Centrify DirectControl 5.5.0 running on Mac OS X 10.12 and higher.Question:
How to setup Keychain synchronization on Centrify DirectControl 5.5.0?Answer:
With Centrify DirectControl 5.5.0 it has the capability to detect when a user's AD password has been changed and prompt the enduser to get their passwords back in sync. It will give the option to store the AD password in the Keychain if the enduser would like. Note: Password changes can only be detected when the machine is in connected mode.
1. You are will need to enable Keychain Sync by going to: Group Policy Management Editor > Computer Configuration > Policies > Centrify Settings > Mac OS X Settings > Security & Privacy > Enable Keychain synchronization. The default value is 30 minutes.
2. If this policy is enabled, the current login user will receive a password change notification when his/her password is changed remotely.
3. If the user clicks clicked on "Yes" the following Centrify Keychain Sync notification will appear. Prompting for the previous password and the current password.
4. Once entered correctly the following Centrify Keychain Sync notification will appear. Prompting that logout and login will be needed to sync the FileVault password.
5. If the user clicks on "No" the following Centrify Keychain Sync notification will appear. Prompting for the current password to have that as the new keychain password.
6. When entered correctly the Centrify Keychain Sync notification will appear that it needs to restarted to update the Keychain.