- 12 Feb 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Centrify Identity Services
- Updated on 12 Feb 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Centrify Identity Services manages application access, endpoints, and network infrastructure.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
Centrify Tenant URL (required) - The URL for the tenant (e.g. mycompany.my.centrify.net)
Application ID (required) - The Application ID (Created in Step 2)
Client Scope (required) - The Scope name (Created in Step 3)
Client ID and Client Secret (required) - Will be used to authorize the Confidential Client (In Step 4).
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Creating a Client Application in Centrify
Creating a Confidential Client for Axonius Application in Centrify is required.
Follow the instructions in Client Credentials Flow.
- The Client Application requires the following Scope permissions (Step 3):
- CDirectoryService/GetUsers
- UPRest/GetResultantAppsForUser
- Redrock/Query
- The adapter performs queries using the Redrock/Query REST API endpoint against the following table(s):
- VaultAccount
- The query does not retrieve nor store any information about passwords, hashes, etc.
- Axonius requires the account to be an OAuth Confidential Client (Step 4)
- Important to enable the Is OAuth Confidential Client
- User must be in a role that gives them access to use the APIs that the server is scoped to.
API
Axonius uses the Centrify Identity Services API