Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8868:How to configure MFA for Centrify agent 5.4.0 or above with matched certificate?

Centrify DirectControl ,  

28 June,17 at 08:08 AM

Applies to:

Centrify DirectControl version 5.4.0 or above.

Question:
How to configure MFA for Centrify agent 5.4.0 or above with matched certificate?

Answer:

In Suite 2017, we have changed the following items which will affect the behavior when configuring MFA.

 

"The MFA mechanism (IWA) in the Centrify Admin Portal no longer support HTTP and requires HTTPS for security reason. The diagnostic tool, adcdiag, will fail the test if HTTPS is not available. Please ensure that the Centrify connectors are configured with HTTPS if you use this feature. (Ref: CS-40567, CS-40568, CS-40951)”

 
Due to the change above, in order to configure MFA for Centrify agent 5.4.0 or above, please ensure you have performed the following:

  1. Downloaded the IWA RootCA certificate from Admin portal (See below)
    User-added image

For mass-deployment, you can utilize group policy to deploy:
    - Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities

  1. On Admin Portal, change the cloud connector name to match the connector host certificate subject name / subject alternative name. Then save the change.

  2. On the *NIX box, run "adgpupdate"to get the certificate pushed immediately or wait up to 120 minutes for the next group policy update interval. Then run an “adflush –f” to get the setting updated.

After the steps above, you should now be able to MFA to the Linux machine with Centrify agent 5.4.0 or above.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.