Applies to: Centrify Identity Service, Centrify Privilege Service
Our organization registered for the Centrify Cloud Service and has decided to retire the tenant instance. Is there a method for the tenant to be removed or disabled?
Centrify Cloud Tenants do not need to be removed in the current version as there is no actual Active Directory data replicated to the service. When a user becomes “known” to the service (either by being invited to the service, by being provisioned to a downstream app, or through an authentication processed by our service) certain contact attributes are cached for the user record.
All data is encrypted and is only shared with the User himself/herself, and administrators who you have given the rights to see this data.
The following data appears in the drill-down of a user if known by AD:
- First Name
- Last Name
- Email Address
- Office Number
- Mobile Number
- Home Number
- Manager / Direct Reports
- Group membership
In addition, to the above attributes, all publicly readable properties of the user in AD (i.e. account state, password expiration date, etc.) are cached by the service to optimize performance.
Note: Disabling a cloud tenant will prevent all portal and application access and could cause production impact.
Customers may choose to perform the following steps if the tenant is no longer used and prior to any tenant disable:
- Login to the tenant Cloud Manager at https://cloud.centrify.com/manage
- Select the Users tab and delete all user accounts (Active Directory accounts will be removed from cloud portal view only - not AD)
- Select the Apps tab and delete/remove all deployed applications - be sure to first remove user access and federation settings prior to deleting any app.
- Select the Devices tab and unenroll / delete all mobile devices, then delete all devices from the list.
- Select the Roles tab and delete all created roles.
- Select the Policies tab and delete all created policies.
- Select the Settings tab and delete or rename all login suffix entries (append with "-old" for example), corporate IP range and provisioning settings.
- Uninstall the AD cloud connector and extensions (if installed).
- Online help is also available for completing the above tasks.
Centrify does not currently provide a user-selectable option to delete or reset the tenant to defaults at this time.
Also, when swapping tenants, it is recommended to first rename any login suffix entries in the original tenant so they can be reused in the new tenant.
Once the suffix entries are available for use, simply re-register the cloud connector using any system administrative account available in the new tenant. Once the connector has completed registration, new login suffix entries will automatically be entered in the new tenant.