Configuring auto-enrollment

Centrify uses the Microsoft Windows certificate auto-enrollment feature to make certificates available to UNIX and Mac computers. If auto-enrollment is enabled, when a UNIX or Mac computer joins a domain, certificates are requested from the Certification Authority based on particular templates, and the certificates are installed on the joined computer.

To enable auto-enrollment:

  • Enable auto-enrollment for the group policy.
  • Create a certificate template with auto-enrollment enabled.

Note:   As of MacOS Big Sur (11.0), Apple no longer allows silently adding root certificates to Keychain with a trusted setting. If there are some root certificates installed from your domain by the Centrify Agent, the Centrify Certificate Trust Setting Tool will open automatically. Please follow the instructions to set certificates as trusted.