"The MFA mechanism (IWA) in the Centrify Admin Portal no longer support HTTP and requires HTTPS for security reason. The diagnostic tool, adcdiag, will fail the test if HTTPS is not available. Please ensure that the Centrify connectors are configured with HTTPS if you use this feature. (Ref: CS-40567, CS-40568, CS-40951)”
Centrify DirectControl version 5.4.0 or above.
How to configure MFA for Centrify agent 5.4.0 or above with matched certificate?
In Suite 2017, we have changed the following items which will affect the behavior when configuring MFA.
Due to the change above, in order to configure MFA for Centrify agent 5.4.0 or above, please ensure you have performed the following:
Downloaded the IWA RootCA certificate from Admin portal (See below)
For mass-deployment, you can utilize group policy to deploy:
- Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities
On Admin Portal, change the cloud connector name to match the connector host certificate subject name / subject alternative name. Then save the change.
On the *NIX box, run "adgpupdate"to get the certificate pushed immediately or wait up to 120 minutes for the next group policy update interval. Then run an “adflush –f” to get the setting updated.
After the steps above, you should now be able to MFA to the Linux machine with Centrify agent 5.4.0 or above.