About Windows local group mapping

With the Centrify Client for Windows, you can map local groups in Windows to roles in Centrify PAS.

For example, say you have two security groups:

  • groupA@corp.acme.com
  • groupB@widgets.com

You can configure those security groups to be members of a role in Centrify PAS, let's call it pas-winadmin.

groupA & groupB groups = pas-winadmin role

You can then map the Centrify PAS role to a local Windows administrator group to grant Windows administrator privileges.

The benefits of mapping Windows groups to Centrify PAS roles are:

  • On-demand group membership provisioning

    Your Windows credential provider automatically takes care of the group membership.

  • Ease of integration

    Use Centrify PAS as the central, corporate tool and workflow utility to manage group memberships, such as adds, moves, and other changes.

Also, if you have mapped any Centrify Directory accounts or federated accounts to the local "Administrators" group, your users can use those accounts to elevate privileges in a User Account Control credential prompt.

For details, see Configuring local group mapping.