If you use Privileged Access Service to support authentication services, you can select the Privileged Access Service roles you want to make available as valid groups on registered computers.
Note: You can only view or delete roles from the Group Visibility page; you cannot add new roles to this page. Instead, you can make any role in Privileged Access Service available as a local group by editing the role directly.
To make a role visible as a valid group for clients:
- In the Admin Portal, click Settings > Enrollment to display the settings available for Privileged Access Service.
- Click Group Visibility under the Centrify Agent section.
- Click Add.
- Type a search string or scroll to locate a role you want to make visible as a group on registered computers, then click Select.
Note: Role names that are available as valid groups on registered Linux computers and include one or more commas (such as role,name) are displayed on Linux computers as a concatenation of the role name, where commas are replaced with underscores and a random suffix is appended to the end of the name (for example, role_name_FNVO). Subsequent queries on the name (role,name or role_name_FNVO) return the same result (role_name_FNVO).