Avari Solutions

Centrify Identity Platform

Centrify strengthens enterprise security by managing and securing user identities from cyber threats. With Centrify’s platform of integrated software and cloud-based services, Centrify uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data centre.

Features

  • Adaptive MFA for cloud and on-premise apps, endpoints and infrastructure
  • Single Sign On
  • Workflow & Lifecycle Management
  • Mobility Management
  • Smartcard & Derived Credentials
  • Identity Broker
  • Privilege Elevation
  • Shared Account Password Management
  • Secure Remote Access
  • Session Recording & Auditing

Benefits

  • Centralized identity and access management
  • MFA everywhere
  • Risk-aware access
  • Consolidate identities
  • SSO everywhere (apps, endpoints, infrastructure)
  • Mitigate VPN risk
  • Grant just enough privilege (least privilege access)
  • Grant just in time privilege (require access approvals)
  • Risk analytics
  • Complete automation

Pricing

£3189 per person per year

Service documents

G-Cloud 10

288758775078612

Avari Solutions

Nicola Garman

08450360040

nicola.garman@avari.solutions

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Centrify Identity Platform provides Federated Authentication for Cloud/SaaS applications e.g Office365.
Active Directory
UNIX/Linux/MacOS
Hadoop
NOSQL
Apache Web Servers
SAP
IBM DB2
Cloud deployment model Hybrid cloud
Service constraints A list of supported browsers, applications and operating systems is available
System requirements Licenses for defined users

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 Hour First Response SLA - Mon to Fri 9am-5:30pm excl bank holidays
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard, Premium and Premium Plus Support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Professional Services are available to assist in implementing the solution and provide on-site training. Additionally online training is available along with comprehensive user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be extracted via the RestfulAPI and reporting toolset
End-of-contract process Customers are notified towards the end of their contract. Should the contract end, portal access will be removed. There is no additional cost to end the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Additional mobile features include enterprise mobility management. The mobile device application can be utilised as a further authentication mechanism for MFA
Accessibility standards None or don’t know
Description of accessibility Login to web portal
Accessibility testing N/A
API Yes
What users can and can't do using the API Centrify RestfulAPI provides full functionality to setup and make changes to all functions of the cloud service. Where relevant there are command line tools available for direct configuration and querying of all parts of the Service.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The front end user and administrative interface is fully customisable and exposed via RestfulAPI. Some customisation options are included within the administrative portal

Roles, rights and auditing features can be fully customised to client requirements.

This can be conducted either via the console or the command line if the user has the required access level.

Granular access can be granted to discrete parts of the environment.

Scaling

Scaling
Independence of resources Various deployment options, self-hosted and public cloud. The Centrify public cloud option is a fully managed multi-tenanted cloud deployment and the service is automatically scaled upon customer demand.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics include but not limited to: number of audited systems and sessions.
Location based user access of successful and denied access.
Use of applications, application installation states
Mobile device metrics including number of devices, types of devices in the estate and compliance levels.
Use of multi-factor authentication for application access, infrastructure and service access.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Centrify

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Centrify provide a REST API to query data,
Data can also be exfiltrated via reporting mechanisms
Data export formats
  • CSV
  • Other
Other data export formats RestAPI Extract
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Centrify have three layers of redundancy to provide the highest levels of availability:

All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.

All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.

Centrify leverages Microsoft Azure datacenters, to take advantage of their best practices for fault tolerance and always-on availability
Approach to resilience Centrify have three layers of redundancy to provide the highest levels of availability:

All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.

All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.

Centrify leverages Microsoft Azure datacenters, to take advantage of their best practices for fault tolerance and always-on availability

Further information is available on request
Outage reporting Centrify provide a public dashboard to their cloud availability status https://www.centrify.com/support/centrify-trust/trust/
Should an outage occur customers will be informed via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Delegated administrative access via role based control.
Centrify support can be granted read access for a specified limited time period in order to troubleshoot issues
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Common Criteria certification listed at EAL 2+
  • SOC II Certification
  • Centrify is validated FIPS 140-2 Level 1
  • Cloud Security Alliance Cloud Controls Matrix

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards FedRAMP, FIPS 140-2 Level 1, SOC II, Common Criteria certification
Information security policies and processes Centrify maintains a security program that includes policies and procedures, defined roles and responsibilities, and mandatory new-hire and annual training. Centrify’s program is based on ISO 27001/2 and SSAE 16 standards. Employees are subject to disciplinary action including termination for failure to comply with security policies. Centrify is audited annually by an independent 3rd party to assess the design and effectiveness of the security program and controls; the results are in the SOC II Type 2 report, available upon request with a fully-executed MNDA. Centrify’s privacy program and controls are also audited annually for compliance with relevant security requirements; the policy and results are available at: https://www.centrify.com/privacy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Production changes are documented in a ticket system and undergo review and approval by operations management.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Centrify tests for vulnerabilities through multiple channels, including 3rd party application vulnerability testing, bug bounty programs, 3rd party source code security testing, active network scanning, monitoring of vendor and industry security alerts, and annual risk assessments. Microsoft also maintains additional controls to manage physical, OS and network-level threats to the Azure platform. Identified vulnerabilities and risks are tracked in an internal ticketing system from identification through resolution. Patches and relevant information releases to customers are made with expedience, according to the risk of the identified vulnerability.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Centrify monitors application and platform components of the service for potential issues. Cloud Operations staff monitor alerts and logs for issues, and log a ticket for issues that require remediation. In the event of application or data compromise affecting customer data, the customer is notified immediately and remains in contact with the remediation team until resolution. More information on response times are provided in the EULA or SLSA.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Centrify maintains an incident response policy and program, with defined processes, roles and responsibilities. Customers may submit security issues through the normal support channels or any additional channels as provided in the EULA or SLSA. Incident reports are provided through the support channel to the primary support contact for the customer, or through security channels as provided in the EULA or SLSA.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3189 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 30 day fully featured free trial or Express version with limited functionality, optionally supported with Pre-Sales Support.
Link to free trial https://www.centrify.com/free-trial/

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑