Introducing Centrify Identity Services for HashiCorp Vault

Introducing Centrify Identity Services for HashiCorp Vault

Apr 16 2018    David McNeely

The following is a guest blog from David McNeely, Vice President of Product Strategy at Centrify.

Centrify enables organizations to adopt a Zero Trust Security model through the power of Next-Gen Access controls for both applications and infrastructure. Centrify uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM) in order to enforce Zero Trust Security, verifying every user, validating their device, and limiting access and privileges to proactively secure your organization. 

Today, Centrify is proud to announce the integration of the Centrify Identity Service with HashiCorp Vault for role-based user authentication and access to the Vault. 

The Centrify Next-Gen Access Management platform now provides an additional Auth Method called "centrify" for HashiCorp Vault. This Auth Method allows you to authenticate users to HashiCorp Vault, leverage any connected directory source for authentication, and enable role-based authorizations to Vault resources using Centrify Roles.

alt text

Figure 1: HashiCorp Vault integration with Centrify Identity Services

There are several benefits to using Centrify for user authentication to HashiCorp Vault:  

  • Centrify brokers authentication to any connected directory source, including Active Directory, LDAP, Google Directory, or the Centrify Cloud Directory for user or service accounts.
  • User access to the Vault is time-bound and is based on authentication to the Centrify Identity Service. This allows you to avoid long-lived credentials left behind on user's machines and protects against potential malware attacks.
  • Centrify's integration enables workflow-based access control, allowing users to request and receive access to the Vault only when needed. This enables you to grant access to the Vault without assigning permanent access rights within the Centrify Identity Service. 
  • Centrify integration centralizes access management for new users and temporary workers. You can simplify account creation during the on-boarding process and automatically disable user access upon termination.
  • Centrify captures an audit log of all user login events to the HashiCorp Vault and sends these logs to your security information and event management (SIEM) solution for analysis.
  • With Centrify, you can authenticate your on-premises users to the Vault deployed on-premises, in a DMZ, within one or more VPCs on Amazon AWS, or in other IaaS hosting services. 

Centrify can also simplify the integration with Active Directory for those deployments where Vault runs on Linux and has direct Active Directory access. In this model, Centrify extends Vault's current LDAP Auth Method to support proper operations within complex multi-domain or one-way trust Active Directory (AD) environments through the Centrify LDAP Proxy. Additionally, Centrify Agent for Linux provides centralized public key infrastructure (PKI) certificate management for Linux within environments which use Microsoft Certificate Authority for automated certificate issuance and renewal.

alt text

Figure 2: HashiCorp Vault integration with Centrify Agent for Active Directory

Regardless of how you would like to centralize user authentication to Vault, Centrify provides a solution to integrate Vault into Active Directory, LDAP, Google Directory or Centrify Cloud Directory as well as provide role-based authorization to Vault resources. 

» About David McNeely

David McNeely is vice president of product strategy at Centrify, where he works with customers to drive the product strategy and roadmap for Centrify's award-winning Privileged Access Management and Identity-as-a-Service offerings. McNeely has worked in the identity and access management market for over 20 years, holding various product management positions at ActiveIdentity, AOL and Netscape. At Netscape he was the director of product management for the Directory and Security product line, where he first promoted the concept of a centralized enterprise directory for unified identity and access management.

» About Centrify

Centrify delivers Zero Trust Security through the power of Next-Gen Access. The Centrify Zero Trust Security model assumes that users inside a network are no more trustworthy than those outside the network. Centrify verifies every user, validates their devices, and limits access and privilege. Centrify also utilizes machine learning to discover risky user behavior and apply conditional access — without impacting user experience. Centrify's Next-Gen Access is the only industry-recognized solution that uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). Over 5,000 worldwide organizations, including over half the Fortune 100, trust Centrify to proactively secure their businesses.

» Learn More

To learn more about Centrify Identity Services, visit Centrify at https://www.centrify.com/products/. You can view technical documentation on GitHub at https://github.com/hashicorp/vault-plugin-auth-centrify 

Are you interested in telling others your HashiCorp story or perhaps how HashiCorp products helped with that amazing thing you built? Let us know. Email your story or idea to guestblogs@hashicorp.com.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×