Centrify Powershell Utility Installation

Check the Prerequisites

Install the Centrify Powershell Utility

  1. Download the AWS powershell utility zip file.
  2. Unzip the file into a new folder.
  3. Open the Powershell prompt in Administrator mode.
  4. Run Set-ExecutionPolicy Unrestricted to enable the scripts.
  5. Run [System.Net.ServicePointManager]::SecurityProtocol and check for TLS12 in the resulting output. If there no TLS12 in the protocol list, run the following commands.
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
  1. If you are working behind a proxy server, run the following commands to enable your Powershell session to use proxy credentials.
$webclient=New-Object System.Net.WebClient
  1. Run one of the following commands:
.\CentrifyAuthenticate.ps1 –Tenant <Tenant.centrify.com> -Location “\absolute_path\aws\credentials”
.\ca.ps1 -Tenant <Tenant.centrify.com> -Location “\absolute_path\aws\credentials”



  • Both Tenant and Location parameters are optional
  • Tenant by default points to devdog.centrify.com
  • Default AWS region needs to be set using a different command. See step 14.
  • Location specifies the absolute path of the AWS credentials file
  • If location is not specified, the default location USER_HOME/.aws/credentials is used
  1. Enter your Centrify credentials for authentication. Note: Credentials may be a MFA per user configuration.
  2. Once authenticated, all authorized AWS applications are listed.
  3. Choose an application by entering the number of the application.
  4. Running an application will generate a SAML. The SAML will be posted to AWS for its credentials. See AWS SAML for more information.
  5. Choose an AWS role.
  6. If the inputs are correct, the AWS credentials will be saved in the profile <ProfileName>. Use <ProfileName> to run AWS commands. For example:
Get-S3Bucket -ProfileName <ProfileName>
  1. To set your default region, use the following AWS commands.
Set-DefaultAWSRegion -Region <region>
Where region = us-east-1, us-west-1 etc.