As you may have already heard, the Centrify Cloud (Centrify Identity Service and Centrify Privilege Service) will be upgraded to version 15.9 this weekend (Saturday, October 3rd). In this release we have made several improvements to our Office 365 support -- making a great product even better. In addition to those improvements, this release has several cool new features, let me point out my favorites here...
Azure AD Join Support
With the advent of Windows 10, Microsoft introduced "Azure AD Join" a feature that enables workstations to be joined to Azure AD in lieu of joining the machine to a domain. Centrify now supports this feature, too. If you have federated your Office 365 domain with Centrify (i.e. are using Centrify to authenticate into Office 365), you can now log into your Windows 10 workstatation through Centirfy, too!
Android for Work Support
Centrify is proud to be the first IDaaS solution to be included in the Android for Work program! As you probably know, Centrify was the first company to include an integrated EMM solution in an IDaaS product. We've been doing EMM/MDM (whichever acronym you prefer) from the beginning, and beyond basic mobile device management we also have the richest capabilities for container management supporting both Samsung KNOX, and now Android for Work (AfW). With AfW, the Centrify client simply becomes an AfW managed app. This enables a rich BYO solution as only the container is managed by Centrify (meaning that an enrolled device can't be fully wiped by Centrify when using AfW...only the container can be wiped).
Last, but certainly not least, with 15.9 we are introducing the concept of authentication profiles -- the ability for the administrator to determine which attributes a user must provide for logging into the service or for stepping up authentication when needed. Prior to 15.9, the only way a user could access the product was by providing a username and a password. Our customers have asked us for flexibility here so that they could decide what the login and step-up authentication behavior should be. We've had several customers ask for the ability to access the service without using a password, or to protect their AD by making the Password the 2nd step in the authentication (i.e. verifying the user first through our mobile authenticator, or an SMS message and asking for password 2nd). The customers have asked, and we've delivered! With authentication profiles, you have the flexibility to decide how your users login to the service and/or to step-up authentication.
You will find this feature under Policies > Account Security Policies > Login Authentication. When you enable this policy, you will see a rules engine where you can specify under which conditions to apply each profile. In the example below I've setup a profile that requires 2 factors with the Password being the 2nd factor in the login sequence. This profile is applied to any browser that does not have an identity cookie. I've also set up a profile that only requires username and Mobile Authentictor, and I've applied this profile to access requests that come from my corporate network. The image on the right simply shows the UI for the authentication profiles.
Let me point out a few important things to note here:
- Upon upgrading to 15.9, we will auto-generate some authentication profiles for you: (i) a username and password profile to be used by default, and (ii) we will carry over any of policies you had previously set requiring multi-factor -- those authentication profiles will adopt the name that you had given to the policy set where that policy was being used.
- You can create authentication profiles inline while applying the profile (by clicking "Add New Profile").
- You will also find a place to create / manage these profiles under Settings > Authentication Profiles.
While this post is only about the updates to Centrify Identity Service, I do want to point out that the upgrade is a platform-level upgrade...meaning that Centrify Privilege Service will also be introducing several new features this weekend.
We hope you enjoy these new features and look forward to hearing your feedback!