11 April,19 at 11:50 AM
New Features - Centrify Identity Service
Component Name Changes
Product component names have been rebranded to create a single name that works across on-premises and cloud deployments.
Centrify Browser Extension Form-Fill Preview
Form-Fill allows users to go directly to username / password app and login through Centrify (without going to the User Portal).
Preview is now available for:
Administrators can access preview release files from the Downloads menu:
Windows MFA
We are extending our MFA Everywhere initiative to include Windows Login
Policy Compliance
Devices will now check for policy compliance
Aggregate Map of Device Locations
Administrator can Toggle between list view and Map view
Notifications Menu
Notifications are now consolidated into their own section in the app.
New Features - Centrify Privilege Service
The Centrify Agent for Linux
The new Centrify Agent for Linux replaces and extends the functionality found formerly in the CLI Toolkit. In addition to the application-to-application password management (AAPM) features, the agent brokers authentication (logon) with supported Linux systems for identities known to CPS. Supported identity providers in this release include:
The new agent enables logon for Active Directory users on Linux systems that cannot be joined to the Active Directory domain. These could include servers hosted by an IaaS provider; servers within a virtual private cloud; or even servers on-premises, such as those in a network DMZ.
Manage Account Passwords for SQL Server Clusters
Privilege Service now manages account passwords for Microsoft SQL Server™ in both single-server and clustered modes of operation.
For Windows authentication with SQL Server, account passwords can be synchronized for SQL Server clusters using:
For SQL Server “mixed mode” authentication, failover clustered instances are supported.
End of Life Notice
The Centrify CLI Toolkit has been removed from CPS in this release. Similar functionality to that in the CLI Toolkit is available in the new command-line tools in the Centrify Agent. This functionality includes the application-to-application password management (AAPM) and agent authentication features.
End of life for support of the CLI Toolkit
Centrify will end support for the CLI Toolkit in CPS release 16.12, targeted for December, 2016. In addition, because of updates to Kerberos, Centrify Server Suite will support only the new Centrify Agent feature set as of Server Suite 2017.
Centrify strongly recommends that customers use the new Centrify Agent feature set in this release.
Changes to CLI Commands in the Centrify Agent
A new service account will be used to join a computer to the customer’s Centrify tenant. The "service account" will be a Centrify Directory user account with a name like
{hostname}$@{tenant.alias}.
The Kerberos-based join (aka -k option, with the Centrify Server Suite DirectControl agent) will be dropped.
There is no requirement for the computer to be joined to an Active Directory domain in order to use the new Centrify Agent.
Platform |
AAPM |
Agent Authentication |
Red Hat Enterprise Linux 6.8, 7.3 |
✓ |
✓ |
CentOS 6.8, 7.2 |
✓ |
✓ |
Oracle Linux 6.8, 7.2 |
✓ |
|
Amazon Linux |
✓ |
✓ |
SLES 12 SP1 |
✓ |
|
Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS |
✓ |
|
Note: Upgrading from the CPS CLI Toolkit to the Centrify Agent for Linux is not supported. Please ensure the CLI Toolkit is removed before the Centrify Agent for Linux is installed.
Resolved Issues and Behavior Changes
The following list records issues resolved in this release and behavior changes.
For security advisories and known issues, please see attached file.
For 16.11 Hot Fix 1 security advisories and known issues, please see attached file.
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.