Setting group visibility for clients

If you use Privileged Access Service to support authentication services, you can select the Privileged Access Service roles you want to make available as valid groups on registered computers.

Note:   You can only view or delete roles from the Group Visibility page; you cannot add new roles to this page. Instead, you can make any role in Privileged Access Service available as a local group by editing the role directly.

To make a role visible as a valid group for clients:

  1. In the Admin Portal, click Settings > Enrollment to display the settings available for Privileged Access Service.
  2. Click Group Visibility under the Centrify Agent section.
  3. Click Add.
  4. Type a search string or scroll to locate a role you want to make visible as a group on registered computers, then click Select.

Note:   Role names that are available as valid groups on registered Linux computers and include one or more commas (such as role,name) are displayed on Linux computers as a concatenation of the role name, where commas are replaced with underscores and a random suffix is appended to the end of the name (for example, role_name_FNVO). Subsequent queries on the name (role,name or role_name_FNVO) return the same result (role_name_FNVO).