You have to setup a Cloud Tenant from Centrify by registering an email with Centrify or Centrify Authorised Reseller.
Once the Tenant has been setup, the login link should have been sent to the email you have provided.
You will need to setup the 2FA Connector VM on premise. The recommended specification of the connectors. Port 443 should be opened for the VM.
- 4 Core; 8GB RAM; 100 GB HDD; Windows 2016 or later
At the Active Directory
- Create UNIX computer group in AD if not already created
- Add the UNIX computers that will require 2FA to the UNIX group
- Create a UNIX Users group if not already created
- Add Users that will require 2FA to the UNIX user group
- Add the IWA root CA Certificate to the Centrify GPO. The IWA Certificate can be downloaded from the Centrify cloud but the connector needs to be setup first before we can download the IWA Certificate.
At the CentOS Server
Copying the IwaTRustRoot.pem Certificate to CentOS Linux Server
- Change the extension of the IWA certificate that was downloaded from .cer to .pem
- For CentOS, please copy the certificate to this location /etc/pki/ca-trust/source/anchors/ in the test server.
- Copy the cert to /var/centrify/net/certs as well
Configure the SSH settings
# vim /etc/ssh/sshd_config
# To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication yes
Restart the SSHD Services
# systecmtl restart sshd.service
Restart the Centrifydc services
# /usr/share/centrifydc/bin/centrifydc restart
Active Directory Flush
# adflush -f