In case you hadn't heard, we will be upgrading our platform (Centrify Identity Service and Centrify Privilege Service) to version 17.5 this weekend (Saturday, June 3rd). The complete list of new features is available in the release notes, but as always I will tell you about my favorites here:
17.5 is a milestone release for us as it consolidates the User Interfaces for the 2 component products in the platform! With this release, the UI for the "Privilege Manager" has been moved to the Admin Portal. To accommodate this change (and the addition for many more tabs), we have moved from a horizontal menu to a vertical one. Let me point out a few additional features of this new UI:
- Cross-product capabilities are now grouped under "Core Services"
- Centrify Privilege Service capabilities are now grouped under "Infrastructure" (please note, the UI is built dynamically based on entitlement -- meaning you will only see the Privilege Service UI in your tenant if you're an existing Privilege Service customer).
- All of the grouped tabs can be collapsed or expanded (by clicking the Label / arrow)
- Perhaps the most exciting news about the new UI, is that we've also taken measures to improve page loading performance by caching the UI in the browser. With 17.5, if you go to a page with a long list (e.g. the Users page with thousands of users), you will only need to wait for the page to load the first time you access it!
On the User Portal side, we have kept the horizontal navigation, but we've refreshed the portal to align with the new UI.
If you'd like to see more of a sneak peak at the new UI, please refer to this video.
New Security Features
We've also added a couple of cool new security features:
- Managed Device Policy: Customers have often asked for a way to limit app access to trusted devices only. In the past we were able to support this through our scripting interface, in this release we've made setting this up much simpler by exposing conditions in our rules builder used throughout the product (login authentication policy, app and resource policies).
Note: devices are considered managed if: (i) the device is under management by Centrify, or (ii) a known trusted certificate is on the device (known by being uploaded to the tenant as a trusted CA – under Settings > Authentication > Certificate Authorities).
- Password Reset Confirmation Email: We've also added a new feature to send an email confirmation to the end-user whenever his/her password is changed though our platform:
- Password reset (login UI),
- Password change by User in the User Portal or mobile app, or
- Password change by the Admin using the "Set Password" action in the Admin Portal.
Admins can enable this feature in the Admin Portal by going to Settings > Authentication > Security Settings.
Local Administrator Account Password Management for Macs
If your organization uses Macs, you will love this last feature! If you're like most organizations you use the same admin account on all of your Macs. Of course your users only have access to their personal user account but the administrative account on the endpoint is there and likely the same across all of your endpoints. You try to keep access to that password limited but over time the threat vector expands as you have more endpoints using the same password, you have turnover in your IT department and you occasionally need to provide end users with access to that Admin account.
In an ideal world, you would use different passwords for each endpoint, your admins / end users wouldn't know those passwords (but would be able to access the accountwhen needed) and the passwords would get automatically updated for you. This feature makes that ideal world a reality by leveraging Centrify's Mac management capabilities in conjunction with our Privilege Service! Centrify can now manage the local accounts for your Macs, change the passwords on a regular basis and control who can access those accounts!
Customers of Centrify Identity Service and Centrify Privilege Service can enable this feature by setting the policies under Policies > Mobile Device Policies > OS X Settings > Manage Local Admin Account.
We hope you like these new features and look forward to hearing your feedback!