Configuring the Centrify Connector

The Centrify Connector enables secure communication between your internal network (AD or LDAP) and Privileged Access Service.

You can use the Centrify Connector to authenticate Privileged Access Service users by using their Active Directory or LDAP account or if you are adding resources and shared accounts to Privileged Access Service. Additionally, you can install additional connectors for load balancing and failover.

The Centrify Connector runs on a server that is joined to your domain (best practice is to not install on the domain controller) and manages communications between Active Directory/LDAP and Privileged Access Service. It also monitors Active Directory for group policy changes, which it sends to Privileged Access Service to update registered devices.

To integrate your Active Directory/LDAP service with Privileged Access Service, you need to install at least one connector on your network inside the firewall.

You can also install a Centrify Connector outside of Active Directory for use with gateway-based auditing. For details, see Auditing systems outside of Active Directory.

Updating HSTS header

The HSTS header enables you to use strict transport security on the connector service. The HSTS header is added by default to the Connector IWA Web Server response.

To turn the header on / off, use the registry setting on connector machine:

  1. The registry path is: HKEY_LOCAL_MACHINE\SOFTWARE\Centrify\Cloud\.
  2. If the registry keys do not exist, create them using DWORD (32-bit) values.
  3. Set EnableHSTS to 0 (OFF) or 1 (ON).
  4. Set the age of the User registry with the setting HstsAge. The default value is 31536000.