Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

[HOWTO] Configure Centrify Authentication Service with an AWS Managed Microsoft Active Directory

Authentication Service ,  

28 October,20 at 05:24 PM

This article seeks to provide a guide to setting up Centrify Authentication Service with an AWS Managed Microsoft® Active Directory (AD). By the end of this article, you should have a basic working configuration of Centrify Authentication Service using an AWS Managed Microsoft AD.

Below is a list of prerequisites to configure Centrify Authentication Service:

  1. If not already configured, you will need to launch an AWS Managed Microsoft AD.
  2. You will also need a Windows Server EC2 instance created and joined to the AWS Managed Microsoft AD.
  3. You will also want to download the Centrify Authentication Service media to your EC2 instance.
  4. Make sure you have an AD account with enough permissions to add OUs, Containers, Users, and Groups to the AWS Managed Microsoft AD. I used the default Admin user given to me when I set up the AWS Managed Microsoft AD.

 

Once you have the above prerequisites checked off, you can begin the installation and configuration of Centrify Authentication Service. This will be a pretty normal installation of the services, but some changes are made to the configuration due to the way that an AWS Managed Microsoft AD works.

To start, you will want to run the autorun.exe and select Authentication & Privilege at the beginning of the installer.

 

User-added image

 

You can perform the installation of Microsoft SQL Server Compact for Sudoers Import if you would like. I have skipped it for this how-to.

 

User-added image

 

Enter the User Name and Organization information.

 

User-added image

 

Again, for simplicity's sake, I chose not to install Centrify Report Services, as it is not in the scope of this how-to.

 

User-added image

 

I kept the default installation location; however, you can change it if you wish.

 

User-added image

 

Once you have completed the installation, launch the Centrify Access Manager MMC and connect to your AD forest. As you can see my Domain Controller is automatically populated, if this does not happen for you, it may be because you are not logged into the EC2 instance as a Domain User.

 

User-added image

 

I chose to use the currently logged in credentials for configuration; however, you can specify the credentials of another user if needed.

 

User-added image

 

I recommend checking the Generate the Centrify recommended deployment structure so that the confirmation wizard can create an AD Container structure for you.

 

User-added image

 

At this point, we will need to start altering the default locations as an AWS Managed Microsoft AD has some restrictions.

 

In the next window, you will want to choose a valid location to deploy the Centrify container structure. As an AWS Managed Microsoft AD only gives you permissions over your Domain OU, you will want to select it as the location. Mine is the stormten OU under the stormten.ninja directory.

 

User-added image

 

Make sure the generation of your deployment structure completes successfully.

 

User-added image

 

We will need to specify the license container as we did not deploy to the default location and do not have permissions to the default location in AWS Managed Microsoft AD.

 

User-added image

 

If you generated the deployment structure as I did, the licenses container can be found in [Domain OU] > Centrify > Licenses

 

User-added image

 

You will also need to specify a different location for your Centrify Zones Container. Mine is located in [Domain OU] > Centrify > Zones

 

User-added image

 

We will not be able to configure the next two options due to limitations with an AWS Managed Microsoft AD. We can not alter the schema of AD because it is managed by AWS. This means we can not configure the Administrative Notification Handler and the Centrify Profile Property Pages.

 

User-added image   User-added image

 

Once you complete the configuration wizard, the installation and configuration of Centrify Authentication Service with the AWS Managed Microsoft AD is complete.

 

User-added image

 

You can now create your Centrify Zones and populate them by Computers, Users, and Role Assignments.

You can visit this link for more information on the limitations of an AWS Managed Microsoft AD:

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html 
Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.