Installing authentication, privilege elevation, and audit and monitoring services and updating Active Directory

When you install Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service, components for the following features are installed:

  • The Centrify Identity Services Platform, which enables MFA login, endpoints, and other platform services.
  • The Centrify Privilege Elevation Service, which enables users and zone-joined computers to have elevated privileges.
  • The Centrify Audit & Monitoring Service, which enables audit and monitoring service data to be collected and stored.
  • The Centrify Agent for Windows, which enables each computer where the agent is installed to be managed by Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service software.
  • The Centrify Licensing Service, which works together with Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service components to monitor and report usage and activity for all types of Centrify licenses. For more information about the licensing service, see the License Management Administrator’s Guide

You can select which features to install from the Centrify setup program.

After authentication, privilege elevation, and audit and monitoring services are installed, you must enable some or all of them on each agent-managed computer. The enablement step lets you decide which services are available on each agent-managed computer.

Things to remember

  • At least one zone must be created before an agent-managed computer can be enabled to use the identity and privilege management features that you install. If no zones are available, the agent-managed computer will not have the option of being joined to the authentication and privilege elevation services.
  • When the Centrify agent is upgraded or when it adds the Centrify Identity Services Platform, a corporate endpoint enrollment is performed in the Privileged Access Service. The endpoint device moves into the endpoint category and the device is marked as corporate owned.