In case you hadn't heard, we will be upgrading our platform (Centrify Identity Service and Centrify Privilege Service) to version 16.5 this weekend (Saturday, May 21st). This release focuses primarily on performance improvements, but we've also added some great new capabilities. The complete list of new features is available in the release notes, but as always I will tell you about the most important features here:
Enhanced Adaptive Authentication
As you probably already know, Centrify has supported adaptive authentication (ability to approve/deny access or require different ways to authenticate based on the context of the access request) in our platform for years. With this feature, the administrator can choose to deny access, or require different challenges to authenticate (using our authentication profiles) based on pre-defined conditions. When we first introduced the concept of auth profiles, we supported 2 conditions:
- IP address (on or off the corporate network), and
- Identity cookie (present or not).
In this release we are adding 4 new conditions:
- Day of week
- Date range
- Time range
You will find these new capabilities under "Policies > User Security Policies > Login Authentication". While these rules are only available for portal login today, we will be adding these same capabilities to our per app policies in the near future (stay tuned)!
Improved Cloud Connectors
As I'm sure you already know, our Cloud Connectors are a simple Windows service that enable secure communication between a customer's network and the Centrify cloud. Among other things, the Connector serves as a proxy to a customer's AD. In this release we have done a major overhaul of the Cloud Connector primarily to improve performance to meet the needs of customers with large / complex AD environments.
As we were doing this work to improve Cloud Connector performance, we decided that we also needed to deprecate support for Local Security Groups (LSGs) and Distribution Lists (DLs) in Roles. Let me point out the following:
- Existing Roles will continue to work as is in 16.5
- Admins will not be able to add members to Roles using LSGs / DLs in 16.5.
- We’ve created a PowerShell script to migrate LSGs / DLs to Security Groups.
- Centify Support will be contacting customers to help migrate LSGs / DLs before 16.7 (when LSGs and DLs will no longer be supported for existing Roles).
If you are using LSGs and DLs for your roles and want to learn how to migrate them to a supported group, please refer to this KB article for more information.
We hope you enjoy these new features and look forward to hearing your feedback!