Securing shared web accounts such as the firewall web administration console's default admin account, AWS management console's root account, corporate FedEx account, or company social media accounts (eg. Twitter, Facebook) helps to meet regulatory compliance, improve security, prevent insider attacks, and deny access to former employees. Centrify can secure your shared web accounts by
- Providing login access to shared web accounts to assigned users without exposing the password to users.
- Limiting access to only specific users or group.
- Requiring multi-factor authentication or blocking access based on time, location, device or user behavior.
- Switching to SAML authentication
Provide login access without exposing the password
1. In the Centrify Web Portal console, select Apps in the left column, then click on the Add Web Apps button.
2. Search then add your web app. If you cannot find your web app, go to the Custom tab, scroll down until you see User-Password, click on the Add button next to it, then click Close.
3. Complete the required configurations for Applications Settings and Description.
4. Go to Account Mapping and select Everybody shares a single user name. Enter the shared username and password and press Save.
When you update the password in this setting, it updates the password for everyone without the need to tell users what the new password is, and minimizes password exposure risk.
5. Configure User Access and press Save. Assigned users can access the shared account from the Centrify User Portal, by clicking on the app icon without entering the shared username and password.
If your website is not in the Centrify app catalog and it does not work out of the box with the custom User-Password template, you can try using:
- Infinite Apps to add sites that have additional login fields such as department or company ID.
- Custom > Browser Extension for sites that have the username and password fields on different pages.
Limiting access to only specific users or group
In the Centrify Admin Portal, create a custom role in Roles (eg. DevOps, IT security, HR, Finance...) then assign the role to your web application. You can also assign the web app to roles by configuring User Access.
Assigning the web app to a role, enforced role-based access control to your shared password. Users not in the assigned role will not see the web application in the Centrify User Portal. Each role should see a different set of web applications.
Blocking access or require multi-factor authentication base on:
Switch to SAML authentication
Take advantage of SAML authentication if the web application supports it. SAML offers many security benefits including:
- Not storing or using a password to authenticate to prevent passwords from being compromised by malware, WiFi vulnerabilities, or attacks on the web application.
- Logging in as yourself to provide better accountability to help track who logged in when, and who made what changes.
- Not having to manage password changes.
Other topics to consider:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.