Centrify Privileged Identity Management
Strengths: Cloud-based service to tie in privilege account management with outsourced IT and other similar scenarios.
Weaknesses: Subscription cost could be prohibitive for some enterprises.
Verdict: As with many similar products, this one can become pricey. However, the value is in the task it accomplishes – and it does that quite well.
Centrify Privilege Identity Management consists of two major parts: The first is the more traditional Server Suite, which provides the ability to bridge UNIX and Linux systems to Active Directory and integrate privilege account access across the enterprise. The second part is the Privilege Service, which takes everything to the cloud for managing both on-premise as well as cloud-based systems and provides access to third-party vendors, outsourced IT or internal users. These two components combined make for a solid privileged account management platform to secure access to crucial accounts both on the enterprise network but also in the cloud. Credentials are passed directly from the Centrify Privilege Service ensuring that they stay secure from end to end.
The Centrify platform has an interesting take on privilege account access and that is that everyone is logged in with least privilege and can then be escalated as needed. This escalation can be done automatically or along with multifactor authentication. On top of the agentless features that allow users to use remote desktop clients or terminal windows, if the Centrify agents are installed on the server that is being accessed users can take advantage of rich features, such as right-clicking on an application and seamlessly running with privilege escalation without the need for a username or password. From the administration side, this product is very wizard driven. Much of the setup and configuration can be done through the use of setup wizards. Aside from being wizard-based, we found the administrative interface to be easy to navigate with an intuitive layout.
From an auditing perspective, Centrify Privilege Identity Management offers a rich reporting experience with integration into Microsoft SQL Server Reporting Services and Crystal Reports for custom reporting. Auditing is also quite comprehensive with full session recording and logging with bookmarking. This product also allows for silent, over-the-shoulder viewing with options to easily terminate and delete access to the session if there is unauthorized behavior.
Documentation included several PDF guides for each of the components of the suite. These were administrator and user guides that provided an excellent amount of detail on installing, configuring and managing the product and its features. We found all documentation to be well-organized and easy to read. It also included clear step-by-step instructions, screen shots and diagrams along with configuration examples.
Centrify offers fee-based support options in standard and premium levels. Standard includes eight-hours-a-day/five-days-a-week phone and email-based technical assistance while premium is 24/7. Along with phone and email technical aid, customers can access an expansive online portal which includes access to product documentation, downloads, case management and a few other resources. Centrify also has a large community site that offers users the ability to support each other through a knowledge base, forums and blogs.
The Centrify Privileged Identity Management suite offers a lot of great functionality at a reasonable price. With prices starting at $385 per server license and $65 per workstation license, this product can be quite affordable for most environments. However, the Privilege Service does require an extra $600 per user per year and that could become costly depending on how many administrators and user accounts are needed.