With the 17.5 release of the Centrify Identity Service we have extended our shared account password management to the Mac platform.
An age-old problem of how to ensure IT has break glass access for managed endpoints has far too often resulted in the a single password being used as the local administrator password on all endpoints. Often times this password is shared with a desperate end user who is locked out of his machine, or needs to perform an administrative task. Unfortunately, by sharing this password, the user has also been given administrator rights to all other endpoints in the organization. This problem is further compounded by the difficulty in managing updates to the local admin password. It is not uncommon for the same local admin password to remain in use for years! This means IT personnel that leave the organization continue to have knowledge of the local administrator password for all endpoints long past their departure, putting the organization at significant risk.
Today Centrify announced a Local Administrator Password Management solution for Mac that leverages the Centrify Privilege Service to vault a unique password for each Mac. The solution is enabled by simply enrolling a Mac in the cloud based management platform and enabling the local administrator password management policy. A unique password will be randomly generated at each Mac endpoint and the password will be vaulted in the Centrify Privilege Service. From that point forward, policy will dictate how often the password is rotated, and who is authorized to request access to check out the password. Additionally, every request to check out the local administrator password is logged for auditing purposes. If your organization is like other ones and already has a common password across your Mac endpoints, our new solution can help reduce your risk. In the local administrator password management policy, you can specify the name of the existing local admin account and the solution will take over ownership of the existing account, randomizing and vaulting the password.
This local administrator password management solution coupled with our recent announcement of Mac application management powered by Munki, furthers the ability for IT to ensure end users are not running with too much privilege on their endpoint. Now we can ensure that end users can install applications and updates without needing local admin rights, and when the occasion may come where an end user does need elevated privileges, they can get them without putting the organization at further risk.
Learn more about Centrify’s Mac solution here.