In case you've missed the Support announcements, we will be upgrading Centrify User Suite to version 14.8 this weekend. This is another great release chock full of features and enhancements to improve the usability of our product and to bolster the supportability for large-scale deployments. The complete list of new features is available here; but, I will provide more depth on some of the new features in this post.
In this release, we have completely revamped the App Catalog. In the new App Catalog, you will find the following:
- Improved search featuring browse by category,
- A "custom" tab for easy access to our app templates and Infinite Apps (tool), and
- an Import option to import an app that has been exported from another tenant.
End users will benefit from this new UI as well from the User Portal, where they will see the same search capability (provided that they have rights to add apps), and any apps made available as an optional install will appear under a "recommended" tab.
You will now find search has been added to the Users, Apps, Devices and Roles pages in Cloud Manager; thereby making support for large deployments much simpler (help desk staff can quickly find a user account when that user calls with a problem).
We've also simplified the proxy registration process, requiring the user to simply enter their login credentials to register a proxy rather than having to copy and paste an activation code from one screen to another. In addition, admins can now specify when they will accept an automatic update to the proxy.
Support for Independent Active Directory Forests
We've had customers tell us how they would like to provide SSO support to a partner organization. The customers did not want to create user accounts for their partners in our cloud directory since the partner maintains an AD of their own. They have not set up a trust relationship between the forests; but, wanted the partner to be able to login using their existing AD credentials. With 14.8, this is a supported deployment model!
In the diagram to the left, you can see what this looks like from an architectural perspective. In this case, the customer has an existing tenant (Tenant A) with a proxy on their network (Domain A). In order to provide access to users from a separate forest (Domain B), they simply need to enable a user from that forest to install a proxy on their network and register it with the same tenant. This is achieved by doing the following:
- An admin from Tenant A first creates a cloud user for an admin from Domain B, and gives that user the administrative right to "Register Proxies".
- The admin from Domain B then logs into the Tenant with those cloud credentials and downloads the proxy and installs it on their network (since this admin is not given any other administrative rights, he/she is not able to access any sensitive data or do any other administrative functions in Tenant A).
- The admin from Domain B then tells the admin from Domain A the name of the group (or users) that should have access to the app.
- The admin from Domain A then adds those groups/users to the Centrify Role to enable app access.
I hope you find these new features valuable, and I look forward to hearing your feedback.