Comparing Centrify Clients to Server Suite Agents

In general, you use Centrify Clients with Centrify PAS on systems that are as follows:

  • May or may not be joined to Active Directory
  • You create as a virtual instance for a short period of time
  • Log in with accounts from alternate directory sources

You use the Server Suite Agents (Centrify Agent for *NIX and Centrify Agent for Windows) with Centrify Server Suite for systems that are as follows:

  • Joined to Active Directory
  • Where you need the Privilege Elevation service

The following tables compare Centrify Client for Windows and Centrify Client for Linux that you download from the Admin Portal to the agents that come with the software for Centrify Server Suite.

The Centrify Agent for *NIX and Centrify Agent for Windows come with the software for Centrify Server Suite.

Clients and agents for UNIX and Linux Operating Systems

Category Centrify Agent for *NIX Centrify Client for Linux

Supported Platforms

See the Server Suite release notes, which are available in your download package or online. The latest Server Suite release notes are here.

 

See Centrify Client supported platforms

Workstation OS Supported

Yes

Yes

Supported Directory Sources

  • Active Directory

  • Active Directory

  • Centrify Directory

  • Lightweight Directory Access Protocol

  • Google Directory

You can also federate with other directories by way of SAML, such as Azure AD, Okta, and so forth. For details, see How to set up business partner federation.

UNIX Identity Management

  • Auto-generated from Centrify or Apple schemes

  • Centrify Zones via Centrify Standard, RFC-2307, SFU

You can specify Unix profile information on users and roles, and also do bulk import of Unix profiles.

For more information, see Specifying UNIX profile information and Importing bulk Unix profiles.

Authentication

Kerberos with NTLM fallback (clients work directly against Active Directory).

Brokered Authentication using SSL/TLS over REST against platform (clients work via the platform, connector talks to the target source directory)

Identity Assurance (MFA)

Supported via PAS Policy and Authentication Profiles

Supported by way of Centrify PAS Policy and Authentication Profiles

Frameworks

Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
Kerberos Protocol

Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
REST API

Role-based Access Control

Active Directory with Zone Authorization (DirectAuthorize) applicable to AD users/groups

PAS Permissions leveraging (AgentAuth) applicable to any supported directory users/groups.

Audit Trail

CEF-formated by way of Syslog

Not CEF-formatted by way of the Event Table

Session Capture and Replay

Supported.  Requires Audit and Monitoring Service

Requires Active Directory for Collector, Management, Database and Consoles

Supported. Requires the following:

  • Audit and Monitoring Service 19.9 and up and Centrify PAS version 19.6 HF5.

  • Requires Active Directory for Collector, Management, Database and Consoles

SAPM Tooling

Binaries for Linux only.

Requires Centrify Client for Linux

Supported

Windows Server Operating Systems

Category Centrify Agent for Windows Centrify Client for Windows

Category

 

Centrify Client for Windows

Supported Platforms

All Microsoft-supported (64-bit)

 

  • Windows Server 2012 R2 (64-bit)

  • Windows Server 2016 (64-bit)

  • Windows Server 2019 (64-bit)

Workstation OS Supported

Yes

No

Supported Directory Sources

  • Active Directory

  • Active Directory

  • Centrify Directory

  • Lightweight Directory Access Protocol

  • Google Directory

Local Identity Management

Using Active Directory and Centrify Zones (Release 2020 - September)

Partial (on-demand provisioning and group mapping).

Authentication

Microsoft Built-in.

Centrify-provided brokered Authentication using SSL/TLS over REST against platform (clients work via the platform, connector talks to the target source directory)

Identity Assurance (MFA)

Supported by way of Centrify PAS Policy and Authentication Profiles

Supported by way of Centrify PAS Policy and Authentication Profiles

Frameworks

Microsoft Authorization Manager (RBAC)
Centrify Kerberos Extensions (Privilege Elevation)
Microsoft Credential Provider

Microsoft Credential Provider

Role-based Access Control

Active Directory with Zone Authorization (DirectAuthorize) applicable to AD users/groups

Centrify PAS Permissions leveraging (AgentAuth) applicable to any supported directory users/groups.

Audit Trail

CEF-formated by way of the Application Event Log

Not CEF-formatted by way of the Event Table

Session Capture and Replay

Supported.  Requires Audit and Monitoring Service

Requires Active Directory for Collector, Management, Database and Consoles

Supported. Requires:

  • Audit and Monitoring Service 19.9 and up and Centrify PAS version 19.6 HF5.

  • Requires Active Directory for Collector, Management, Database and Consoles

SAPM Tooling

Requires Centrify Client for Windows

Supported