The Centrify IWA root CA certificate is required for silent authentication into the Centrify User Portal or Admin Portal, and for computer MFA login. This article will walk through the steps for downloading the IWA root CA certificate for deployment.

 

Prerequisite: Install the Centrify Connector on a 64-bit system or VM inside your network.

 

1. Log into the Centrify Admin Portal. On the left column, navigate to Settings  > Network > Centrify Connectors.

connector-navigation.png

 

2. Click on the name of any Centrify Connector listed in the right pane. The Centrify Connector Configuration window will popup. 

connector-name.png

 

3. In the Centrify Connector Configuration window, click on IWA Service, then click on Download your IWA root CA certificate

download IWA root certificate.png

 

Make sure you select the link "Download your IWA root CA certificate" and not the Download button above the link.

rootCAcertificate.png

 

 Next: Deploy the Centrify IWA root CA certificate using group policies

 

Here is a video on how to do it

Related article: [Howto] Spotting and Remediating issues with PKI Trust on MFA (UNIX/Linux/Windows) or Enrollment

Centrify Infrastructure Services 2017.3 - Centrify Agent for Windows

 

This is a part of a series of articles showcasing what's new with Centrify Infrastructure Services (formerly Centrify Server Suite) version 2017.3.  In this article, we'll discuss what's new with the Centrify Agent for Windows including:

  • Self-Service Password Reset using the Windows Credential Provider.
  • Windows 10 MDM Enrollment.

These capabilities complement some of the platform benefits like Self-Service, Multi-Factor Authentication and Zero Sign-On.

Read more...

Enforcing inactivity logout for Linux CLI

By Centrify Advisor III a month ago - last edited a month ago

Various security standards require the computer screen to be locked or logged off after a period of inactivity. This article will show you how to use Centrify to enforce an automatic log out from the Linux CLI after a period of inactivity.

 

Requirements:

  • The Linux system must have the Centrify Agent installed and bound to Active Directory.
  • You will need Group Policy Management on a Windows member server with the Centrify Infrastructure Services installed.

 

1. In Group Policy Management, edit or create a GPO for your Linux system.

2. Enable Computer Configuration > Policies > Centrify Settings > Common UNIX Settings > Specify commands to run 

Unix.png

 

 

2. Click Add.

timeoutscript.png

 

3. Enter a custom command, then click OK.

enterscript.png

 

For CentOS use:

grep -q -F TMOUT=900 /etc/bashrc || echo TMOUT=900 >> /etc/bashrc

 

For Ubuntu use:

grep -q -F TMOUT=900 /etc/bash.bashrc || echo TMOUT=900 >> /etc/bash.bashrc

 

Change the numbers in the command to your desired number in seconds. Please note the operating system might round up or down to the closest supported minute. 

 

4. Reboot the Linux system for the setting to apply.

 

The Centrify Agent will execute the script at every Active Directory group policy interval (default 90 minutes). 

 

 Please share if you have a better script or method.

 

Other related articles

Enforcing screen lock for MacOS

Are you looking for some data that just isn’t covered in the stock reports?

 

You’ve come to the right place!  In this blog, I want to show you some of the basics of writing your own custom reports.

Read more...

Showing results for 
Search instead for 
Do you mean 
Labels
Leaderboard

Community Control Panel