Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11077: How to Reduce the Time to Update the Cloud Cache when Adding a Computer into the MFA Role

Privileged Access Service ,  

18 October,18 at 03:07 PM

Question:
  
When a new machine is added to the tenant role that enables MFA, the cloud cache must be updated before the role is realized for that machine.  The time that is required to update the cache is variable and can sometimes be long.  Is there a way to reduce the time required to enable MFA on a specific machine?

Answer:
  
A technique to add computers to the MFA role in the tenant that quickens the time needed to realize the changes, is to put the computer into an AD (Active Directory) group and then add the AD group as a member of the role on the tenant.

In this example, the AD group created is named cfyC_MFA-computers.
The machine, cps-rhel2, is a member of the AD group.
 
User-added image

In the tenant, the AD group needs to be added as a Member of the MFA role, i.e. MFA-Computers-All
    
 
User-added image
 

Using the technique above, the performance of the cloud cache for the role is improved and the machine will realize the MFA-Computers-All role quicker than being added as an individual machine.  Each time a new machine is required to have MFA, add the machine to the AD group and it will automatically belong to the role on the tenant.
  
User-added image

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6041: How to show current license type in use by adclient articleKB-3925: How to add Centrify parameter to a group policy articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-11071: Logging Into a Windows Machine that is MFA Enabled, the Message is Seen "Unable to load profile: Profile does not exist" articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out?