Selecting a policy service

If you use Privileged Access Service for mobile device management, you can use either of two resources to set mobile device policies:

  • Admin Portal: You create policy sets and then link them to roles.
  • Windows Group Policy Management Editor: You create a group policy object and link them to an Active Directory/LDAP organizational unit. You then specify the organizational unit in the policy set that enables users to register devices.

The Privileged Access Service installs the policies on the role’s members’ devices only.

Both resources provide a comprehensive set of mobile device configuration policies for managing iOS, Android, and Samsung KNOX devices.

Which service you should use depends upon which identity repositories you are using.

  • If some of the users who will be registering devices have their accounts in the Centrify Directory and others have their accounts in Active Directory/LDAP, you must use the Centrify directory policy service to define policy sets for the devices.
  • If all of your users who will be registering devices have their accounts in Active Directory, you can use either the Windows Group Policy Management Editor or the Centrify directory policy service.