requirements for controlling the actions of privileged users and improving the security of remote access of privileged users to protected information systems.
- Scans Active Directory and network ports to discover Active Directory domains, Windows, Linux and UNIX servers, workstations, network devices, and vaulting dash-a, local, and domain accounts associated with users, services, application pools, and scheduled tasks.
- Supporting emergency “break-glass” checkout of account passwords, SSH keys, and secrets from a regular browser or a Centrify mobile app.
- Enforces centralized control over who can access credentials and audit administrator activity- including third-party access.
- Enables remote login to infrastructure via a built-in Web client or using a local client (e.g., PuTTY and Microsoft Remote Desktop) without disclosing passwords.
- Provides contextual and risk-based policies for credential and SSH key checkout, secret retrieval, and login session initiation, invoking MFA as necessary.
- Rotates managed passwords automatically on a schedule, based on an event (e.g., check-in), or manually in bulk (e.g., in response to a breach).
- Reconciling vaulted passwords automatically if they fall out- of-sync with the local system password (e.g., if a privileged user manually changes it on the system).
- Enables native MFA support or integration with third-party solutions supported standard protocols such as RADIUS, OATH, and FIDO.
- Supports just-in-time access for workflow-based self-service requests.
- Incorporates a Secure Token Service that can issue short-lived tokens as a stronger alternative to static passwords.
- Records privileged sessions at the Gateway Connector and monitor live sessions in real time via the UI, with the option to terminate them if deemed suspicious.
- Has a built-in access request and approval engine for privileged access to cloud and on-premises infrastructure which is integrated with leading IT service management software.
- Provides remote admins, outsourced IT, and third-party vendors with secure access only to the specific servers and network devices they manage, whether on-premises or in the cloud.
- Enables access to sensitive systems through approved privilege admin consoles, which include web-based, native client or thick client via a Server Gateway as a jump box.
- Enables adaptive multi-factor authentication (MFA) for IT admins who access Windows and Linux systems, elevate privilege, or leverage privileged credentials (additional option).
- Leverages user behavior analytics on the base of modern machine learning algorithms to carefully analyze a privileged user’s behavior (additional option).