In case you hadn't heard, we will be upgrading our platform (Centrify Identity Service and Centrify Privilege Service) to version 16.3 this weekend (Saturday, March 26th). The complete list of new features is available in the release notes, but as always I will tell you about my favorite new features here:
At Centrify we are on a mission to help our customers improve security by reducing (or eliminating) passwords and by implementing adaptive authentication that supports MFA everywhere. As mentioned in our prior releases, Centrify Identity Service enables our MFA to be extended beyond our User Portal and Applications to VPNs, Servers and privilege elevation commands in those servers. While implementing MFA is critical, it's also very important to have good visibility as to how and when MFA is being used throughout the enterprise. For this reason, we've added 4 new built-in reports to Centrify Identity Service:
- MFA Events - Last 7 days
- MFA Failures - Last 30 days
- MFA Special Events - Last 30 days (this report shows when MFA is used for things like password resets and AD account unlocks)
- MFA User Summary - Last 30 days (this report shows the counts of MFA events for each user)
Expanded OATH Support
As you may recall, we added support for 3rd party OATH OTP clients to be used as an authentication mechanism with our service in the 16.2 release last month. The feature added in 16.2 allowed the Admin to enable a 3rd party client to be used by his/her end-users. However, this only worked for OTP clients for the user to manage on their own (e.g. add the client to the service by scanning a QR code from the User Portal). This works great for OTP clients (e.g. Google Authenticator) that support this model; however, not all OATH client (e.g. hard tokens) provide the end user with a way to add a QR code. In addition, many customers want to manage the OATH clients for their users.
With 16.3, Admins can now do a bulk upload of OATH tokens (under Settings > Authentication > Other > OATH Tokens) to register OATH clients with the service on behalf of the user. Admins can also remove these tokens later as needed.
Simplified SharePoint Configuration
With 16.3 we have added a plug-in that automates the configuration of the SharePoint Server to work with our service. In the past, admins would need to go through a bunch of manual steps to download and install a certificate from Centrify then manually configure their SharePoint Server. While this process was not difficult, it was error prone and time-consuming. Instead of spending 30 minutes to manually configure SharePoint, Admins can integrate their SharePoint server in about a minute by downloading the plug-in and executing a simple PowerShell script.
We hope you enjoy these new features and look forward to hearing your feedback!