Call a Specialist Today! 800-886-5369

BeyondTrust PowerBroker Identity Services Open
Making Unix, Linux and Mac Systems First-Class Citizens in Windows Environments

BeyondTrust Products
PowerBroker Identity Services Open Edition License
PowerBroker Identity Services Open Edition 5 Incidents
Contact us for pricing!
PowerBroker Identity Services Open Edition 10 Incidents
Contact us for pricing!

Click here to jump to more pricing!


Core Active Directory Authentication for Linux, UNIX, and Mac Systems

The PowerBroker Open project was launched in December, 2007. Since that time over 100,000 organizations in both the public and private sector have used PowerBroker Open for core Active Directory authentication for Linux, UNIX, and Mac systems by joining them to Active Directory domains.

PowerBroker Identity Services Open is a complete, clean room, ground-up, Windows-compatible implementation based on a modern architecture. PBISO provides a modular, programmatic, solution that pays particular attention to clarity, extensibility, and usability. This allows ISVs to easily incorporate our solution. PowerBroker Identity Services uses pluggable authentication modules (PAM) and name service switch (NSS). It supports Kerberos, NTLM, and SPNEGO authentication.

PowerBroker Open is available under a GPL/LGPL v2 license or with a commercial license.

Features and Benefits:


  • Manage Active Directory from Linux or Mac OS X: Joins Linux, UNIX, and Mac OS systems to Active Directory in a single step via a GUI tool or from the command line.
  • User Management: Authenticates users with a single username and password on Windows and non-Windows systems.


  • Access Control: Enforces password polices across Windows and non-Windows systems.
  • Credential Caching: If you lose network access or the domain controller is down, you keep working.

How It Works:

Active Directory

PowerBroker Identity Services extends existing Active Directory infrastructure to nonWindows platforms. The solution increases security and enables you to meet regulatory compliance mandates by enabling users of non-Windows platforms to employ a single username and password. In addition to centralizing authentication, PowerBroker Identity Services enables you to leverage Active Directory group membership to easily provide effective access control for users of Unix, Linux and Mac systems.

Group Policy

Group Policy enables centralized configuration management of Microsoft Windows operating systems and supported applications. PowerBroker Identity Services extends Group Policy benefits to Unix, Linux and Mac. The solution’s Active Directory authentication capability enables you to implement a single account / single password policy for Windows, Unix, Linux and Mac. With the flexibility of Group Policy, you can define logon rights, message of the day, distribute files and directories, mount volumes, and hundreds of other settings. The solution also extends Microsoft Group policy with platform specific connectors, allowing you to achieve a consistent configuration across non-Windows platforms in Active Directory.

PowerBroker Identity Services extends Active Directory and Group Policy to non-Windows platforms enterprise-wide.

Before PowerBroker Identity Services
After PowerBroker Identity Services

Open vs. Enterprise Compare:

PowerBroker Identity Services: Enterprise Edtion

PowerBroker Identity Services provides customers with enhanced security, reduced costs, and the ability to demonstrate compliance. The product includes familiar Windowsbased tools to easily and seamlessly integrate non-Windows systems with Microsoft Active Directory. The product runs on VMs to connect them with Active Directory.

PowerBroker Identity Services: Open Edtion

PowerBroker Identity Services Open joins machines to Microsoft Active Directory and securely authenticates users with their domain credentials for FREE.

Features Open Enterprise
Active Directory Authentication
Allow users to use their Active Directory Credentials (Username & Password) to gain access using native Kerberos/LDAP protocols to non-windows such as Unix, Linux and Macs. PowerBroker Identity Services is fully site-aware performing authentication with the same reliability as any windows system.
Multiple Domain and Forest Support
Users can authenticate and systems can be joined to multiple domains in the same or different forests. PowerBroker Identity Services supports all Windows trust types between Windows 2000 and higher domains - forests, external, 1-way, 2-way, SID filtered, transitive, non-transitive, and so on.
Single Sign-on
Enable SSO from desktop to remote machines or between systems without the need to constantly re-enter credentials. By leveraging Kerberos, Active Directory's Authentication Protocol, Single-sign-on is easy regardless of platform.
Distributed File System (DFS) Support
Location aware connectivity to Microsoft DFS namespace.
Samba Integration
Easily connect to SAMBA shares without having to re-enter enter your credentials.
Command Line Interface
Full system management from the command line.
Centralized Account Management
By consolidating accounts into Active Directory you have a centralized username and password.
Cached Credentials
Similar to a traditional Windows desktop if a user on Unix, Linux, or Mac cannot communicate with Active Directory PowerBroker Identity Services keeps a cached copy of the user’s credentials to allow for offline access
Customized UID & GID Mapping
All UID's and GID's for users and groups respectively can be customized based on existing systems, policy or other needs.
Group Policy for Unix & Linux
PowerBroker Identity Services extends the capabilities of the native group policy management tools to include specific group policy settings for Unix & Linux to attain a consistent configuration across the enterprise.
Group Policy for Mac
Optional integration of Microsoft GPO with Apple Workgroup Manager to provide the most extensive options for managing settings on Macs in your enterprise.
Snap-ins for ADUC and GPMC
All day-to-day management of users, groups, and policy configuration can be performed using native Microsoft management tools like Active Directory Users and Computers and Group Policy Management Console.
RFC 2307 Compliant
Store Unix information in Active Directory's RFC 2307 attributes for users and groups.
Flexible User Identification Model
The industry leading "Cells" model allows for flexible options to have different usernames, UIDs, GIDs and default shells for particular systems based on application or technical requirements.
Configure a wide array of success and failure SNMP traps via the command line and/or group policy.
Two Factor Authentication
Extensive support for smartcards and one-time passwords (OTP) systems providing a level of assurance when users access critical systems.
Operational Dashboard
Easy access to system status and metrics from a management console.
Centralized Reporting
Out of the box reports that will help with compliance and audit requirements, all accessible through a single interface.
Centralized Event Management
All audited activity is securely aggregated to a central event database.
24/7 Phone based support


BeyondTrust Products
PowerBroker Identity Services Open Edition License
PowerBroker Identity Services Open Edition 5 Incidents
Contact us for pricing!
PowerBroker Identity Services Open Edition 10 Incidents
Contact us for pricing!
PowerBroker Identity Services Open Edition Maintenance
PowerBroker Identity Services Open Edition Maintenance 5 Incidents
Contact us for pricing!
PowerBroker Identity Services Open Edition Maintenance 10 Incidents
Contact us for pricing!