Centralized authentication

Centralized authentication

Wallix AdminBastion centralized authentication enables all Wallix AdminBastion users to log onto all devices for which they are authorised using a single password and without the need to know the password for the account on the target device.

Centralized authentication functions in the following manner:

1° The Wallix AdminBastion user must first be authenticated on Wallix, using his/her authentication data (login/password or SSH key), that may be stored in Wallix AdminBastion, or in an external directory (LDAP, Active Directory, Radius, etc.).

2° The use must then indicate the desired device (e.g. Sun server), along with the account to use (e.g. root).

3° If the user possesses the required access rights to use this account on this device, Wallix AdminBastion logs onto the target device and sends the login/password pair corresponding to the credentials of the account to use on the target device.

AES 256 ALGORITHM ENCRYPTION

The password for the target account is therefore not provided by the Wallix AdminBastion user, but rather is stored in the Wallix AdminBastion database and encrypted using the AES256 symmetric encryption algorithm.

Thus, the service provider (or internal administrator) does not need to know the passwords for the target devices in order to log on, thus avoiding the need to disclose sensitive passwords to non-company staff.

A SINGLE PASSWORD FOR ALL DEVICES

Additionally, only one password is required to log onto all authorised target devices.

Finally, as the passwords for the target accounts are known only to Wallix AdminBastion, they are thus of the "machine to machine" type and can be significantly stronger than passwords for use by humans.

Contact us

wallix.com