In case you hadn't heard, we will be upgrading our platform (Centrify Application Services and Centrify Infrastructure Services) to version 17.8 this weekend (Saturday, September 9th).  The complete list of new features is available in the release notes, but as always I will tell you about my favorites here:

Browser Extension Pinning and SCIM GA 

Both of these features were made available as previews in 17.7, and are now available generally.   As a refresher, browser extension pinning allows you to set policies (under Policies > Application Policies > User Settings) to set the Centrify Browser Extension to a specific version.  This allows you to control if and when your users are prompted to install a new browser extension.

With the GA of SCIM, we now include the provisioning tab on all of the SSO apps (SAML and OpenID Connect) in our catalog.  In 17.7, SCIM was only available when using the custom templates.  In 17.8, we include provisioning for existing SAML and OpenID Connect apps.

In addition, to the above we've made several enhancements to existing features, including:

Support for Next Token Mode for RSA SecurID

As you may know, we have integrated with RSA SecurID through our RADIUS implementation.  Customers using this feature asked us to add support for Next Toke Mode (when RSA prompts the user to provide a 2nd token for added security -- this is typically required after too many incorrect passcodes have been entered).

Enhancements to Inbound Provisioning

Customers using our inbound provisioning feature (provisioning users into AD from Workday) had asked for a few enhancements and with this release we have delivered! Specifically, we've made the following enhancements:

1. Admins now have additional options for where to email the password for new employees when we generate that password.  In the past, a generated password could only be sent to a specific email address (e.g. an alias for an onboarding team).  With this release, you can now choose to send those generated passwords to any combination of the following:
   1.  specific email address
   2. user's manager, and/or
   3. user's personal email address
2. Admins can now specify an OU to place users in upon termination.  This helps to automate a business process whereby users who have left the organization are temporarily held in a specific OU.  Of course, this is done in addition to disabling the user's account in AD!

Enroll Mobile Device with QR Code

In 17.8, we've made enrolling a mobile device even simpler!  As you may recall, our invite-based enrollment policy allows users to enroll a mobile device without providing their credentials.  When this policy is enabled, users can enroll their devices without providing a username / password by using any of the 3 options in the User Portal (send SMS, send email or scan QR code).

We hope you like these new features and look forward to hearing your feedback!