F R E Q U E N T L Y A S K E D Q U E S T I O N S Centrify Identity Services for AWS Service Description and Capabilities What is included with Centrify Identity Services for AWS? Centrify Identity Services for AWS is comprised of the following Centrify products: Centrify Infrastructure Services - Minimize the attack surface and control privileged access in the hybrid enterprise with just-in-time privilege, shared password management and MFA. Centrify Application Services Improves end user productivity and secures every user s access to apps through single sign-on and multi-factor authentication and mobility management. Centrify Endpoint Services Manage and secure your heterogeneous endpoints through a single source of identity. How do I connect Centrify Identity Services to my Active Directory environment? You simply need to download, install and register a Centrify Connector. This is a lightweight agent that installs on a Windows computer within your on-premises network so that it can communicate with your Active Directory domain controllers. It only needs read only permissions to AD. It also only needs HTTPS communications out-bound to the Centrify Identity Service, so no changes to your firewall. This service will not replicate your AD, the Centrify Identity Service will make authentication requests in real-time to this Connector to authenticate users to the Centrify service. I need secure access for my AWS console. What service provides this functionality? The Centrify Admin User can securely access the AWS management console utilizing Infrastructure Service, which allows you to lock down your AWS root accounts by vaulting the AWS password and enforcing multi-factor authentication for break-glass access. How do I manage access and privileges for my EC2 Instances? Centrify provides both Infrastructure Service as well as Identity Broker Service to secure EC2 Instances. Centrify Infrastructure Service supports registration of Linux and Windows instances to vault and manage local accounts as well as provide remote access via the Centrify Admin portal. Identity Broker Service provides centralized authentication from the Centrify Service for Linux systems enrolled for this service. What are the capabilities included in Centrify Infrastructure Service? Centrify Infrastructure Service provides: Vaulting, checkout and management of passwords for shared accounts. Remote access using Active Directory, shared local or domain accounts. Access request and approval workflows Programmatic checkout of local account passwords, e.g. to replace hard-coded password strings in script files for resource MFA enforcement for all servers 2017 CENTRIFY CORPORATION. ALL RIGHTS RESERVED 1
What is Centrify Identity Broker Service? Centrify Identity Broker provides brokered authentication for Linux servers supporting user login for any connected Directory source such as Active Directory or LDAP Directories. Note: This service is not currently available for Windows servers. What capabilities are included for a Centrify Admin User? The Centrify Admin User is entitled to perform the following capabilities: Store and retrieve generic secrets from the vault. Access to management consoles and APIs Admin Portal login via SAML Federation. Remote access to resources from the Admin Portal (requires Infrastructure Service for each resource) Vaulting, checkout and management of passwords for shared accounts (requires Infrastructure Service for each resource) Access request and approval workflows (requires Infrastructure Service for each resource) What are the capabilities in Centrify Application Services? Single sign-on (SSO) to applications Request and approval workflows for applications Provisioning and de-provisioning to applications Mobility Management for up to 3 mobile devices per user Access on-premises web applications without a VPN My organization just moved to a partial hosted application model on AWS. What is the best method to ensure easy and secure access for our employees to these apps? Centrify Application Services provides your users with single sign-on access for applications hosted on AWS. In addition, users can access on-premises web applications without requiring a VPN. My organization and user base includes business partners and clients. Are these types of users included in my subscription? Centrify Identity Service for AWS supports a variety of user types: internal users such as employees, external users such as non-employee/contractor users (partners, dealers and suppliers) and B2C users such as customers, prospects or end-users of the purchasing organization. Is there a limit to the number of applications that can be accessed with Centrify Application Services? There is no restriction on the number of applications that can be accessed. Can I use Identity Broker Service with another type of directory service other than Active Directory? Yes. Identity Broker Service allows you to simplify your user authentication to Linux servers from any directory, including Active Directory, LDAP and cloud directories. This way you can take advantage of the benefits of the cloud without sacrificing the level of privileged access security and enterprise access you currently have implemented onpremises. 2017 CENTRIFY CORPORATION. ALL RIGHTS RESERVED 2
What is Centrify Endpoint Service? Centrify Endpoint Service secures corporate and BYO mobile devices with integrated identity and Enterprise Mobility Management (EMM). Restrict access to the AWS console and other apps based on device posture while securing and locking down devices with hundreds of available policies. How does your mobility management help secure access to data? Centrify Endpoint Service uses endpoint posture such as location of device, browser or OS to provide secure access and prevent data from being accessed from devices that aren t trusted or managed. Marketplace and Billing I clicked the Subscribe button, and it redirected me to a Centrify web page where I was asked to re-enter my information. Is this legitimate? Yes. Due to regulatory requirements, your account information is not passed through from the Amazon Marketplace to Centrify. Therefore, we need your information to fulfill your subscription appropriately. It seems like I am subscribing to the entire list of offerings since there is only one subscribe button, but I only want to use a portion of the services offered on your Amazon Marketplace page. Is this possible? Yes. You are only billed (on an hourly basis) for the services you use. This provides you with the flexibility to implement the services you need, when you need them. 2017 CENTRIFY CORPORATION. ALL RIGHTS RESERVED 3
Below is the full list of services and how your subscription charges will be calculated based on usage: Service Name Unit of Measure Hourly Subscription Charge Billed Usage (Each hour) Centrify Admin User user $0.023 Total number of users configured with any of the following Administrative Rights: All Administrative Rights Application Management Device Management Federation Management Privilege Service Administrator Privilege Service Power User Privilege Service User Privilege Service User Portal RADIUS Management Report Management Role Management User Management Centrify Application Services user $0.013 Total unique users defined who are not an Administrative user as described above. Centrify Infrastructure Service system $0.008 Total number of Systems configured within the Centrify Service including servers or EC2 Instances (Linux, UNIX, Windows Servers, or network devices, even if currently unreachable) Centrify Identity Broker Service system $0.023 Total number of systems with the Centrify Agent installed and enrolled for the Identity Broker Service enabled (Auth Agent permission) Centrify Endpoint Service endpoint $0.004 Total number of Mac and Windows How can I see what my current usage is? endpoints enrolled in the service (even if currently unreachable) Mobile Devices are not counted. You can check your current usage within Billing from the AWS Console. Details are available within the Bill Details or from the Bills menu just look for Centrify within the AWS Marketplace Charges section. 2017 CENTRIFY CORPORATION. ALL RIGHTS RESERVED 4
How do I cancel my subscription to Centrify Identity Services for AWS? You can cancel your software subscription by logging into your Amazon account in the AWS Marketplace (https://aws.amazon.com/marketplace) then selecting Your Marketplace Software from the drop down and clicking Cancel Subscription. Amazon will take care of the rest. Note: If you choose to cancel your subscription, it is important that you to make sure that you have unenrolled all servers and endpoints and take note of all vaulted passwords. What happens to my data when I cancel my subscription? Centrify will disable your account within the Centrify service, and will keep the data for at least 90 days. Should you wish to subscribe again within 90 days, you will be able to reactivate your account. Note: If you choose to cancel your subscription, it is important that you to make sure that you have unenrolled all servers and endpoints, and take note of all vaulted passwords. Support What type of support is included with the purchase of Centrify Identity Services for AWS? As part of your Centrify for AWS service, you receive access to online community support. This includes an online learning portal with step by step video tutorials, advanced documentation and access to support via the web during business hours (9am to 5pm in your region of purchase), with a 24-hour service level agreement (SLA). You also have the option to purchase a monthly or annual subscription for Premium (24 x 7) Support which includes phone support as well. For more information, please visit Centrify Support (https://support.centrify.com/) You can access the online community at Centrify Community (https://community.centrify.com/ ) Contact Centrify Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognized leader in both Privileged Identity Management and Identity-as-a- Service, Centrify provides a single platform to secure every user s access to apps and infrastructure in today s boundaryless hybrid enterprise through the power of identity services. This is the Next Dimension of Security in the Age of Access. Founded in 2004, Centrify is enabling over 5,000 customers, including over half the Fortune 50, to defend their organizations. Centrify is a privately held company based in Santa Clara, California. To learn more visit www.centrify.com. The Breach Stops Here. SANTA CLARA, CALIFORNIA: +1 (669) 444-5200 EMAIL: sales@centrify.com EMEA: +44 (0) 1344 317950 WEB: http://www.centrify.com ASIA PACIFIC: +61 1300 795 789 BRAZIL: +55 11 3958 4876 LATIN AMERICA: +1 305 900 5354 2017 CENTRIFY CORPORATION. ALL RIGHTS RESERVED 5