Centrify Corporation

Centrify Announces DirectAuthorize, Delivers Robust Entitlement Management for UNIX and Linux through Microsoft Active Directory

DirectAuthorize Enables stronger security and increased compliance with fine-grained control and delegation of administrative functions


Mountain View, CA -- (ReleaseWire) -- 10/22/2008 -- Centrify Corporation, the leading provider of Microsoft Active Directory-based auditing, access control and identity management solutions for non-Microsoft platforms, today announced Centrify DirectAuthorize, a software solution that enables organizations to increase security and compliance by controlling how users access systems and what they can do on those systems. DirectAuthorize centrally manages and enforces role-based entitlements for fine grained control of user access and privileges on UNIX and Linux systems. This can eliminate a user’s need to use the root account or other privileged accounts, thereby allowing those accounts to be securely locked down.

DirectAuthorize is the industry’s first Active Directory-based solution for UNIX and Linux privilege management and delegation of root access. Leveraging a common architecture, DirectAuthorize is seamlessly integrated with Centrify DirectControl and complements DirectControl’s comprehensive Active Directory-based authentication, access control and group policy support for non-Microsoft systems and applications. DirectAuthorize is available as part of Centrify’s newly introduced Centrify Suite, a family of integrated Active Directory-based authentication, authorization and auditing solutions that leverage the same underlying architecture to secure cross-platform environments and help address regulatory compliance (see related Press Release: “Centrify Introduces Centrify Suite 2008, Industry’s Most Comprehensive Active Directory-Based Solution for Cross Platform Identity Management”).

“Unlike Windows Active Directory, UNIX lacks a simple and scalable model for administrative delegation,” observed Ant Allan and Jay Heiser, Research Vice Presidents in the Gartner publication, Controlling UNIX Superuser privileges is Critical. “Organizations that allow root logins to mission-critical UNIX servers run unnecessary risks.”

Key Features and Benefits

DirectAuthorize meets compliance-driven requirements for “least access” management by allowing organizations to centrally define logical roles (e.g. backup operator, DBA, web developer, application administrator, etc.) that carry with them the specific rights needed to perform duties within a role. DirectAuthorize’s role-based architecture enables the following benefits:

• Simplify the execution of privileged commands – users no longer need to switch to root or other privileged accounts.
• Grant users rights to execute commands with elevated privileges, eliminating the need for access to privileged accounts and passwords
• Assign users a Restricted Environment with access only to a specific “whitelist” of commands
• Lockdown sensitive systems with fine-grained access controls that specify who can access a system and how
• Model date- and time-based access windows to match user roles

Like Centrify DirectControl, DirectAuthorize is tightly integrated into Active Directory, meaning no additional servers or infrastructure is required to run DirectAuthorize. DirectAuthorize stores its role and rights data securely in Active Directory Authorization Manager’s existing rights-based logical model and data storage schema found in Windows 2003 and above. This means no Active Directory schema extensions are required to install and use DirectAuthorize, and customers can leverage the pre-existing Authorization Manager (AzMan) tools and APIs to access DirectAuthorize’s roles and rights data. DirectAuthorize is built on top of the DirectControl architecture, meaning the DirectAuthorize user interface is integrated with the DirectControl Administrator’s Console and the DirectAuthorize rights enforcers are integrated into the DirectControl Agent. And unlike other solutions, DirectAuthorize requires no UNIX kernel changes or system reboots.

Price and Availability
DirectAuthorize is currently in beta with general availability within 90 days. DirectAuthorize and DirectControl form the Centrify Suite, Standard Edition, and licensing begins at $350 per server.

About Centrify
Centrify’s auditing, access control and identity management solutions centrally secure cross-platform systems, web applications, databases and enterprise applications using Microsoft Active Directory. More than 600 enterprise customers, including 38% of the Fortune 50, have selected Centrify for its quick-to-deploy, easy-to-manage Active Directory-based cross-platform interoperability solutions. The Centrify Suite comprises DirectControl, DirectAuthorize and DirectAudit, and helps organizations improve IT efficiency, better comply with regulatory requirements, and move toward a more secure, connected infrastructure for their cross-platform computing environment. For more information about Centrify and its solutions, call +1 650-961-1100 or visit http://www.centrify.com