Centrify Privilege Service (CPS)

Showing results for 
Search instead for 
Do you mean 
Centrify Guru I
Posts: 2,449
Registered: ‎07-26-2012
#1 of 1 3,947

Centrify Privilege Service (CPS)

[ Edited ]

What's Centrify's Privilege Service (CPS)? 

CPS is Centrify's complement to the existing Privilege Account Management capabilities offered by Centrify Server Suite.  The focus is on Shared Account Password Management (SAPM), Privilege Session Management (PSM) and more.  Remember, with Centrify Server Suite you already mastered Super User Privilege Management with least privilege methodology.  Here are the benefits:

Shared Platform capabilities
  • Active Directory Integration:  CPS uses Centrify's leading AD Bridging capabilities to provide organizations AD integration to the solution.  It leverages the assets of Centrify Identity Service (formerly known as user suite).
  • Single Sign-on (SSO): When users have an authenticated Windows session, if configured by the administrator and with a supported browser, the privileged users will get SSO to the portal or apps.
  • Password Wallet:  Users and Administrators can use the built-in password wallet for Web Apps that 
  • Multi-factor Authentication:  The platform uses several mechanisms for MFA (Centrify Mobile Authenticator from the registered device's Centrify app, one-time-passwords using SMS, E-mail link, or voice call placed to the user's business or mobile phone.
  • Geo-Fencing: Identity platform leverages geo-location for several purposes: access policy, smart MFA, reporting and analytics.
  • Multiple Identity Stores:  CIS today supports users from connected or disconnected (no trust-relationship) Active Directory forests, but also users form the Centrify Cloud Directory or LDAP; (the list of sources grows as I type).
  • Per-App VPN (reverse-proxy):  Allows the elimination of persistent VPN connections and provide remote access just to the individual application.
  • Role-based Access Control:  System access, and system rights are all based on roles that can be assigned to users from any source.
  • Enterprise Mobility Management:  In the modern enterprise, with apps being accessed from anywhere, mobile phones/tablets being used as secondary factors of authentication, providing MDM, MCM and MAM is very important and this has been a key capability for iOS, MacOS, Android and other platforms.
  • Self-Service Capabilities:
    • App portal for a consolidated view of the user's apps and servers
    • Device portal to allow the user to enroll and manage their devices
    • Activity portal to self-review activities
    • AD or Cloud user self-service password reset
    • Self-Service from Mobile App
  • Management Portal:  Wizards, Dashboards, Apps, Policies, Roles, Settings, etc.
  • Simple architecture:  On-premise capabilities like AD Bridge, App Gateway (reverse-proxy), support for LDAP are available by installing components that sit behind the corporate firewall (even behind the Proxy).
  • Datacenter and geographical redundancy plus multi-language:  The Identity platform is distributed across Microsoft's Azure infrastructure and it has been translated to over 15 languages.
  • User Access Request (Workflow and Approvals): Access to apps, login sessions to servers, password checkouts and more can be tied to requests and approvals built-in to the platform
  • PKI - Certificate Services:  An independent built-in Certificate Authority for each tenant to provide additional encryption services, mutual trust and authentication using PKI certs in the context of data at rest and in transit, federation assertions, end-point certificates, etc.
  • Bottom-line:  CIS is a full-fledged Identity as a Service (IDaaS) solution that eliminates the need for complex federation infrastructure and can be used for multipurpose scenarios of over 3,000 apps.  
Privilege Service capabilities
  • Privilege Session Access:  CPS provides the ability to access system resources from a central set of servers (jumpbox).  The CPS infrastructure components can be deployed in a few minutes anywhere the organization has IT footprint.
  • Privilege Session Proctoring and Session Abort:  Allows a supervisor to view remote sessions in real time, as well as triggering remote disconnections.
  • Shared Account Password Management lifecycle management:  CPS provides the ability to request access to, check out, check-in and rotate passwords in Windows, UNIX, Linux and a variety of network devices.
  • Mobile First:  Remote access and Password operations are available from the Centrify mobile app with PIN or bio-metric compatibility.
  • Self-Service Workspace:  Provides the privileged user with a consolidated view that includes status of their password checkouts, sessions, recent and favorite resources.
  • Flexible Storage of Secrets:  Customers have the option to use the Cloud Secure Storage (secured with their individual CA key) or they can use their own Hardware Secure Module.  Centrify has partnered with Safenet to deliver integration with KeySecure devices.
  • Privilege Session Recording:  Leverages Centrify's DirectAudit to provide proxy-based auditing or end-to-end auditing if Centrify Server Suite Enterprise is deployed.

Explore:  The Platform from the End User Perspective

Explore:  The Platform from the Administrator's Perspective

Explore:  CPS User Experience

Explore:  CPS Privilege Session Brokering, Proctoring and Termination

Explore:  CPS Shared Account Password Management

Explore:  Privileged Session Auditing


Explore:  Worklfow and Approvals (User Access Request)

Explore:  Flexible Storage


Expect many capabilities of CSS, CIS and now CPS to merge together to continue helping you conquer current and future use cases.
Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: