Preparing to use multi-factor authentication

This guide is intended for UNIX or Windows administrators who intend to configure multi-factor authentication for computers managed by Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service.

Configuration information for Centrify customers who are not using authentication, privilege elevation, and audit and monitoring services to manage their environment, but want to configure multi-factor authentication to log in Windows computers, should go to Downloading the Centrify Agent for Windows.

There are two separate scenarios for which you might want to require multi-factor authentication:

  • Login access to Centrify-managed computers.
  • As part of a re-authentication process so that users who are attempting to use Application, Network, and Desktop rights on Windows machines, or command rights with elevated privileges or in a restricted shell on UNIX machines, must provide a password and another form of authentication before they can execute the selected command.

With these two scenarios in mind, you can configure multi-factor authentication based on user roles or computer roles, for specific applications, or for individual commands. You can also skip multi-factor authentication for applications that do not support it or for other reasons on a case-by-case basis by enabling and applying group policy or by setting configuration parameters.