Active Directory specific information

If you are using an Active Directory domain as an ID repository, the Privileged Access Service adds the following login suffixes when the connector is installed:

  • The login suffix in the installer account name. This allows the administrator to log in to Admin Portal right after installing the connector.

    If the login suffix in the connector installer’s account is already in use in Privileged Access Service, an error message is displayed and you cannot use that domain name as a login suffix. (This occurs rarely but can happen.) Contact support if this happens to your account.

  • The domain name of the domain controller to which the host computer for the connector is joined.
  • If that domain controller is part of a tree or forest, the Privileged Access Service adds a login suffix for all other domains in the tree or forest it can locate.

    If you have users with Active Directory accounts in domains in a tree or forest that was not found or users who log in with their Office 365 account, you must add those login suffixes before these users can log in to Admin Portal and register a device.

    You can also create an alias for an Active Directory domain name. You would use an alias to simplify login for users with a long or complicated Active Directory login suffix. See Creating an alias for long Active Directory domain names for the details. You cannot create an alias for Centrify Directory login suffixes.