Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-20123: Tenant URL Change FAQ for Centrify only

4 October,19 at 08:10 AM

This article describes customer actions which should occur at various stages of the move for Centrify only customers in relation to the overall process of splitting Idaptive and Centrify tenants.


The document is organized by impacted functional component. If not listed, the expectation is the functionality is not impacted.

  1. Why are Idaptive and Centrify performing these changes?
  2. What is changing?
  3. How can I tell if I have a Centrify only tenant?
  4. What is the timeline of the tenant splits?
  5. Will there be an impact on connectors?
  6. Will there be an impact to end-users?
  7. Will there be an impact to the existing applications?
  8. Will there be any impact to Analytics service?
  9. Will there be an impact to Privilege Access Service?
  10. Are there any required customer actions before the tenant split for Centrify only tenants?
  11. Are there any required customer actions after the tenant split for Centrify only tenants?
  12. Who should I contact for issues after the migration is complete?
  13. Who do I contact for other questions related to the migration?




1. Why are Idaptive and Centrify performing these changes?

As part of the business separation of Idaptive from Centrify, the migration of Application and Endpoint services from the Centrify cloud to Idaptive cloud is expected to start beginning October 2019. After the split, customers will have access to two independent tenants - an Idaptive tenant and a Centrify tenant.


2. What is Changing?

As the name implies, existing joint Idaptive and Centrify tenants will be split into two separate tenants. One tenant for Centrify functionality and experience within the Centrify production cloud service and one tenant for Idaptive functionality and experience within the Idaptive production cloud service.

The major impact for Centrify only customer is the tenant URL for Centrify cloud services will change from centrify.com to centrify.net and centrify.net will be available on September 30th, 2019. Both centrify.com and centrify.net URLs will continue to work as normal until the tenant split is completed, which will provide customers an opportunity to update any bookmarks and Centrify PAS integration URLs to centrify.net.

 

3. How can I tell if I have a Centrify only tenant?

Customers whose tenant have Centrify only :

User-added image

Customer whose tenant is a joint Idaptive and Centrify tenant:

 

User-added image

 

4. What is the timeline of the URL changes?

 

There is no hard-set timeline currently.  However, centrify.net will become available on 30th September 2019 and tenant splits will start in October. Centrify.com will continue to operate for Centrify only tenants until further notice.

 

5. Will there be an impact on connectors?

All connectors must be at or above version 19.5 before the split and it is required to follow the instructions mentioned in KB-17161: Preparing for the Tenant URL Change to centrify.net.

 

6. Will there be an impact to end-users?

After the migration, all existing bookmarks need to be updated with centrify.net domain. Customers should create new bookmarks in advance of the move.  We suggest that any Centrify Privileged Access Service (PAS) specific bookmarks be added/updated by those users who use PAS to <tenant>.my.centrify.net when available. Centrify (PAS) Android clients should be updated to version 19.5 or later prior to the migration and no changes needed for Centrify (PAS) iOS clients. And Centrify (PAS) clients must be online at least one day prior to migration in order for the device to receive a new tenant URL from the cloud.


7. Will there be an impact to the existing applications?

Custom scripts, applications or automation making use of OAuth credentials to call service API’s may need to be changed if targeted API is for Centrify functionality.  In this case, the client application needs to be changed to use the <tenant>.my.centrify.net URL.  For example, provisioning scripts that automatically enroll Linux/Windows clients or Linux docker containers,  the scripts need to convert have the target tenant URL to use the new centrify.net suffix.
 

8. Will there be any impact to Analytics service?

The Analytics service will continue to operate normally after the tenant migration. There will be no impact to Analytics service for Centrify only customers.

 

9. Will there be an impact to Privilege Access Service?

All existing PAS configurations will continue to operate as normal and there will be no impact to the Privileged Access Service functionality.

 

10. Are there any required customer actions before the tenant split for Centrify only tenants?

  • Multi-factor Authentication (MFA) - Customers need to ensure all connectors are at or above version 19.5 before the tenant split and it is required to follow Phase 1 of KB-17161: Preparing for the Tenant URL Change to centrify.net to explicitly define the MFA tenant URL to be the centrify.com domain. Once the migration is completed, it is required to follow Phase 2 of KB-17161: Preparing for the Tenant URL Change to centrify.net to configure MFA CDC agents, DZWin, and connectors to use the newer centrify.net domain.
  • Partner Management (Federation) - Customers need to update the Identity Service provider configuration or service provider metadata with the new <tenant>.my.centrify.net URL.
  • Applications - Custom scripts, applications or automation making use of OAuth credentials to call service API’s may need to be changed if targeted API is for Centrify functionality.  In this case, the client application needs to be changed to use the <tenant>.my.centrify.net URL.
  • Centrify Clients for Linux - Centrify Clients 19.5 or higher support transparent tenant split, which no configuration changes, re-enroll or restart is required. However, for older versions it is required to unenroll, re-enroll with the new URL settings or changing the URL setting manually if upgrade to Centrify Clients 19.5 version is not an option. Please refer to KB-19542: Steps to prepare URL changes for Centrify Clients 19.4 or below
  • U2F keys - U2F Keys must be re-registered by the user while signed into the Centrify tenant on the <tenant>.my.centrify.net URL. 
  • Bookmarks - Customers should create new bookmarks in advance of the move.  We suggest that any Centrify Privileged Access Service (PAS) specific bookmarks be added/updated by those users who use PAS to <tenant>.my.centrify.net when available.
  • Network and Firewall - Update firewall and network security to whitelist *.centrify.net. Customers should ensure connectivity to *.centrify.net prior to migration.
  • Anti-virus and Anti-malware application - Update anti-virus and anti-malware software to whitelist *.centrify.net. Customers should ensure connectivity to *.centrify.net prior to migration.

  • PAS integration - Customer will need to update the tenant URL for PAS specific integrations e.g. ServiceNow, SailPoint and Splunk for continued functionality.

    ServiceNow

      • Privileged Access Request app – The customer will need to update the tenant URL found in the properties tab to the centrify.net tenant URL and then execute a re-sync to ensure the data is up-to-date.  The sync log should be reviewed to ensure it contains no errors.  This should be done once centrify.net is available, pre-split, to avoid service disruption. No action required for Idaptive integrations.
      • Zone Role Workflow app – The customer will need to update the tenant URL found in the properties tab to the centrify.net tenant URL and then execute a re-sync to ensure the data is up-to-date.  The sync log should be reviewed to ensure it contains no errors.  This should be done once centrify.net is available, pre-split, to avoid service disruption. No action required for Idaptive integrations.

    SailPoint

      • Connector – For PAS integrations, customer will need to update the tenant URL by logging in as administrator (spadmin or equivalent) and navigating to Applications > Application Definition and then clicking on the Configuration tab in the connector application.  Test Connection should be clicked on to ensure successful connection.  No action required for Idaptive integrations.
      • SCIM – For PAS integrations, customer will need to update the tenant URL by logging in as administrator (spadmin or equivalent) and navigating to Applications > Application Definition and then clicking on the Configuration tab in the SCIM integration application.  Test Connection should then be clicked on to ensure successful connection. No action required for Idaptive integrations.

    Splunk

    For PAS integrations, customer will need to restart the syslogwriter container and use the centrify.net tenant URL.

For Idaptive and Centrify joint tenant, please refer to KB-18568-Centrify-and-Idaptive-Tenant-Split-Plan-and-Impact

 

11. Are there any required customer actions after the tenant split for Centrify only tenants?

  • Multi-factor Authentication (MFA) - Once the tenant split is completed, it is required to follow Phase 2 of KB-17161: Preparing for the Tenant URL Change to centrify.net to configure MFA CDC agents, DZWin, and connectors to use the newer centrify.net domain.
  • Mobile Devices - Centrify Android users must update their mobile client to 19.5 or later. If not updated to 19.5 prior to the split it will be necessary to unenroll and re-enroll the device to the centrify.net tenant URL. No action required for iOS. Centrify (PAS) clients must be online at least one day prior to migration in order for the device to receive a new tenant URL from the cloud.

For Idaptive and Centrify joint tenant, please refer to KB-18568-Centrify-and-Idaptive-Tenant-Split-Plan-and-Impact

 

12. Who should I contact for issues after the migration is complete?

If you encounter any production issues after the migration, Centrify Technical Support is the primary place to report or escalate any issues. For urgent assistance, please contact support at https://www.centrify.com/support or call our support line at:

North America: 1-877-531-7809
APAC: +1 (669) 444-5200 Option 2
EMEA: +44 (0) 203-490-0146

Sometimes, the best way to solve a problem is to grant Centrify support read-only access to your tenant so engineers can review your tenant configuration. For more information, please refer to Centrify Online Documentation.


13. Who do I contact for other questions related to the migration?

If you have questions related to the migration or the FAQ's, please contact Centrify Support at https://www.centrify.com/support.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-17161: Preparing for the Tenant URL Change to centrify.net articleKB-20836: Tenant Migration FAQ for joint customers of Centrify and Idaptive article[Labs] Using Centrify MFA to secure AWS WorkSpaces with Simple AD article[LABS] Setting-up the MFA for Servers feature of Centrify Server Suite 2016 articleKB-19542: Steps to prepare URL changes for Centrify Clients 19.4 or below article[Labs] Setting-up an AWS Test Lab for Centrify articleKB-11539: Centrify Only - Customer Branding Changes article[TIPS] A Centrify Server Suite Cheat Sheet articleHOWTO: Implement MFA on Centrify Express for UNIX/Linux