Preparing a role for authentication is particularly useful If you are automating the deployment of virtual machine instances using a script. By specifying one or more roles in the script using the --agentauth option, you can ensure users can log on immediately after the system is successfully registered.
For example, an automation script might include a command similar to the following to register a computer in the Privileged Access Service and enable members of the Authorized Accounts role to log on:
sudo cenroll --tenant abc1234.my.centrify.net--code A1BC2345-D6E7-89F0-G123-HIJK4LM5N67P --features all --agentauth “Authorized Accounts”
For example, if the computer you registered was centos-6.cpubs.net and you specified Authorized-Users and Authorized Accounts as the roles than can have members authenticated, the system would automatically add these roles to the system with the Agent Auth permission set.
The role you use for client-based login does not require any special administrative rights.