Centrify Privileged Services can be used to managed systems in the enterprise, but first these systems need to get added to the Centrify Privileged Services portal. Centrify Privileged Services gives you four different ways to add your enterprise systems to the Centrify Privileged Services Portal, these are;
- Adding systems Manually: In this format, you can add one system at a time.
- Running a discovery Job: In this format, you can create a discovery profile to identify the types of systems in which you are interested-such as Windows or UNIX computers then proceed to run the Discovery job to scan the network for the systems that match the criteria you have specified.
- Bulk Import method: This format will let you download a CSV file template that you can populate with the systems that you want to add to your Centrify Privileged Services Portal.
- The Windows PowerShell import script: For this method, you will run an interactive Windows PowerShell script and use it to import systems to your Centrify Privileged Services portal. To read more about this, please see this TechBlog
In this article, we will focus on Option 3-adding systems to the Centrify Privileged Services portal using the Bulk Import method.
The steps in this article assume that you already have an existing Centrify Privileged Services portal set up :
Navigate to the Infrastructure> Systems section of the portal and click the Import button at the top of the page:
Upon clicking the import button, a new "Import" window opens, please click the "Bulk System Import Template" and download the file
Proceed to open the CSV template file, notice that it has template fields already populated, please edit the file with the systems you want to import. For my case, I want to import 6 systems, 3 Unix and 3 Windows systems along with the local accounts on the systems.
After saving the file, please upload the CSV file to your Centrify Portal, the import process runs in the background and depending on the number of systems and accounts you are importing, the process might take some time to complete. When the process completes, you will receive an email notification of the results when the import process is complete.
The notification email looks something like this:
As you can tell from the email above, only 5 of the 6 systems got imported successfully, the email is helpful enough to tell which system did not get imported by looking at the row referenced in the email. In my case it is row 7 which is the windows machine, please see the image below to see why it failed to get imported
Notice that the import job process could not find a Computer class type "Wlndows" so, proper spelling matters in this csv file, in order to fix this, I corrected the spelling error and re-imported the system. For the systems that successfully got imported you should be able to see them listed under the systems tab
If you also imported local accounts in addition to the systems, you should see the successful accounts listed under the Accounts tab, in the image below, the imported accounts have been marked, please see:
Once the import is done, we now focus on the really visible Red exclamation signs that are listed along the systems, and if you notice we see that the systems that have this Red exclamation sign have the "Unreachable" status in the "Last Test Result" column. We want our systems to be reachable, otherwise whats the point of adding them to the Centrify Privileged Services portal?
For the systems that are showing unreachable status, please click into the system itself, select "Test Connection" If the test connection test fails, the first thing I check is the status of the connectors, to make sure they are all up and running.
For my case, the Connector was in connected mode but the "Test connection" test was still failing.
- I clicked into the machine, clicked "Settings" tab and replaced the DNS Name with the IP Address of the machine under the DNS Name/IP Address field. After saving the changes and re-running the Test Connection test, the test connection was successful.
Since I also added accounts along with the systems to my Centrify Portal, I want to make sure that the accounts I added along with the systems can be used to log into the machines via the Centrify Privileged Services Portal.
This can be done by either navigating to the Infrastructure>Accounts tab and then locating the accounts you imported here OR we could navigate to Infrastructure> Systems tab and click into the system itself then click "accounts", in the accounts section we see the account that was imported with the system.
Click into the account and select "Verify credential" option, this "Verify credential" test verifies whether the user account and password of the machine imported is the correct one.
For my case the "verify credential" test failed for my "discovery" user account, The other test I tried is to; click the user account> click actions> select "Login"
The user account "discovery" is able to login to the machine successfully, so we know that the credential is fine and the "Verify credential" test should have passed successfully.
In my case, the Domain network settings firewall was turned on, I turned off the windows firewall for the Domain network settings and was able to pass the "Verify Credential" test successfully.
To learn more about Centrify Privileged Services, please see the Centrify Privileged Services administrator's guide