The Centrify IWA root CA certificate is required for silent authentication into the Centrify User Portal or Admin Portal, and for computer MFA login. This article will walk through the steps for downloading the IWA root CA certificate for deployment.
Prerequisite: Install the Centrify Connector on a 64-bit system or VM inside your network.
1. Log into the Centrify Admin Portal. On the left column, navigate to Settings > Network > Centrify Connectors.
2. Click on the name of any Centrify Connector listed in the right pane. The Centrify Connector Configuration window will popup.
3. In the Centrify Connector Configuration window, click on IWA Service, then click on Download your IWA root CA certificate.
Make sure you select the link "Download your IWA root CA certificate" and not the Download button above the link.
Here is a video on how to do it
[What's new] Infrastructure Services 2017.3 - Windows Self-Service Password Reset and MDM Enrollment
Centrify Infrastructure Services 2017.3 - Centrify Agent for Windows™
This is a part of a series of articles showcasing what's new with Centrify Infrastructure Services (formerly Centrify Server Suite) version 2017.3. In this article, we'll discuss what's new with the Centrify Agent for Windows™ including:
- Self-Service Password Reset using the Windows Credential Provider.
- Windows 10 MDM Enrollment.
These capabilities complement some of the platform benefits like Self-Service, Multi-Factor Authentication and Zero Sign-On.Read more...
Various security standards require the computer screen to be locked or logged off after a period of inactivity. This article will show you how to use Centrify to enforce an automatic log out from the Linux CLI after a period of inactivity.
- The Linux system must have the Centrify Agent installed and bound to Active Directory.
- You will need Group Policy Management on a Windows member server with the Centrify Infrastructure Services installed.
1. In Group Policy Management, edit or create a GPO for your Linux system.
2. Enable Computer Configuration > Policies > Centrify Settings > Common UNIX Settings > Specify commands to run
2. Click Add.
3. Enter a custom command, then click OK.
For CentOS use:
grep -q -F TMOUT=900 /etc/bashrc || echo TMOUT=900 >> /etc/bashrc
For Ubuntu use:
grep -q -F TMOUT=900 /etc/bash.bashrc || echo TMOUT=900 >> /etc/bash.bashrc
Change the numbers in the command to your desired number in seconds. Please note the operating system might round up or down to the closest supported minute.
4. Reboot the Linux system for the setting to apply.
The Centrify Agent will execute the script at every Active Directory group policy interval (default 90 minutes).
Please share if you have a better script or method.
Other related articles
Are you looking for some data that just isn’t covered in the stock reports?
You’ve come to the right place! In this blog, I want to show you some of the basics of writing your own custom reports.Read more...