Centrify Zone Provisioning Agent (ZPA) version 5.2.3 and lower on all platforms
When configuring the service account for ZPA, an issue is encountered when attempting to select a managed service account (MSA) that allows you to create an account in AD that is tied to a specific computer.
When going into a zone to delegate control for this service account, it does not give the option to lookup service account, it only displays 'User/Group/Computer'. After added the service account in local security settings, console does not display or can find the MS Windows service account.
ZPA and Access Manager relies on a Microsoft API that does not support selecting an MSA. As a result, when you try to select the MSA object type there is no option for it.
MSA is now supported for use with ZPA in Suite 2016