Skip to content
 

Brokered Authentication Service

What is a brokered Authentication Service?

The Brokered Authentication Service is a unique Delinea capability involving a Delinea Client (running on a host server) and the Delinea Platform (running as a SaaS service in the cloud).

When an administrator tries to log into a server, a software-based control must verify the credentials presented. That control must be able to query an enterprise directory that is authoritative for the user’s ID. This is trivial if everything is in the same network—the enterprise directory, the resource, and the access control software. However, for modern use cases, this is often not the case (for example, an enterprise Active Directory or LDAP on-premises but Linux and Windows instances running in an AWS VPC with no external internet access).

Traditional solutions are far from ideal. Site-to-site VPNs from the IaaS provider are expensive and required for every VPC, in every IaaS cloud, where you stand up resources. Another option is replicating some or all of your enterprise directory infrastructure in the cloud, and configuring trust between them. This, too, can be very expensive as well as adding complexity, reducing operational efficiency, and increasing your risk of having to open additional firewall ports.

Delinea Platform

Extend privileged access, everywhere, with Delinea Platform

Ensure least privilege best practices and improve your security posture across the enterprise, even as roles, permissions, and IT resources change.