Centrify SSO is a cloud service that allows you to track ingress authentication events and produce documents for those events in order to protect against privileged access abuse.
At this time, InsightIDR only tracks password authentications through your Centrify data. After you complete the configuration, this event source refreshes every two hours.
Before You Begin
Use an Admin account to connect to InsightIDR with API permissions to query the
/security endpoints. Read more about the Centrify API here: https://developer.centrify.com/reference
You must also gather the following information from your Centrify application:
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the Cloud Service icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unfiltered logs.
- Create and name a new credential for the Admin account used for the Centrify API.
- In the “Username” field, enter your Admin account username.
- In the “Password” field, enter the password for the admin account.
- In the “Tenant ID” field, enter the tenant ID for your Centrify appliance. For example, if your Centrify URL is
tentantID.my.centrify.com, your tenant ID is
- Configure your default domain.
- Click the Save button.