Centrify has announced enhancements to the Centrify Identity Platform that deliver local administrator password management for Macs and comprehensive Mac application management and software distribution via turnkey integration with the Munki open source solution. These new capabilities enable Mac administrators to solve critical challenges by implementing best practices for controlling privileged access on Macs while at the same time simplifying management of Mac endpoints.
“Our latest security capabilities extend shared account password management (SAPM) from servers, network devices, Windows and Linux endpoints to Mac, while at the same time simplifying Mac application management with Munki support that enables users to install applications without knowing the admin password,” said Bill Mann, chief product officer at Centrify. “The Centrify Identity Platform secures Mac endpoints as well as Windows and Linux with our market leading Identity-as-a-Service (IDaaS) and privileged identity management (PIM) solutions that help stop breaches across endpoints, infrastructure and apps.”
It is common for organisations to maintain administrative accounts on their users’ Macs and use the same admin password across all Macs. This introduces risk, because inevitably the password is shared with an end user who needs to install applications on their Mac, or is known by admins who leave the company. These users and ex-employees now have full administrative privilege across every Mac. This leaves an organisation highly susceptible to breaches that start on Mac endpoints, and demands a solution that enables organisations to minimise and centrally control access to Mac administrative accounts, just like they do for Windows and Linux endpoints, servers and network devices.
The Centrify Identity Platform closes this gap in security with local administrator password management (LAPM) for Mac that enables administrators to generate a unique administrator password for each Mac. With Centrify, organisations are eliminating the sharing of a single Mac admin password across an entire organisation. The solution can be enabled for all Macs enrolled in the cloud-based management service, ensuring support for remote machines as well as those on the corporate network. Authorised admins can check out the admin password, and the rotation of the admin password is automated. Who accessed what and when is fully audited across Mac administrative access and all other endpoints and infrastructure and available through comprehensive reporting.