Active Directory Bridge: Add Access Controls to AD

Active Directory (AD) is often a primary identity source and is, therefore, used for authentication of users. However, for effective security, you also need granular access management, both to control privileged users who require root and other functional accounts to administer servers, and to control end users accessing multiple applications. By adding access management to active directory by using FoxT AD Bridge (an optional add-on module), you will be able to enforce authorization and authentication of everyone seeking access to your IT assets while simplifying the authentication of the user.

FoxT ServerControl, with its AD Bridge functionality, provides a seamless way to add fine-grained access controls and privileged access management to your Active Directory processes. The FoxT AD Bridge capabilities make it very easy to synchronize user account information between AD and the FoxT ServerControl infrastructure, leveraging AD as the main source of information. Access control administration, enforcement, and audit is handled by the FoxT ServerControl. Other key features include:

• Automatically provision and de-provision user accounts and access rights across diverse servers and applications including propagated blocking of AD users to FoxT
• Controls use of privileged accounts without sharing passwords
• Enables AD users to seamlessly log into FoxT controlled hosts
• Leverages standard technologies such as Kerberos including support for Kerberos authentication in FoxT SSH (ssh, sftp, scp, su, suexec)
• Supports Kerberos ticket delegation and allows SSO in multiple steps between Kerberized servers
• No changes required in AD schema; uses standard Microsoft AD component "Identity Management for Unix"
• Supports multiple AD domains (forests) and multi-domain trust
• Automatically captures and consolidates access activity and keystroke logs across servers and applications