Overall Requirements

To install and configure a Centrify Connector you need the following:

Item Description

Privileged Access Service Management Suite installer

This program installs the connector, Active Directory/LDAP and group policy console extensions, and the Centrify Connector Configuration Program. To get the installer, you open Admin Portal, click Settings, Network, Centrify Connectors, and Add connector.

Repeat this procedure every time you install a connector to ensure you get the latest version of the connector.

Host computer joined to the domain controller

You install the Centrify Connector on a Windows computer to establish the communications link between the Privileged Access Service and Active Directory domain controller.

If you are referencing accounts in an Active Directory tree or forest, the connector can be joined to any domain controller in the tree (it does not need to be the root). In addition, that domain controller must have two-way, transitive trust relationships with the other domain controllers. See Supporting user authentication for multiple domains for the details.

This computer must be in your internal network and meet or exceed the following requirements:

  • Windows Server 2008 R2, 2012, 2012 R2, and 2016. All running 64-bit with 8 GB of memory, of which 4 GB should be available for connector cache functions.
  • Has Internet access so that it can access the Privileged Access Service.
  • Has a Baltimore Cyber Trust Root CA certificate installed in the Local Machine Trusted Certificate root authorities store.
  • Microsoft .NET version 4.5 or later; if it isn’t already installed, the installer installs it for you.
  • Be a server or server-like computer that is always running and accessible.

Permissions on the connector machine

To install the Centrify Connector, you need to be the local administrator on the Centrify Connector machine. See Installation and service account privilege requirements for more permissions requirements.

Firewall and external IP address requirements

See Firewall and external IP address requirements.

Execute VBScript

The server must be able to execute VBScript during the installation.

Web proxy server (optional)

If your network is configured with a web proxy server that you want to use to connect to Privileged Access Service, you specify this server during the installation process. The web proxy server must support HTTP1.1 chunked encoding.