Because multi-factor authentication for Centrify-managed computers relies on the infrastructure provided by the Centrify Identity platform, there are steps that require access to a Centrify Identity platform instance and the administrative portal. As a preview, here are the steps involved in preparing the identity platform to support multi-factor authentication for Centrify‑managed computers:
- Register for the Centrify Identity platform.
- Install and configure at least one Centrify connector for communication with the Centrify Identity platform. Your machine account must have login access to the connector machine.
- Verify the users who are required to provide more than one form of authentication have valid Active Directory accounts that are active in the Centrify Identity platform.
- Add or select the authentication profiles that specify the types of authentication challenges to support.
- Create a role with the appropriate computer members and administrative rights for multi‑factor authentication.
- Verify the server authentication instance URL you want to use if you have access to more than one authentication instance.
After you have completed the preliminary steps, you can assign users the predefined require MFA for login role or, for users of UNIX and Linux machines, a custom role with the Require multi-factor authentication for login system right to require two-step authentication when logging on. These preliminary steps are also required if you want to create command rights that require two-step authentication when executing commands using elevated privileges (dzdo) or in restricted shell (dzsh) environments on UNIX and Linux machines, or when creating roles with elevated Windows rights.