In case you hadn't heard, we will be upgrading our platform (Centrify Identity Service and Centrify Privilege Service) to version 17.2 this weekend (Saturday, February 25th). The complete list of new features is available in the release notes, but as always I will tell you about my favorites here:
We've often had customers ask us to do one of the following:
- Expand the attributes available in the Centrify Directory, and/or
- Provide a data-store for custom attributes for their existing user identities.
This feature delivers upon both of these requests! We now offer the ability for Admins to create custom user attributes to be maintained within the Admin Portal. These attributes can be stored for any user type regardless of the user identity source (Centrify Directory, AD, LDAP, Google, Federated Partner or Social)! These custom attributes are stored in our cloud and can be passed on to downstream applications through SAML assertions, can be used for reporting and can be used as additional attributes for MFA. For example, if a company wants to allow their end users to receive an SMS or email for MFA purposes on a personal account without storing those personal details in their AD, this feature can be used for that.
Custom attributes can be added by going to Settings > Customization > Other > Additional Attributes. Once the attributes have been added, values for those attributes for individual users can be added in the user object under Additional Attributes.
Back in December, we announced the preview of Inbound Provisioning when we released version 16.12 of the product. As a refresher, this feature enables organizations that rely on an HR Management System to treat that system as the system of record for all users in the organization. As you know, the Centrify Platform enables secure access to apps and infrastructure for users from any of the sources mentioned above. Many customers rely heavily on their HR Management System and only create users in their AD after the record is created in the HR System. Of course, customers want to optimize how this is done by automating the process for creating a user object in AD after it has been created in their HR app. Inbound Provisioning refers to the process of creating users in a company's user store from the HR application. We have built this feature to be plug-and-play such that we can enable multiple source and target directories. In the initial GA version of the product (in this release) we enable Workday as a single source directory and AD as a single target directory. WIth Inbound Provisioining, once the user record is created in the target directory (AD), the user can access apps and infrastructure through the Centrify Platform as any other user from that directory can.
You can setup Inbound Provisioning under Settings > Users > Other > Inbound Provisioning. If you know our product well, you will have noticed from the picture above, we've also added a place for "Administrative Accounts". This is a cool and necessary component of Inbound Provisioning. With Inbound Provisioning, we are creating and editing user objects in AD, and need to have the appropriate permissions to do that. Specifically, we need to have domain or enterprise administrator rights. The Administrative Accounts feature allows you to store the necessary credentials in the platform for use with your AD. Those credentials can be vaulted in our platform or can come from a managed account from Centrify Privilege Service.
We hope you enjoy these new features and look forward to hearing your feedback!