New Features - Centrify Identity Service

Inbound Provision from Workday (Preview)

This feature enables Centrify customers to create users in CIS / CPS directly from Workday.

• Workday provisioning directly to Centrify - For customers who want to stay entirely in the cloud
• Workday provisioning to AD via Centrify - For customers who use Active Directory together with Workday
• Modular architecture to support future Human Capital Management solutions
  • UltiPro
  • BambooHR

This preview version supports provisioning from Workday to AD.

• Preview feature must be enabled by Centrify. Contact Centrify Support for more information. 
• Released version will support options to provision to AD or Centrify Directory
  • Preview version will only  only support provisioning to AD
• Modular architecture allowing Workday to be replaced with another Human Capital Management system in the future

Multi-step Workflow

Workflows can now be setup with an unlimited number of approval steps.

• Unlimited number of named users or roles
• New option: User’s Manager (this can only be selected once)
  • If User's Manager is unknown, or one does not exist, approval will be assumed by the system (subsequent approvers will see that the approval was implied)

Policy Compliance Details

Admins can now see which policies are not compliant on a specific device.

• Drill-down to device from Devices table
• Go to Policy Summary
• Compliance column now appears with details (non-compliant policies appear in red text)

Labels for Connectors and Corporate IP Range

Admins can now provide labels for Centrify Connectors and for IP Addresses in their Corporate IP Range.

• Connector “names” are used throughout the product for selecting connectors for affinity (i.e. designating specific connectors as App Gateways)
• Corporate IP Range labels are helpful as a “sanity check” for verifying satellite offices have been accounted for

 The following apps have been updated:

• DocuSign (SAML+Provisioning)
• Webex (SAML+Provisioning)
• Dropbox (SAML+Provisioning)
• Box (SAML+Provisioning)

The following apps have been removed from the catalog:

• Hotels.com UK
• Fontdeck
• FaxItNice

New Features - Centrify Privilege Service

Local Client for SSH

• Designed to improve usability of Privilege Service's remote session feature
• 16.12 will support PuTTY
  • Windows RDP Client (mstsc.exe) support target is 17.2.
• Local SSH client is supported on Windows
• Sessions go through the Centrify connector (connector must be able to reach the target system)
• Maintains capabilities like watch, terminate and MFA
• Remote Access kit (local access launcher) must be installed on local system 

Platform Support Changes

iOS

iOS 8 is no longer supported by the Centrify App for iOS. If you are using iOS 8 you will still be able to install and use the Centrify App for iOS release 16.11 and earlier, however you will not be able to upgrade to 16.12 or later until you have upgraded your OS to iOS 9 or later.

Resolved Issues and Behavior Changes

The following list records issues resolved in this release and behavior changes.

• Event indexing performance has been improved such that large event populations no longer cause timeouts when displaying Recent Activity, Active Sessions, Password Checkouts (CC-43348, CISSUP-2585, CISSUP-2588).
• Online help now opens in a browser window with toolbar and location bar, this will enable easier navigation and allow readers to quickly share links (CC-42321).
• The Centrify App for iOS now supports Application Transport Security, which is an Apple requirement for apps released after January 1, 2017 (CC-43051).
• A VPN profile has been added for the Pulse Secure Juniper VPN client (CC-42682).
• The “Company managed groups” feature of Dropbox is now supported by the SAML+Provisioning Dropbox app (CC-41353).
• The Webex plug-in has been enhanced to support all the privilege attributes and sessionOption attributes (CC-42818, CISSUP-2529).
• Users with Application Management rights can now correctly delete apps deployed by other users (CC-42627).
• The correct assigned / available license count is now shown for Office 365 (CC-43268 / CISSUP-2543).
• Accented characters are now allowed in email addresses (CC-43242).
• In the Box app, it is now possible to update the location for a user’s home directory’s parent folder (CC-42201).
• In the User Portal references to a user’s Primary Device have been removed as this concept has been replaced by the more flexible Notifications feature (CC-42694).
• Reports whose names contain a space can now be deleted (CC-42789).
• The Unenroll command only shows in the User Portal where permitted by the “Permit user to unenroll devices” policy (CC-42403).

For security advisories and known issues, please see attached file.

For 16.12 Hot Fix 1 security advisories and known issues, please see attached file.

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.