Login
    Contents x
    Centrify Identity Services
    • 05 Nov 2022
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Centrify Identity Services

    • Updated on 05 Nov 2022
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Centrify Identity Services manages application access, endpoints, and network infrastructure.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices
    • Users

    Parameters

    1. Centrify Tenant URL (required) - The URL for the tenant (e.g. mycompany.my.centrify.net)
    2. Application ID (required) - The Application ID (Created in Step 2)
    3. Client Scope (required) - The Scope name (Created in Step 3)
    4. Client ID and Client Secret (required) - Will be used to authorize the Confidential Client (In Step 4).
    5. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Centrify Tenant URL. For more details, see SSL Trust & CA Settings.
      • If enabled, the SSL certificate offered by the value supplied in Centrify Tenant URL will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
      • If disabled, the SSL certificate offered by the value supplied in Centrify Tenant URL will not be verified against the CA database inside of Axonius.
    6. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Centrify Tenant URL.
      • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Centrify Tenant URL.
      • If not supplied, Axonius will connect directly to the value supplied in Centrify Tenant URL.
    7. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    image.png


    Creating a Client Application in Centrify

    Creating a Confidential Client for Axonius Application in Centrify is required.
    Follow the instructions in Client Credentials Flow.

    • The Client Application requires the following Scope permissions (Step 3):
      • CDirectoryService/GetUsers
      • UPRest/GetResultantAppsForUser
      • Redrock/Query
    NOTE
    • The adapter performs queries using the Redrock/Query REST API endpoint against the following table(s):
      • VaultAccount
    • The query does not retrieve nor store any information about passwords, hashes, etc.
    • Axonius requires the account to be an OAuth Confidential Client (Step 4)
      • Important to enable the Is OAuth Confidential Client
    • User must be in a role that gives them access to use the APIs that the server is scoped to.

    API

    Axonius uses the Centrify Identity Services API

    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout