Centrify SSO is a cloud service that allows you to track ingress authentication events and produce documents for those events in order to protect against privileged access abuse.
At this time, InsightIDR only tracks password authentications through your Centrify data. After you complete the configuration, this event source fetches data every two minutes.
Before You Begin
Use an Admin account to connect to InsightIDR with API permissions to query the
/security endpoints. Read more about the Centrify API here: https://developer.centrify.com/reference
You must also gather the following information from your Centrify application:
How to Configure This Event Source
- From your dashboard, select Data Collection on the left-hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the Cloud Services icon. The “Add Event Source” panel appears.
- Select your collector and Centrify from the event source dropdown.
- Name your event source.
- Optionally choose to send unparsed logs.
- Select your LDAP account attribution preference.
- Select your Centrify credentials, or optionally create a new credential for the Admin account used for the Centrify API.
- In the “Tenant ID” field, enter the tenant ID for your Centrify appliance. For example, if your Centrify URL is
tentantID.my.centrify.com, your tenant ID is
- Configure your default domain.
- Click Save.
Did this page help you?