Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

17.11 Highlights: Conditional access for Endpoints and Infrastructure, SMS Customization & FIDO U2F

11 April,19 at 11:50 AM

In case you hadn't heard, we will be upgrading our platform to version 17.11 this weekend (Saturday, December 16th).  The complete list of new features is available in the release notes, but as always I will tell you about my favorites here:


Conditional Access for Endpoints and Infrastructure

This is without a doubt my favorite new feature in this release.  As you probably know, all of our products are integrated with and/or built on the platform. This allows core capabilities, such as MFA, to be extended to all of our products.  When we first integrated our Infrastructure Services and Endpoint Services agents with the platform, we created tenant-wide settings to require an Authentication Profile for Login Authentication and another profile for Privilege Elevation.  This was a great first step and allowed us to offer always-on MFA for login and/or privilege elevation.  This offered better security, but left 3 problems:

  1. poor user experience in that these protected resources / operations always required a user to provide a 2nd factor to access, 
  2. admins could not require different profiles for servers vs workstations, and 
  3. admins could not block access conditionally (as long as the user has the 2nd factor they can access the resource or elevate their privilege).

In this release, we have addressed this by moving this global setting to new policies.  In 17.11 we now have the following policies for conditional access:

  • Login Policies
    • Centrify Portal
    • UNIX and Windows Servers
    • Windows Workstations
  • Privilege Elevation Policies
    • Privilege Elevation

Conditional Access.png


Customization Extended to SMS Messages

As you probably know, our interface and any email messages sent through our service can already be customized.  You may also know that we have recently made it much easier to change the email messages in all of the languages we support and we've improved the Admin's ability to see which languages those messages have been customized in.  In the past, we had not exposed that interface to SMS messages generated by our system.  We never provided SMS customization because the URLs that we send with enrollment links / MFA challenge responses were so long that there really wasn't any room for that customization.   We are happy to announce that we have addressed that in this release.  We now use fixed-length short URLs and have exposed those messages for Admins to customize!

SMS Customization.png 


FIDO U2F Support

Finally, we are very pleased to announce that we have expanded our MFA offering to include FIDO U2F Security Keys as a 2nd factor.  Admins can now set policy allowing their users to self-enroll any U2F-compliant device and then use that device as a 2nd factor when authenticating through our platform.



We hope you like these new features and look forward to hearing your feedback!



Related Articles

articleCentrify 17.11 Release Notes