How to set authentication security options

You can configure additional authentication security setting in the Admin Portal. The following configuration options are available from Settings > Authentication > Security Settings:

  • Use the Securely capture users’ passwords at login check box to capture user passwords using strong encryption.

    After this option is enabled, Privileged Access Service captures user passwords (using symmetric encryption with AES algorithm) the next time they log in. By default, Privileged Access Service does not capture user passwords. However, you might want to capture user passwords to support account mapping options for user password applications or to provision user passwords for supported applications. Unless capturing user passwords is required for a specific feature, Centrify recommends leaving this feature disabled.

  • Use the Enable forgot username self-service at login check box to allow users to retrieve their forgotten username. Users will be prompted to enter an email address to which the username will be sent if a Privileged Access Service account is found that matches the email address. Refer to How to customize the admin and login window for more information about customizing the email message sent to users when they try to retrieve their username(s).
  • Use the Send email notification to users when password is changed option to send an automated email after users reset their Privileged Access Service password via the forgot password process.
  • Use the Additional Attributes for MFA options to configure additional attributes (such as other mobile phone, other home phone, other office phone and other email addresses) for multi factor authentication (MFA). See Configuring additional attributes for MFA.
  • Use the Specify trusted DNS domains for API calls option to specify trusted domain names (for example your company domain, internet service provide domains like AT&T, etc.) that can make calls to Privileged Access Service APIs. If calls are made from domains not listed here, the call will fail.