Before you start configuring IWA with Privileged Access Service, make sure you have done the following:

  • Relevant browsers are configured for IWA. See How to configure browsers for silent authentication.
  • Specify an external corporate IP range using Admin Portal. See How to set Corporate IP ranges. Corporate IP range for IWA is for the external network only.
  • Your company has at least 1 Centrify connector with web server enabled and that connector must be joined to Active Directory in the forest to which users are authenticating. See Enabling IWA service on the connector.
  • Decide if you want to use the Centrify tenant CA (recommended because the CA automatically installs to the Centrify connector and minimizes configuration steps during roll-out), third-party CA (such as Symantec, GoDaddy, and so forth), or your internal CA.