As a primary identity source, Microsoft® Active Directory (AD) is often used for user authentication. However, effective security also requires granular access management. This is important for two reasons. First, it helps you control privileged users who require root and other functional accounts to administer servers. Second, it enables you to control end users accessing multiple applications.
By using Core Privileged Access Manager (BoKS) to add access management to active directory, you can enforce authorization and authentication of everyone seeking access to your IT assets while simplifying user authentication.
Core Privileged Access Manager (BoKS) provides a seamless way to add fine-grained access controls and privileged access management to your active directory processes. AD bridge capabilities make it easy to synchronize user account information between AD and the BoKS infrastructure, leveraging AD as the authoritative source of information. Access control administration, enforcement, and auditing is handled by Core Privileged Access Manager (BoKS).
How We Help You Gain Control of Access
Provision User Accounts
Automatically provision and de-provision user accounts and access rights across diverse servers, including propagated blocking of AD users to BoKS
Control Privileged Account Use
Enforce strict control over privileged account use without sharing passwords
Log into BoKS-Controlled Hosts
Enable AD users to log into BoKS controlled hosts seamlessly
Leverage Kerberos
Make use of standard technologies such as Kerberos, including support for Kerberos authentication in BoKS SSH (SSH, SFTP, SCP, su, suEXEC)
Enable Kerberos Ticket Delegation
Incorporate support for Kerberos ticket delegation and allow SSO in multiple steps between Kerberized servers
Maintain the AD Schema
Use standard “Identity Management for Unix” Microsoft AD component, which requires no changes in the AD schema
Provide a Microsoft Management Snap-In
Manipulate user account data in AD by providing a Microsoft Management Snap-In for AD 2016 onward
Support Multiple AD Domains
Enable support for multiple AD domains (forests) and multi-domain trusts
Capture Access Activity and Keystroke Logs
Get a high-level view of what’s happening by automatically capturing and consolidating access activity and keystroke logs across servers
The benefits of Microsoft AD bridging
Reduce Admin Overhead
Save time by allowing Microsoft Active Directory-trained help desk teams to administer Linux/UNIX accounts within AD, without logging into Linux/UNIX infrastructure.
Prevent Breaches
Protect sensitive information by consolidating user account data to be mastered within AD, and auto provisioning across Linux and UNIX infrastructures.