CPAS (Centrify Privileged Access Service) is Centrify’s product that offers standard entry-level features. In short, it is a web-based, agentless, password-safe solution. It is licensed under the name CPAS Core. With CPAS (Centrify Privileged Access Service), you can store the passwords of service accounts, shared accounts, accounts used in applications, in a password safe. You can change passwords regularly and get the password from the safe whenever you need it. Administrator approval may be requested during password supply.
It can use its own local accounts as well as AD integration. PAS supports MS Failover Cluster. If there will be an environment where all passwords will be stored, it is definitely recommended to install a Cluster.
Adding a Password via Centrify PAM
When the password will be added via Centrify PAM, we click on the “Secrets” menu. Then click on the “Add Secret” option.
On the “Add Secret” page, you can enter the username in the “Name” field. We write the password in the “Type” part.
On the “Permissions” page, we give permission to who will see and copy that user.
Save by clicking the “Save” button.
Adding Domain User or Server/Client Local User
You can also add and manage domain users or server/computer local users. Click on the “Domains” menu for the domain user.
You can add your own domain on the “Domains” page. You can add the domain user by clicking the “Add” button.
When we click on the user we added, you can see that he goes to the “Accounts” menu. In the “Permissions” menu, you can authorize who will see this user, who will enter the servers with this user, and who will receive this user’s password.
In the “Systems” menu, you can add your own systems. You can add local users to your systems. You can decide who to authorize for these users. Here we click on the server/computer you added.
You can add local users for the server in the “Accounts” menu. For this, you can add users by clicking the “Add” button.
You can authorize who you will authorize for the user you have added from the “Permissions” section. As “target“, you can authorize those who will log in to the “aomertestpc.systemconf.local” computer with the “admin” user. You can see the “admin” local user of the “omer” PAM user “aomertestpc.systemconf.local“, view the password, copy, edit the password, change the password or log in with this user.
Note: Local users and domain users are visible in the “Accounts” menu, but users in the “Secrets” menu are not visible in the “Accounts” menu.