Identity Management in Red Hat Enterprise Linux

Centralized identity management is key

Centralizing identity and access management across all systems within your infrastructure can put a tremendous burden on IT—especially for those who face stringent governance and compliance requirements.

Red Hat supports your identity and access management strategy with a simplified, dependable, and consistent authentication experience in an open hybrid cloud environment. Allow end-to-end management so that access or permissions can be granted or revoked quickly. Manage identities across bare metal, virtual, hybrid cloud, and edge computing environments from a centralized location to help mitigate security or compliance risk. 

Identity Management in Red Hat Enterprise Linux

Red Hat® Enterprise Linux® allows you to centralize identity management, enforce security controls, and comply with security standards.

Centralize—Manage identities and enforce authentication policies from a centralized location to ensure consistency across all platforms and footprints, improve the user experience, and ease IT burden.

Secure—Configure access requirements and customize permissions to enforce security controls based on the principle of least-privilege, ensuring the right people have the right access at the right time. 

Comply—Implement compliance best practices and standards such as session recording and audit reporting with an independently certified solution that supports your overall identity management strategy.

Red Hat Enterprise Linux Identity Management (IdM) feature highlights

Domain controller for Linux—Centrally manage identities, access, and policies for all users, services, and hosts within this trusted and centralized identity store. This helps reduce administrative overhead and simplifies domain registration to create a trusted security boundary. Users get a streamlined user authentication experience.

Certificate management authority and tooling—Simplify the complete certificate management life cycle for users, hosts, and services. Create certificates based on various profile extensions (x509, ACME, SCEP, SSL/TLS) to work with your ecosystem, automatically track certificate expiration dates and ensure timely renewals, and verify that identities are trusted using PKI authentication. 

Active Directory integration—Bridge the user identity gap between Linux and Windows with the native Red Hat Enterprise Linux integration with Active Directory. Use Active Directory as a single source of truth for user identities and apply tailored access control policies directly to the Linux domain to improve administrative efficiency and centralize where policies are created.

Kerberos single sign-on (SSO)—Simplify the user authentication process using Kerberos, the core of identity management authentication, to support SSO for infrastructure. Extend to services so they can authenticate without passwords and support web authentication using SSO (based on Keycloak).

Multifactor authentication—Take advantage of an extra layer of security by requiring multiple checks to verify an identity prior to granting access. Use cryptographic devices such as hardware tokens and smart cards or configure authentication types such as passwords, radius, password OTP, PKINIT, and hardened passwords.

Policy management—Support compliance mandates with built-in policy management. Every minor release of Red Hat Enterprise Linux is independently validated against FIPS standards, and every EUS release achieves Common Criteria Certification.

Session recording—Streamline auditing and compliance with terminal session recording. Select on a per-user, per-group basis, record both input (optional) and output along with environment and state of system, or record events as JSON-formatted audit records via file or system logging protocol (Syslog).

System roles—Save time and resources by making use of consistent and repeatable configuration workflows. Automation will significantly reduce the technical burden and manual tasks associated with deployment and identity administration over time.

Layered Red Hat identity management solutions

Red Hat Enterprise Linux includes a great amount of identity management capabilities, but for those with more specialized needs, Red Hat offers two add-on solutions:

Red Hat Certificate System is a certificate authority that supports advanced certificate management activity such as smart card provisioning, customized certificate types, and secure secret storage. Establish security-focused and trusted identity and communications using PKI-based protocols and encrypted key storage backed by hardware security modules (HSM) integration. Manage your own MFA through smart card and token provisioning and broaden your use cases with Common Criteria and Commercial Solutions for Classified (CSfC)-certified technology. 

Red Hat Directory Server is a Lightweight Directory Access Protocol (LDAP)-based directory that is scalable for large, diverse environments. Use near drop-in replacement for existing costly third-party LDAP solutions and manage distributed and complex directory topologies with a spectrum of replication options. This solution provides flexibility by providing customizable attributes and schema for your directory data.

Identity Management in Red Hat Enterprise Linux can:

Significantly simplify your identity management infrastructure.

  • Help meet modern compliance requirements like PCI DSS, USGCB, STIG.
  • Reduce the risk of unauthorized access or privilege escalation.
  • Create a foundation for a highly dynamic and scalable, cloud and container-capable, operational environment.
  • Preconfigure access controls on new systems, virtual machines (VMs), and containers.
  • Reduce the cost of day-to-day operation and the security burden on IT.