Registering for Privileged Access Service
Multi-factor authentication for Server Suite-managed computers relies on the infrastructure provided by Privileged Access Service and authentication and privilege elevation. Privileged Access Service enables you to securely manage users, roles, policies, devices, and applications in the identity platform. You can also define the types of authentication challenges you support and where the multi-factor authentication rules apply.
Sign Up and Activate Your Account
To get started, you should register for an account in Privileged Access Service if you are not already a subscriber. You can request a free trial or subscribe to Privileged Access Service through the Delinea website.
If you don’t already have a subscription, you can start by requesting access to Privileged Access Service by visiting the Delinea website.
After you register for a Delinea account with a valid email address, you will receive an “Activate Your Delinea Account” email followed by a “Your Delinea Account Is Ready Next Steps” email with your account details. Your account details include the user name and temporary password for an administrative account that is a member of the predefined System Administrator role and a unique customer identifier. For example, your email message might have account details similar to the following:
| Privileged Access Service management: | https://abcd1234.my.centrify.net/manage |
|---|---|
| Your User Name: | admin_maya.garcia@acme.net |
| Your Temporary Password: | 1234abcepassword (You'll be asked to change this when you log in) |
| Customer ID: | ABCD1234 |
Use your account details to log in and set a new password for your administrative account.
Start or Skip the Wizard
After you log in successfully, you will see a Welcome to Privileged Access Service message with the option to start or skip the quick start wizard.
If you click Start the Wizard, you are prompted to manage mobile devices, add web applications, add mobile applications, add users, and invite users. You can click Next to skip any or all steps. None of the steps in the wizard are required to set up multi-factor authentication.
If you are only interested in preparing for multi-factor authentication, you can select the Don’t show this to me again option, then click Skip. If you click Skip now, you can run the wizard at any time after configuring multi-factor authentication by clicking Start Wizard on the Getting Started dashboard.
If you have not completed these preliminary steps, stop here and verify that you have received the “Your Delinea Account Is Ready - Next Steps” email and that you can log in to the Privileged Access Service platform with the account information in the email.
Plan Multi-Factor Authentication for Server Suite-Managed Computers
Privileged Access Service is most often used to store information about people and devices, to identify different classes of users and devices, and to define the policies that specify what different classes of users and devices can do. To support multi-factor authentication, however, you must also add Delinea-managed computers to the access service.
Any computer that will require multi-factor authentication must also be added as a member of an identity platform-based role. This step is similar to adding computers to a zone. For multi-factor authentication, an identity platform-based role has computers as members and is managed through Privileged Access Service. It is separate from the role definitions and role assignments you manage using Access Manager or other Server Suite components.
