Do you mean setting up another member server (in forest2) having Centrify Cloud Connector alone?
Please understand that there's a design decision to be made first. I am not sure you understood my original reply.
Will forest1 adn forest2 ever have a two-way trust relationship?
- If the answer is Yes, you may not have to do anything else, you'll be able to see users from the other forests due to the transitive nature of two-way trusts.
- If the answer is No, then you need to add a cloud connector in Forest2 that provides an AD proxy to your CIS tenant to expose users and groups from that forest.
Let me illustrate an example from one of my demo environments.
I have a local forest running in one of my virtual environments called centrifyimage.vms; but I also have another forest in AWS called corp.centrifying.net. Sometimes I need to provide demos outlining exactly what you just inquired about. Here's a diagram:
So what I did, was to add Cloud Connectors on member servers on both forests:
Now when I need to pick users or groups, I can do it from both disjointed forests:
For example, if I want to invite a user, notice that I can pick from the different forests.
This is a very powerful capability that allows Centrify Identity Service and Privilege service to bridge and provide SSO, Application and Privilege (vaulting, session, etc) to organizations that may have different forests with no relationship.
I hope this helps.
R.P