Authorizing access for the service user

A service user is a user account associated with a Centrify Client on a managed Linux computer. The credentials associated with this account are used to authenticate the service when it attempts to perform an operation on a server. Therefore registering a computer and authorizing a service user to access registered computers are key to enabling application-to-application password management.

You should note that a connector is not required to register a computer as an account in the Privileged Access Service. However, you must have a connector installed to support:

  • Remote access to computers using secure shell sessions or remote desktop connections.
  • The ability to change local account passwords for application-to-application password management (AAPM).

Therefore, if you want to support remote access or enable application-to-application password management, you must have at least one connector installed.

By default, the service user is assigned the Grant, Edit, and Delete permissions on its registered computer and can be used to set passwords for accounts on that computer. For the service user to get passwords for local accounts or for accounts on another computer, however, you must grant the service user Checkout permission. This additional step is required to support application-to-application password management. For more information about setting and retrieving passwords for application-to-application password management, see Managing passwords for services.