Configuring the agent

By default, when you click Finish, the setup program opens the agent configuration panel. In the agent configuration panel, you can enable the agent to connect to Centrify services that are installed on the main administrative computer as described in Installing authentication, privilege elevation, and audit and monitoring services and updating Active Directory. After a service is enabled, you can use the agent configuration panel to configure settings that define how the agent will interact with each service.

The first time the agent configuration panel opens, it does not display any services for you to enable. Services display in the agent configuration panel only after you manually instruct the configuration panel to check for services and display those that are eligible to be enabled.

Only services that are installed and configured as required are eligible to be enabled. For example, if you installed the Privilege Elevation Service earlier (as described in Running the setup program on a Windows computer) but did not create a zone, the Privilege Elevation Service does not display on the list of services that you can enable.

To enable services using the agent configuration panel:

  1. If the agent configuration panel is not open, open it by clicking Agent Configuration in the list of applications in the Windows Start menu.
  2. In the agent configuration control panel, click Add service.

    All Centrify services that are available to be enabled are displayed.

  3. In the list of Centrify services, highlight a service and click OK.

  4. Provide additional information about the service that you are enabling:

    • Centrify Audit & Monitoring Service:

      In the Select an Audit Installation page, select an audit store from the list of available audit stores. Click Next, and the computer is connected to the audit store.

    • Centrify Identity Services Platform Settings:
      1. In the Connect to Identity Platform page, type the URL of the identity platform instance to connect to, or select an instance from the list of registered platform instances in the forest. Click Next.
      2. In the Multi-factor authentication for Windows Login page, ensure that the check box to enable multi-factor authentication is selected. Next, use the All Active Directory accounts button or Accounts below button to specify which Active Directory accounts are enabled for multi-factor authentication login. If you select Account below, use the Add and Remove buttons to select accounts. Click Next when you are finished.
    • Centrify Privilege Elevation Service:
      1. In the Join to a zone page, type a zone or select a zone from the list of available zones. You can also choose to select the option to retrieve the zone data before the computer restarts. This option can be helpful in situations where you might lose connection to the domain after restarting, such as when you're using a VPN connection.

        Click Next, and the computer is joined to the zone.

      2. After the computer is joined to a zone, you must reboot the computer to activate all privilege elevation service features on the computer.

        If the zone that you select is already configured with a Privileged Access Service tenant, the message Centrify Identity Services Platform enabled displays after the computer joins the zone. In this situation, the instance is managed by the zone, and is shown as read-only.

  5. To add additional services, click Add service and repeat the preceding steps.

    When you are done, the services that you enabled are shown in the Enabled services section of the agent configuration panel.

  6. If necessary, continue to configure Centrify services after their initial configuration during enablement as described in these sections: