Privileged Access Service includes a privileged identity management service that enables you to manage passwords and account information for systems, domains, databases, services, and secret text strings or files that contain secret information. You have the option to deploy the Privileged Access Service using the cloud-based services or you have the option to deploy the Privileged Access Service on-site in your own network, in a private cloud, or in a public cloud instance you manage. You can deploy Privileged Access Service with passwords managed securely using the Centrify cloud-based platform or onsite deployment, using a key management appliance such as SafeNet KeySecure, or using an infrastructure of your choice, such as an internal firewall-protected network, a private cloud, or a public cloud instance such as Amazon Web Services (AWS).
Cloud-based—Centrify cloud-based products and services rely on the connectors you install and configure for your organization. The connector acts as a gateway between your internal network and the Centrify cloud-based services you use.
At least one connector is required if you are connecting Active Directory domains on your internal network to Centrify services hosted on the Internet. In addition, the Privileged Access Service requires one or more connectors to enable the network connections to IT systems. Multiple connectors can be installed to support fail over and load balancing.
Customer-managed—If you are deploying the Privileged Access Service inside of the firewall for your organization, you will install and configure an on-site connector and all of the required infrastructure components and services on a single Windows computer on your internal network. At least one connector is required. You can, however, install additional connectors to support fail-over and load balancing.
As an on-premise solution that you deploy and manage yourself, Privileged Access Service replicates the infrastructure provided by the Privileged Access Service platform without requiring any access to any cloud based service or any internet connectivity. After you install the basic infrastructure, however, you can choose to host one or more tenants internally on your own network inside of the firewall, or you can use an internet-based third party to host tenants through site to site VPN connections.
After you install Privileged Access Service, you use the Admin Portal to add, manage, and access the systems, domains, databases, services and corresponding accounts you add to the service.
If you are using Active Directory/LDAP to store user accounts, want to continue using it as your primary identity store, and want to continue using the same tools (for example, Active Directory Users and Computers) to manage users and mobile devices, you need to install the Centrify Connector before you can see the Active Directory/LDAP groups when you add users to roles. For more information, see How to install a Centrify Connector. If you use only the Privileged Access Service as your identity store, you do not need to install anything. Everything is configured using Admin Portal. See Selecting an identity repository for more information on the different identity repositories.