In case you hadn't heard, we will be upgrading our platform (Centrify Identity Service and Centrify Privilege Service) to version 16.4 this weekend (Saturday, April 30th). The complete list of new features is available in the release notes, but as always I will tell you about my favorite new features here:
New Self-Service Features
For user self-service, we've added two new features to improve the user experience:
- Show Password Complexity Requirements (for password reset), and
- Recovery of Forgotten User Name
Centrify Identity Service has supported password reset (both for Cloud Directory and for AD users) for a very long time now. While this is a great feature, it needed some improvement in the user experience department. Specifically, the password reset experience could be frustrating for users as the interface did not communicate to the user what the password complexity requirements were. With this release we've added a new policy (under "User Security Policies > Password Settings") to display the password complexity requirements in the user interface.
NOTE: for Active Directory users, this feature provides a text box for the Admin to type out the requirements. We do not do this for Cloud Directory users as we know precisely which rules are in place for each user.
In addition we've augmented our support for recovery of lost credentials. Specifically, the platform now supports recovery of a forgotten user name. To enable this feature, go to "Settings > Authentication > Security Settings" and click the box to "Enable forgot username self-service at login". When this is enabled, the Sign In screen will contain a "Forgot User Name?" link. Clicking this link pompts the user to provide an email address so that we can email the user name to the user. (NOTE: for security reasons, we will not indicate if the email address does not match any user records.)
Improved Token Management
We've expanded upon the token management feature that was added in 16.3 which enables Admins to bulk upload OATH tokens (under Settings > Authentication > Other > OATH Tokens) to register OATH clients with the service on behalf of the user and remove these tokens later as needed. In 16.4 we've added 2 new capabilities to this feature:
- Admins can now bulk upload HOTP OATH tokens in addition to TOTP tokens, and
- Admins can now remove tokens added by the user as well (in 16.3, they could only remove the tokens that they had added).
Passwordless Mobile Enrollment
This feature is an example of where the breadth of Centriy's customer base benefits all of our users. In working with our customers in government and highly regulated industries where security is paramount, we found that many of these customers have moved to Smart Cards and have gotten rid of their passwords all together. As you may have seen, we added Smart Card support to the platform several months ago. This works great when accessing the portal on a computer, but was problematic on mobile. We've addressed their needs by adding a policy (under "Mobile Device Policies > Device Enrollment Settings") to "Enable invite based enrollment". When this policy is enabled, invite links that are sent to the user will contain a one time passcode for enrollment that will satisfy the authentication needs from the device.
As a best practice, we recommend having your users first download the Centrify Mobile App, then login to the portal and go to the Devices tab, and click on the "Add Devices" button to send an SMS link to the phone.
We hope you enjoy these new features and look forward to hearing your feedback!