Centrify SSO

Centrify SSO is a cloud service that allows you to track ingress authentication events and produce documents for those events in order to protect against privileged access abuse.

At this time, InsightIDR only tracks password authentications through your Centrify data. After you complete the configuration, this event source fetches data every two minutes.

Before You Begin

Use an Admin account to connect to InsightIDR with API permissions to query the redrock/query and /security endpoints. Read more about the Centrify API here: https://developer.centrify.com/reference

You must also gather the following information from your Centrify application:

  • TenantID
  • User
  • Password

How to Configure This Event Source

  1. From your dashboard, select Data Collection on the left-hand menu.
  2. When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
  3. From the “Security Data” section, click the Cloud Services icon. The “Add Event Source” panel appears.
  4. Select your collector and Centrify from the event source dropdown.
  5. Name your event source.
  6. Optionally choose to send unparsed logs.
  7. Select your LDAP account attribution preference.
  8. Select your Centrify credentials, or optionally create a new credential for the Admin account used for the Centrify API.
  9. In the “Tenant ID” field, enter the tenant ID for your Centrify appliance. For example, if your Centrify URL is tentantID.my.centrify.com, your tenant ID is tentantID.
  10. Configure your default domain.
  11. Click Save.