Centrify, the leader in securing enterprise identities against cyberthreats, today announced it is one of the first identity providers to implement derived credentials for secure mobile access to apps, websites and services that require smart card authentication. Derived credentials allow common access card (CAC) and personal identity verification (PIV) based authentication via mobile devices, without requiring cumbersome, dedicated smart card readers. This new capability extends Centrify’s integration of identity-based security to mobility, offering secure single sign-on (SSO) in even the most highly regulated environments.
“We are very excited that Centrify now offers derived credential authentication from mobile devices, which historically has failed to move beyond the proof of concept stage,” said Bill Mann, chief product officer of Centrify. “Until now, users could only access highly secured apps and content via laptops and desktops, due to regulations mandating smart card-based two-factor authentication. Attempting to use mobile devices with smart card readers for the same access was cumbersome at best. This announcement opens the door to full mobility for state and federal government as well as security-conscious companies that rely on smart cards for authentication.”
While some standalone enterprise mobility management (EMM) vendors have built partnerships for derived credentials, they do not fully provide identity management or cloud application single sign-on. Centrify not only provides the solution for managing the device and derived credential, but also the ability to leverage that credential on the device for policy-based authentication and SSO into thousands of managed applications.
At a glance, Centrify’s derived credentials offer the following benefits:
- Secure CAC/PIV based SSO to cloud and on-premises apps
- Integrated device management to manage and lock down devices
- The ability to enroll devices and provision derived credentials to them
- Derived credential issuance from popular certificate authorities
- Compliance with FIPS 201-2 and NIST SP 800-157 to satisfy HSPD-12 and OMB-11-11, allowing mobile access to apps, websites, and services that require smart cards authentication
- App provisioning to set up user accounts within target applications
- Workflow to ensure only the right users get access
- Easy deployment into existing enrollment and issuance portals