Configuring Local Group Mapping
With Local Group Mapping, you can map a cloud role to a local group on a Windows system. For example, you create a group in Privileged Access Service and call it "local admins" and map it the local group Administrators. Members of the cloud role “local admins” will be added to the local Windows group Administrators when they are logged into the system. You must have the Centrify Client for Windows installed to use Local Group Mapping.
To add a group Local Group Mapping, perform the following steps:
- Navigate to Resources > Systems. Choose a system and click Local Group Mapping from the left-hand navigation.
- Select the role you would like to add by clicking Select and choose the roles you would like to add:
then add the local groups and click OK and you will see the group mapping added.
Note: There is no verification on local group naming. If there is a typo in the group naming, the system will look for the group on the local system but may not match due to misspelling and the user will not be added. Additionally, if there is a space in the group name both words must be encased in double quote marks " ".
To verify the group membership, open the Computer Management utility and navigate to Local Users and Groups, and either:
Select Groups, double-click on the group you’re adding user to (Administrators in our example), or
Select Users, double-click on the user and then switch to the Member Of tab.