diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py
index 5e71b23d4d..02be552634 100644
--- a/awx/main/credential_plugins/centrify_vault.py
+++ b/awx/main/credential_plugins/centrify_vault.py
@@ -21,6 +21,18 @@ pas_inputs = {
         'type':'string',
         'help_text': _('Password of Centrify API User with necessary permissions'),
         'secret':True,
+    },{
+        'id':'oauth_application_id',
+        'label':_('OAuth2 Application ID'),
+        'type':'string',
+        'help_text': _('Application ID of the configured OAuth2 Client (defaults to \'awx\')'),
+        'default': 'awx',
+    },{
+        'id':'oauth_scope',
+        'label':_('OAuth2 Scope'),
+        'type':'string',
+        'help_text': _('Scope of the configured OAuth2 Client (defaults to \'awx\')'),
+        'default': 'awx',
     }],
     'metadata': [{
         'id': 'account-name',
@@ -41,7 +53,7 @@ pas_inputs = {
 def handle_auth(**kwargs):
     post_data = {
         "grant_type": "client_credentials", 
-        "scope":"siem" 
+        "scope": kwargs['oauth_scope']
     }
     response = requests.post(
         kwargs['endpoint'],
@@ -106,8 +118,14 @@ def centrify_backend(**kwargs):
     system_name = kwargs.get('system-name')
     client_id = kwargs.get('client_id')
     client_password = kwargs.get('client_password')
-    endpoint = urljoin(url,'/oauth2/token/oauthsiem')
-    endpoint = {'endpoint':endpoint,'client_id':client_id,'client_password':client_password}
+    app_id = kwargs.get('oauth_application_id', 'awx')
+    endpoint = urljoin(url, f'/oauth2/token/{app_id}')
+    endpoint = {
+        'endpoint': endpoint,
+        'client_id': client_id,
+        'client_password': client_password
+        'oauth_scope': kwargs.get('oauth_scope', 'awx')
+    }
     token = handle_auth(**endpoint)
     get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token}
     acc_id = get_ID(**get_id_args)
diff --git a/awx/main/migrations/0124_centrify_vault_credtype.py b/awx/main/migrations/0124_centrify_vault_credtype.py
new file mode 100644
index 0000000000..ff65ad9b75
--- /dev/null
+++ b/awx/main/migrations/0124_centrify_vault_credtype.py
@@ -0,0 +1,20 @@
+from django.db import migrations
+
+from awx.main.models import CredentialType
+from awx.main.utils.common import set_current_apps
+
+
+def setup_tower_managed_defaults(apps, schema_editor):
+    set_current_apps(apps)
+    CredentialType.setup_tower_managed_defaults()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0123_drop_hg_support'),
+    ]
+
+    operations = [
+        migrations.RunPython(setup_tower_managed_defaults),
+    ]
diff --git a/setup.py b/setup.py
index 5f23de9052..55fcff6785 100755
--- a/setup.py
+++ b/setup.py
@@ -131,7 +131,7 @@ setup(
             'hashivault_ssh = awx.main.credential_plugins.hashivault:hashivault_ssh_plugin',
             'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin',
             'aim = awx.main.credential_plugins.aim:aim_plugin',
-            'centrify_vault_kv=awx.main.credential_plugins.centrify_vault:centrify_plugin'
+            'centrify_vault_kv = awx.main.credential_plugins.centrify_vault:centrify_plugin'
         ]
     },
     data_files = proc_data_files([