Preliminary Notes:

You have to setup a Cloud Tenant from Centrify by registering an email with Centrify or Centrify Authorised Reseller.

Once the Tenant has been setup, the login link should have been sent to the email you have provided.

You will need to setup the 2FA Connector VM on premise. The recommended specification of the connectors. Port 443 should be opened for the VM.

• 4 Core; 8GB RAM; 100 GB HDD; Windows 2016 or later

At the Active Directory

1. Create UNIX computer group in AD if not already created
2. Add the UNIX computers that will require 2FA to the UNIX group
3. Create a UNIX Users group if not already created
4. Add Users that will require 2FA to the UNIX user group
5. Add the IWA root CA Certificate to the Centrify GPO. The IWA Certificate can be downloaded from the Centrify cloud but the connector needs to be setup first before we can download the IWA Certificate.

At the CentOS Server

Copying the IwaTRustRoot.pem Certificate to CentOS Linux Server

1. Change the extension of the IWA certificate that was downloaded from .cer to .pem
2. For CentOS, please copy the certificate to this location /etc/pki/ca-trust/source/anchors/ in the test server.
3. Copy the cert to /var/centrify/net/certs as well

Configure the SSH settings

# vim /etc/ssh/sshd_config

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no


# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes

Restart the SSHD Services

# systecmtl restart sshd.service

Restart the Centrifydc services

# /usr/share/centrifydc/bin/centrifydc restart

Active Directory Flush

# adflush -f