Active Directory Bridging: Add Access Controls to AD

Seamlessly add fine-grained access controls and privileged access management to AD


As a primary identity source, Microsoft® Active Directory (AD) is often used for user authentication. However, effective security also requires granular access management. This is important for two reasons. First, it helps you control privileged users who require root and other functional accounts to administer servers. Second, it enables you to control end users accessing multiple applications.

By using Core Privileged Access Manager (BoKS) to add access management to active directory, you can enforce authorization and authentication of everyone seeking access to your IT assets while simplifying user authentication.

Core Privileged Access Manager (BoKS) provides a seamless way to add fine-grained access controls and privileged access management to your active directory processes. AD bridge capabilities make it easy to synchronize user account information between AD and the BoKS infrastructure, leveraging AD as the authoritative source of information. Access control administration, enforcement, and auditing is handled by Core Privileged Access Manager (BoKS).

Microsoft Active Directory

How We Help You Gain Control of Access

Provision User Accounts

Automatically provision and de-provision user accounts and access rights across diverse servers, including propagated blocking of AD users to BoKS

Control Privileged Account Use

Enforce strict control over privileged account use without sharing passwords

Log into BoKS-Controlled Hosts

Enable AD users to log into BoKS controlled hosts seamlessly

Leverage Kerberos

Make use of standard technologies such as Kerberos, including support for Kerberos authentication in BoKS SSH (SSH, SFTP, SCP, su, suEXEC)

Enable Kerberos Ticket Delegation

Incorporate support for Kerberos ticket delegation and allow SSO in multiple steps between Kerberized servers

Maintain the AD Schema

Use standard “Identity Management for Unix” Microsoft AD component, which requires no changes in the AD schema

Provide a Microsoft Management Snap-In

Manipulate user account data in AD by providing a Microsoft Management Snap-In for AD 2016 onward

Support Multiple AD Domains

Enable support for multiple AD domains (forests) and multi-domain trusts

Capture Access Activity and Keystroke Logs

Get a high-level view of what’s happening by automatically capturing and consolidating access activity and keystroke logs across servers

The benefits of Microsoft AD bridging

Left Column
BoKS ServerControl - Quickly Meet Compliance

Meet Compliance Requirements

Quickly meet access/authorization regulations as described in SOX, HIPAA, GLBA, PCI DSS, FDCC, and FISMA.

Middle Column
BoKS ServerControl - Reduce Admin Overhead

Reduce Admin Overhead

Save time by allowing Microsoft Active Directory-trained help desk teams to administer Linux/UNIX accounts within AD, without logging into Linux/UNIX infrastructure.

Right Column
BoKS ServerControl - Prevent Breaches

Prevent Breaches

Protect sensitive information by consolidating user account data to be mastered within AD, and auto provisioning across Linux and UNIX infrastructures.

Get Started

Ready to gain control with privileged access management?