Adding SaaS Applications

By Vino ‎01-20-2016 10:11 AM

If you are using Identity Service for single sign-on to SaaS applications, you use Cloud Manager to add SaaS and/or mobile applications and assign them to one or more roles. The users in those roles can then open the applications from the User portal and mobile devices.


Identity Service provides comprehensive, application-specific help for adding a wide variety of SaaS applications (see Centrify Application Configuration Help.) If you are adding an application that uses SAML, please see Creating a Custom SAML Application Profile for details.


Steps to Add an Application


1. Click the Apps tab

2. Click Add App

3. Type the name of the app that you want to add into the search box

4. Click the desired app (a check will appear)

5. Click Add App

6. Click User Access and select the Role(s) that you want to make the app available for

7. Click Application Help for specifics on configuring that app.

8. Click Save.

Managing Users

By Vino on ‎01-20-2016 10:11 AM - last edited ‎01-20-2016 03:28 PM

The Users page in Cloud Manager lists all of the user accounts in the Centrify Identity Platform. This includes all of the users you create in the Centrify user service and, if you are using Active Directory/LDAP for user authentication, the Active Directory/LDAP users who have logged in to the Centrify User Portal or enrolled devices.


Account Sources


The two account sources are:


  1. 1. Active Directory/LDAP: These users are authenticated using their Active Directory/LDAP accounts. The account’s Active Directory/LDAP domain is shown in the parenthesis. Any user with an Active Directory/LDAP account can log in to the Centrify user portal. Users need to login using their fill AD username or email address and password. However, to enroll a device, the user must be a member of a role that has Permit Device Enrollment Policy in the Device Enrollment settings set to Yes.                                                                                                      
  2. 2. Cloud: The users with a Centrify user service account. You must create cloud accounts explicitly before these users can log in to the user portal or enroll a device. You can add cloud accounts individually or in bulk from a CSV file or Excel spreadsheet. Cloud-based users must be members of the “Everybody” role.

Mobile Device Management

By Vino on ‎01-20-2016 10:11 AM - last edited ‎01-20-2016 03:13 PM

To perform device management, your role must have the Identity Platform Device Management administrative rights to view and manage devices. You use Cloud Manager to manage devices enrolled in the Centrify Identity Platform.


The Devices page in Cloud Manager will list the enrolled devices and provides you details about the device configuration, installed applications, and activity.


When you use the Centrify Identity Platform for mobile device management, it also performs the following actions:



Note: You can also install mobile device policies and mobile applications on enrolled devices. See Managing Device Configuration Policies and Adding and Deploying Mobile Applications Using Cloud Manager for the details.


See Supported Devices for the list of mobile devices that can be enrolled in the Identity Platform and their operating system requirements.


Enabling Users to Enroll Devices:


1. Open Cloud Manager, click Roles

2. Either create a new Role or select an existing role

3. Click Members and then Add

4. On the Add Members window:

             - Enter the first few letters of the user, role, or Active Directory/LDAP account/group you want to add and click the search icon

             - Select the relevant user, role, or Active Directory/LDAP account/group and click Add

5. Click Save to save the changes

6. Click Policies and either click Add Policy Set or select an existing policy

7. ExpandMobile Device Policies, and click Device Enrollment Settings

8. Select Yes for Permit Device Enrollment Policy

9. Configure the remainder of the policies

              - See Device Enrollment Settings - Enabling Users to Enroll Devices for details

10. Click Save

11. Click Policy Settings

12. Click Apply Policy to Specified Roles and select the role you created or selected in Step 2

13. Click Save

Setting Integrated Windows Authentication (IWA)

By Vino on ‎01-20-2016 10:11 AM - last edited ‎01-20-2016 03:00 PM

The Centrify Identity Platform lets you accept an Integrated Windows Authentication connection as sufficient authentication for users with Active Directory accounts when they login to Cloud Manager or the Centrify User Portal.




To use Integrated Windows Authentication, users must specify their login suffix in the portal URL in the following form where <loginsuffix> is the login suffix for their account (see Using Login Suffixes):


By default, Integrated Windows Authentication is enabled when you install the cloud connector. You enable the IWA settings by opening the Settings page in Cloud Manager and clicking the Cloud Connector tab. Right-click the cloud connector and click Modify. See Configuring Cloud Connectors to determine the current IWA setting and configuration.


Allowing Integrated Windows Authentication Cookie for Applications that Require Strong Authentication: 


  1. Open Cloud Manager, click Policies, and select the policy set.
  2. Under Policy Settings, expand Account Security Policies, and click Authentication
  3. Click the drop-down list and click Yes.
  4. Enable the Set Identity Cookie for IWA connections 

Use this option to enable Integrated Windows Authentication. If you do not set this option, the cookie is not written in the browser after a successful IWA-based login.


  1. Click Save

Centrify Cloud Connector Set-Up

By Vino on ‎01-20-2016 10:10 AM - last edited ‎01-22-2016 09:02 AM

For customers who want to integrate the Centrify Cloud with their on-premises Active Directory or LDAP directory for user authentication or to connect to their on-premises applications like SAP NetWeaver / SharePoint / etc. without the need for VPN, a Centrify supplied software program called the Centrify Cloud Connector needs to be installed inside their environment. The Centrify Cloud Connector is a simple Windows service that runs behind a customer’s firewall to provide real-time authentication, policy and access to user profiles without synchronizing data to the cloud.


The Cloud Connector seamlessly integrates with Active Directory or LDAP without opening extra ports in an organization’s firewall, or adding devices in their DMZ and acts as a gateway for access to on-premise applications without the need for VPN.


The Cloud Connector delivers the following security capabilities:


  • For each tenant, a unique PKI Certificate is issued from the Centrify Cloud to the Cloud Connector during registration.
  • All communications between the Centrify Cloud and the Centrify Cloud Connector are encrypted and mutually authenticated for each tenant using these unique certificates.

None of the traffic between the Centrify Cloud and the Cloud Connector can be read by the Azure infrastructure.



Installing the Centrify Cloud Connector


The Centrify Cloud Connector can be downloaded directly from the tenant. To integrate Active Directory into the Centrify Cloud, the Cloud Connector must be installed on a Domain joined Windows system. To integrate a LDAP directory into the Centrify Cloud Service, the Cloud Connector must be installed on a Windows system that is able to communicate with the LDAP directory.

Initial configuration of the Cloud Connector follows installation with the Cloud Connector Configuration Wizard, which launches automatically. For both, Active Directory and LDAP directories, the initial installation and configuration is the same. Please note, the additional configuration needed for LDAP directories is covered in the next section.


Here's a video on how to set-up the cloud connector or you could review the steps below:




Steps to Installing Centrify Cloud Connector:


1. Log on to the Centrify Cloud Manager at

2. Click on Settings

3. Click on Cloud Connectors

4. Click on Add Cloud Connector


5. Click on Download 64 bit to download the Cloud Connector application installer to your local hard drive





For integrating Active Directory with the Centrify Cloud Service, the Cloud Connector must be installed on a Domain joined Windows system.


For integrating LDAP directory with the Centrify Cloud Service, the Cloud Connector must be installed on a Windows system that can communicate with the LDAP directory.


6. Using Windows Explorer, locate the file downloaded and extract the content onto the System where you want to install the Cloud Connector

7. Double click the Cloud-Mgmt-Suite-xx.x-win64.exe installer


Picture5.png8. Click on Next

Picture6.png9. Check the “I accept the terms in the license agreement” and click on Next


Picture7.png  9. Follow the wizard instructions and click on Install

10.Once the installer finishes, the Cloud Connector configuration dialog will open automatically

12. To start the configuration, click on Next



13. Enter your tenant administrative username and password


 Your role must have the Register Cloud Connectors administrative right to download the Centrify Cloud Management Suite package and register the Cloud Connector


14. Optionally you can configure a web proxy for connection to the Centrify Cloud Service

15. Click on Next 


pic 10.png 

16. The Cloud Connector will validate the configuration and test connection to the Centrify Cloud Service. Upon successful completion of the tests, the Cloud Connector will connect to the Cloud Service and start the Cloud Connector services



pic 17.png



17. Click on Finish

18. Within the Centrify Admin Portal go to Settings > Cloud Connectors to confirm successful connection to your Cloud Connector

19. This is all the configuration needed to enable users to authenticate using their domain credentials against on-premise Active Directory


pic 19.png

Enabling LDAP Directory Authentication

1. Within the Centrify Admin Console, go to Settings > Directory Services

2. Click on Add LDAP Directory


3. Fill out all the fields in the Add LDAP dialog and click on Test Connection


For example, a LDAP directory for the company with an admin user in a container for Users under the root, the configuration would be:


  • Base DN: DC=centrifydemo,DC=us
  • Bind DN: CN=admin,CN=Users, DC=centrifydemo,DC=us

This is just an example and the LDAP prefix depends on the LDAP server schema configuration.



4. Under Roles you can now select from which User Directory to add users to a Role for authentication and authorization. Go to Roles > double click on an existing Role (or add a new Role) > Members > Add Members



Cloud Tenant Registration

By Vino ‎01-20-2016 10:10 AM

The first step in setting up Centrify Identity Service is to register and access your cloud tenant. The steps below will give you the instructions on how to proceed with this. If you have already registered your Cloud Tenant, you may skip this section.


1. Register here for your Cloud tenant





2. An email will be sent to the registered email address with a link to activate your account

3. After account activation is complete, the cloud tenant Customer ID and login credentials will be sent via a secondary email along with next steps

4. Login to the Centrify Cloud Manager portal at using the administrator account provided via the second email – you will be prompted to change your password during your first login

Hello and Welcome to Centrify Identity Service Technical Implementation Guide!


Centrify Identity Service offers an easy-to-deploy, cloud-based service that enables centralized and secure mobile device management using existing directory service infrastructure. It provides single sign-on to cloud, on-premise and mobile apps, as well as multi-factor authentication. Centrify uses cloud policy, or familiar Active Directory Group Policy, to manage devices and enforce app policies over a secure cloud connection. Centrify Identity Service enables single sign-on to cloud, mobile and custom apps, while enabling device-aware policy to meet IT security needs.


This guide will take you through the basic steps to set-up Centrify's Admin portal. If you have completed any of these steps, please skip that section and move on to the next step.


1. Cloud Tenant Registration

2. Centrify Cloud Connector Set-up 

3. Mobile Device Management

4. Setting Intergrated Windows Authentication (IWA)

5. Managing Users

6. Adding SaaS Applications


Click here to access our Centrify Identity Service Getting Started Guide. This is a companion document which should be used in conjunction with the Technical Implementation Guide.

Centrify Identity Service Getting Started Guide

By Centrify on ‎01-18-2016 11:50 AM - last edited ‎05-05-2016 09:17 AM

[Admin Edit: Please go to the Identity Service Getting Started Microsite for an updated version of this guide]


Congratulations! You have taken the first step to protecting your organization from the leading point of attack from data breaches, compromised user credentials, as well as enabling your end-users to easily access their business applications, all in one secure step.


To help drive a successful partnership, we have put together a set of resources  for you to leverage. Within this document you will find a step-by-step guide that walks you through the implementation and deployment phases as well best practices for Centrify Identity Service.


Click here to access our Centrify Identity Service Technical Implementation Guide. This is a companion document which should be used in conjunction to this powerpoint.

Showing results for 
Search instead for 
Do you mean 

Community Control Panel