Working with zone role workflow

You can enable zone role workflow in the Admin Portal so that your users can request access to systems in particular zones. Enabling zone role workflow requires having a Centrify Connector installed in the domain. For improved performance, you can also install the Centrify Client on the affected systems.

For details about how to enable zone role workflow, see Using zone role workflow

Using zone role workflow with the Centrify Connector

If you set up zone role workflow with just the Centrify Connector, be aware that there will be a delay between when the approver approves the request and when the user can access the affected systems. Although the Centrify Connector updates Active Directory immediately after the approver approves the request, a delay occurs because it can take some time to replicate the Active Directory information and also because the Centrify Agent reloads authorization information from Active Directory at specified intervals.

Using zone role workflow with the Centrify Client

If you set up zone role workflow and also install the Centrify Client (so that you'll have installed both the Centrify Agent and the Centrify Client), then there is no delay. Once the designated approvers approve the request, the user can access the specified system(s) immediately. The Centrify Client uses the client channel in the background to securely communicate with the Centrify Agent.

Note:   For deployments that have zone role workflow enabled for use with the Centrify Client, the affected systems must have Python 3.4 or later is installed.