Most organizations that deploy the Centrify Agent on Linux or UNIX computers have an existing user population to migrate to Active Directory, and hierarchical zones make the most sense. However, multiple zones are not required for all situations. You can greatly reduce the time required and complexity of your deployment if a single zone suits your organization’s needs. This type of zone is created automatically when computers join the domain using the --workstation option.
An Auto Zone automatically enables all of the users and groups in an Active Directory forest to become valid users and groups on the Linux and UNIX computers that join the Auto Zone.Their profiles are generated automatically and there’s no need to manage account profiles, access rights, privileges, or delegated administrative tasks.
You should only use the Auto Zone option if your organization meets the following requirements:
- You are not migrating an existing user population.
- You want to automatically generate profiles for all or most Active Directory users and groups without managing identity attributes.
- You don’t want to configure and manage role-based access rights and privileges or role assignments.
If you are using an Auto Zone, you cannot use the local account management feature as described in Managing account profiles and identity attributes
You can configure multi-factor authentication for both licensed and Express agents to control access to Centrify-managed Linux and UNIX computers. For licensed agents, you can also require multi-factor authentication to run privileged commands in an Auto Zone. However, the implementation is slightly different than in hierarchical zones, so some of the steps differ depending on the type of zone where you want to use multi-factor authentication. For details about configuring multi‑factor authentication, see the Multi-factor Authentication Quick Start Guide.