With Centrify Clients for Windows, you can map local groups in Windows to roles in Centrify PAS.
For example, say you have two security groups:
You can configure those security groups to be members of a role in Centrify PAS, let's call it pas-winadmin.
groupA & groupB groups = pas-winadmin role
You can then map the Centrify PAS role to a local Windows administrator group to grant Windows administrator privileges.
The benefits of mapping Windows groups to Centrify PAS roles are:
On-demand group membership provisioning
Your Windows credential provider automatically takes care of the group membership.
Ease of integration
Use Centrify PAS as the central, corporate tool and workflow utility to manage group memberships, such as adds, moves, and other changes.
Also, if you have mapped any Centrify Directory Service accounts or federated accounts to the local "Administrators" group, your users can use those accounts to elevate privileges in a User Account Control credential prompt.
For details, see Configuring Local Group Mapping.