Privilege Service for Contractors
09-01-2016 06:15 PM
Ok, does anyone have a guide for deploying privilege service for contractors?
I have consultants that need access to certain servers and I can't seem to figure out the settings to make this happen without giving them User Portal and full Privilege Access.
I would want them to log directly into PS and then only see servers they have access to.
Driving me crazy.
09-02-2016 10:29 AM
Sure, try this.
In Centrify Privilege Service
1) Set up your resource in the Privilege service, set up an account for that resource that the contractor will use.
2) Open the permissions setting for that account. (Not permissions for the resource, they are different)
3) Add the contractor to the permissions list for that account and set the "Login" and "Portal Login" checkbox.
4) In your resource -> Policy section, enable the "Allow access from a public network" setting.
In Centrify Cloud Manager
1) Create a new role called "Contractor External Access" (your name may vary).
2) Assign the Administrative Right "Privilege Management (Limited)"
3) Add your Contractor to this role.
When your Contractor logs in to the cloud portal, he will see a tile for each of the servers he has access to. It will log him in with the pre-set account you configured in the privilege service.
He won't have access to the Privilege Manager, but he will see his servers on his cloud portal.
Please try this out and see if it works for you. I'd love to hear some feedback on how you make out.