Centrify Identity Services
  • 12 Feb 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Centrify Identity Services

  • Dark
    Light
  • PDF

Article summary

Centrify Identity Services manages application access, endpoints, and network infrastructure.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Centrify Tenant URL (required) - The URL for the tenant (e.g. mycompany.my.centrify.net)

  2. Application ID (required) - The Application ID (Created in Step 2)

  3. Client Scope (required) - The Scope name (Created in Step 3)

  4. Client ID and Client Secret (required) - Will be used to authorize the Confidential Client (In Step 4).

  5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  6. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  7. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png


Creating a Client Application in Centrify

Creating a Confidential Client for Axonius Application in Centrify is required.
Follow the instructions in Client Credentials Flow.

  • The Client Application requires the following Scope permissions (Step 3):
    • CDirectoryService/GetUsers
    • UPRest/GetResultantAppsForUser
    • Redrock/Query
NOTE
  • The adapter performs queries using the Redrock/Query REST API endpoint against the following table(s):
    • VaultAccount
  • The query does not retrieve nor store any information about passwords, hashes, etc.
  • Axonius requires the account to be an OAuth Confidential Client (Step 4)
    • Important to enable the Is OAuth Confidential Client
  • User must be in a role that gives them access to use the APIs that the server is scoped to.

API

Axonius uses the Centrify Identity Services API


Was this article helpful?