Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

15.12 Highlights: Mobile Policy Migration, AD Password Capture and SSO for Customers

11 April,19 at 11:50 AM

It's hard to believe, but the end of the year is upon us, and with that we will be delivering our last product update of 2015.  In case you hadn't heard, we will be upgrading our platform (Centrify Identity Service and Centrify Privilege Service) to version 15.12 this weekend (Saturday, December 19th).  This release has several cool new features and enhancements.  As always, I will highlight the features I'm most excited about here:


Mobile Policy Migration (AD --> Cloud)

As you probably know, Centrify Identity Service was the first IDaaS product to include a complete EMM solution.  From the beginning we have enabled mobile device management fully from Active Directory, and almost 2 years ago we enabled our customers to choose between managing their devices from AD or from the Cloud.  A number of our customers initially deployed using AD but many of those customers told us that they were interested in moving the device management to our cloud.  The challenge that these customers faced was that with our product, if you selected to manage devices from AD, we simply did not show any cloud policies for mobile.  This makes switching problematic as devices would not get any policy from the Cloud until the admins setup the cloud-based mobile policies.  With this release, we now give the option to show the cloud-based mobile policies while devices are being managed in AD.  This gives the admin the ability to first setup the mobile policies.  Now, when the admin switches from AD to Cloud, the devices will immediately get policy from the cloud!


Mobile Policies.png


AD Password Capture and Replay

Many customers use internal applications that rely on credentials from AD that don't support SSO (they simply use the same username and password from AD instead of SAML or another SSO protocol).  These customers have told us that they wanted us to be able to capture the AD password upon login to use in these username and password applications in order to prevent users from having to type in the AD password upon first use of those apps (or first use after the AD password has been changed).  With 15.12, we allow the system administrator to enable the service to securely capture the users' passwords at login (under Settings > Security Settings).  When this setting is enabled, the administrator can setup username and password apps to securely pass the AD password for authentication.  Also note, this feature can be used for passing an AD password to mail clients for Google Apps for Work.


AD Password.png  

SSO for Customers

As promised in my 15.11 post and discussed in detail in a blog and press release earlier this week, 15.12 marks the general availability of our B2C product offering.  Over the past quarter we have been working diligently on features to enable our customers to extend our platform to external users in addition to their employees.  This started with our 15.10 release which marked the advent of enabling SSO to business partners through federation.  Earlier this month, we released 15.11 which included early access to our B2C offering.  Now, with 15.12, we have made the B2C features generally available:


  1. Social login: Admins can now enable end-users to login to the service using credentials from social platforms (Facebook, LinkedIn, Google and Microsoft).
  2. OpenID Connect: Of course, access to the platform is only half the's an enabling technology for accessing applications.  The applications that a company wants to share with its customers are often custom applications that have been built, or are being built, using SSO standards to login.  OpenID Connect is the protocol of choice these days as it offers all of the benefits of SAML but it's easier to use.



Our expectation is that customers will evaluate the B2C features using a Centrify tenant...but will deploy to production on their own sites (only calling the service when needed through our APIs).


We hope you enjoy these new features and look forward to hearing your feedback!

Related Articles

No related Articles