Adding a role for client-based login

To simplify the process of authorizing users, however, you can add one or more roles specifically for client-based login. You can then specify the appropriate roles during registration to immediately grant role members access to the system.

Preparing a role for authentication is particularly useful If you are automating the deployment of virtual machine instances using a script. By specifying one or more roles in the script using the --agentauth option, you can ensure users can log on immediately after the system is successfully registered.

For example, an automation script might include a command similar to the following to register a computer in the Privileged Access Service and enable members of the Authorized Accounts role to log on:

sudo cenroll --tenant A1BC2345-D6E7-89F0-G123-HIJK4LM5N67P --features all --agentauth “Authorized Accounts”

For example, if the computer you registered was and you specified Authorized-Users and Authorized Accounts as the roles than can have members authenticated, the system would automatically add these roles to the system with the Agent Auth permission set.

The role you use for client-based login does not require any special administrative rights.