Comparing Centrify clients to Centrify agents

In general, you use Centrify clients with Centrify PAS on systems that are as follows:

  • May or may not be joined to Active Directory
  • You create as a virtual instance for a short period of time
  • Log in with accounts from alternate directory sources

You use the Centrify agents (Centrify Agent for *NIX and Centrify Agent for Windows) with Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service for systems that are as follows:

  • Joined to Active Directory
  • Where you need the Privilege Elevation service

The following tables compare Centrify Client for Windows and Centrify Client for Linux that you download from the Admin Portal to the agents that come with the software for Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service.

The Centrify Agent for *NIX and Centrify Agent for Windows come with the software for Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service.

Clients and agents for UNIX and Linux Operating Systems

Category Centrify Agent for *NIX Centrify Client for Linux

Supported Platforms

UNIX:  AIX, HPUX, Solaris
Linux: All Popular 64-bit distributions.
Linux Containers: CoreOS, Red Hat Atomic

 

Linux: Amazon Linux, Red Hat Linux,
CentOS Linux, Oracle Linux, SuSe Linux,
Ubuntu Linux

Workstation OS Supported

Yes

Yes

Supported Directory Sources

  • Active Directory

  • Active Directory

  • Centrify Directory

  • Lightweight Directory Access Protocol

  • Google Directory

UNIX Identity Management

  • Auto-generated via Centrify or Apple schemes

  • Centrify Zones via Centrify Standard, RFC-2307, SFU

Auto-generated via Centrify Scheme for PAS

Authentication

Kerberos with NTLM fallback (clients work directly against Active Directory).

Brokered Authentication using SSL/TLS over REST against platform (clients work via the platform, connector talks to the target source directory)

Identity Assurance (MFA)

Supported via PAS Policy and Authentication Profiles

Supported via PAS Policy and Authentication Profiles

Frameworks

Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
Kerberos Protocol

Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
REST API

Role-based Access Control

Active Directory with Centrify Zone Authorization (DirectAuthorize) applicable to AD users/groups

PAS Permissions leveraging (AgentAuth) applicable to any supported directory users/groups.

Audit Trail

CEF-formated via Syslog

Not CEF-formatted via Event Table

Session Capture and Replay

Supported.  Requires Audit and Monitoring Service

Requires Active Directory for Collector, Management, Database and Consoles

Supported. Requires:

  • Audit and Monitoring Service 19.9 and up and PAS version 19.6 HF5.

  • Requires Active Directory for Collector, Management, Database and Consoles

SAPM Tooling

Binaries for Linux only.

Requires Centrify Client for Linux

Supported

Windows Server Operating Systems

Category Centrify Agent for Windows Centrify Client for Windows

Category

 

Centrify Client for Windows

Supported Platforms

All Microsoft-supported (64-bit)

 

  • Windows Server 2012 R2 (64-bit)

  • Windows Server 2016 (64-bit)

  • Windows Server 2019 (64-bit)

Workstation OS Supported

Yes

No

Supported Directory Sources

  • Active Directory

  • Active Directory

  • Centrify Directory

  • Lightweight Directory Access Protocol

  • Google Directory

Local Identity Management

Using Active Directory and Centrify Zones (Release 2020 - September)

Partial (on-demand provisioning and group mapping).

Authentication

Microsoft Built-in.

Centrify-provided brokered Authentication using SSL/TLS over REST against platform (clients work via the platform, connector talks to the target source directory)

Identity Assurance (MFA)

Supported via PAS Policy and Authentication Profiles

Supported via PAS Policy and Authentication Profiles

Frameworks

Microsoft Authorization Manager (RBAC)
Centrify Kerberos Extensions (Privilege Elevation)
Microsoft Credential Provider

Microsoft Credential Provider

Role-based Access Control

Active Directory with Centrify Zone Authorization (DirectAuthorize) applicable to AD users/groups

PAS Permissions leveraging (AgentAuth) applicable to any supported directory users/groups.

Audit Trail

CEF-formated via Application Event Log

Not CEF-formatted via Event Table

Session Capture and Replay

Supported.  Requires Audit and Monitoring Service

Requires Active Directory for Collector, Management, Database and Consoles

Supported. Requires:

  • Audit and Monitoring Service 19.9 and up and PAS version 19.6 HF5.

  • Requires Active Directory for Collector, Management, Database and Consoles

SAPM Tooling

Requires Centrify Client for Windows

Supported