Skip to main content
Software

Centrify Command Line Interface for Linux (CCLI)

By December 15, 2021July 13th, 2023No Comments

I’ve been recently playing around with Centrify Linux DMC setup and my first question was, “Where is the cli for linux?”

After an hour or so of looking around, I finally found the download for it.

It was just released a couple months ago, so it’s pretty new as well and looks like your Tenant must be at least 20.3.

https://github.com/centrify/centrifycli/releases

Here’s the info on the release:

Official Release v1.0.5.0

This release includes the following improvements and features:

  • Delegated Machine Credentials support (-m)
  • Single binary executable for easy distribution and automation using built in dotnetcore 3.1 runtime
  • Interactive MFA support (when not using OAuth2 token)
  • If password required by not provided by -pw you will be prompted to enter it interactively (masked)
  • The bootstrap command for quickly configuring service side requirements from within the CLI itself
  • If connection fails, include inner exception detail in error output

Delegated Machine Credentials Support

Note that for this feature to work, a version of the Centrify Cloud Client with DMC support is also required. Client support for this starts with the corresponding 20.3 release.

Bootstrap Command

The new bootstrap command allows for quickly configuring the service side requirements from within the CLI itself. Example:

$ ccli bootstrap -u [email protected] -url https://tenant.my.centrify.net

This will prompt the calling user to MFA (user must be a sysadmin or have app creation privileges), then automatically execute the steps detailed in: https://github.com/centrify/centrifycli/wiki/Configuring-Centrify-Service-OAuth-for-Centrify-CLI

By default the application is configured to allow all API’s to be called (i.e. scope regex of ‘.*’), and give access to the CLI app to the sysadmin role only. These can be overridden during bootstrap with the -breg and -br arguments respectively:

$ ccli bootstrap -u [email protected] -url https://tenant.my.centrify.net -breg UserMgmt/* -br MyRole

This command will create (or update if it exists) the application then add permission for the MyRole role and set the ccli scope regex list to UserMgmt/*

The bootstrap command will also generate an initial token (good for 1 hour) for the calling user.

Thank you,

Close Menu