As you may have already heard, the Centrify Cloud (Centrify Identity Service and Centrify Privilege Service) will be upgraded to version 15.10 this weekend (Sunday, November 1st). This is our biggest release on the platform since the launch of Centrify Privilege Service earlier this year! I'd like to take this opportunity to tell you about the biggest features in this release.
Many customers have told us that they wanted to create a vanity URL so that their end users can login directly to their own tenant instead of having to login to cloud.centrify.com. While the "vanity" aspect of this feature is not that significant this is an important security feature. With a tenant URL, you can now direct your users to go directly to [name].my.centrify.com to login to your tenant. This is important as it allows you to train your users to only enter domain credentials when they are logging into the tenant itself. They will know that they are in the right place based on the URL and the branding.
Three things to note:
1) Users can always login to cloud.centrify.com as well as any Tenant URLs created for their tenant,
2) Upon upgrade, users will be redirected to [tenantID].my.centrify.com (this is an auto-generated Tenant URL created for your tenant)
3) You can create a new Tenant URL by going to Cloud Manager and visiting Settings > Tenant URLs . Once you've created a new Tenant URL you can set that as the default so that users who log into cloud.centrify.com will see that URL upon logging in.
Workflow is a premium feature that is available in Centrify Identity Service App+ edition and in Centrify Privilege Service. Workflow enables IT to setup an application and delegate the user administration to a line of business owner of the app. We built this feature to address a simple need -- the ability to restrict access (for cost containment and/or security) for applications to only the users who need that particular application. This feature enables you to minimize risk, while maximizing operational efficiencies. App requests can now be made by the end user directly to the line of business owner of the application. The line of business owners do not need to be given any administrative rights in Centrify Identity Service, they are simply identified by IT as the "approvers" of the app. IT also identifies which Role (or Roles) in Centrify to add approved users to. Then when a user requests the app, the request is routed to the approvers. If the request is approved, the user is added to that Role and the app is made available to the user.
SSO for Business Partners (Federation)
Finally, I'm very excited to announce that we are now supporting SSO for business partners. In the past 18 months, I've been on countless calls with customers who have said something like: "we love your SSO solution and want to extend it to our partners." These customers have been looking for a way to share applications with business partners without having to manage the user identities for those individual users. They are looking for a federated solution for sharing these applications whereby they simply establish a trust relationship with the business partner and the partner is responsible for their own user management.
With this feature, we have turned our platform (Centrify Identity Service and Centrify Privilege Service) into a SAML app. This means that once the trust is established, the users of the trusted partner will be able to access an app that you share using any IDP. The image on the left below shows Centrify as an Identity Provider only, the image on the right shows Centriy as both a Service Provider and an Indentity Provider:
If the partner doesn't have an IDP, they can start a trial with Centrify in a matter of minutes.
We hope you enjoy these new features and look forward to hearing your feedback!