Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Centrify 17.1, 17.1 Hotfix 1 & Hotfix 2 Release Notes

11 April,19 at 11:51 AM

New Features - Centrify Identity Service


CBE Form-Fill 


This feature allows users to go directly to username / password app to login through Centrify without going to the User Portal.


Form-Fill now available for:

  • Firefox
  • IE
  • Chrome

User can enable/disable auto-login.


CBE form fill.gif  


Force finger print for Mobile Authenticator (Android)


This is a new policy to require finger print scan.


  • When using mobile authenticator MFA Method, a required finger print pop-up will appear 
  • Policy to allow or disallow PIN Fallback
  • iOS coming in the next release

 Forced Fingerprint.png



Remediation Actions for Unreachable Devices


If a device is unreachable for X days, the following actions are available to admins:

  • Admin Lock
  • Auto-Unenroll

unreachable devices.png 



3D Touch / App Shortcuts


Long press on the Centrify app icon will bring up:

  • Send MFA Code (Mobile Authenticator)
  • The last 2 apps used
  • Notifications area


This feature is available for Both for iOS and Android 7.1+.


3d touch.png 



New policy for Samsung KNOX – Force GPS


Admins can now force managed Samsung KNOX devices to have GPS enabled.  New policy is available here:

  • Policies > Mobile Device Policies > Samsung KNOX Device Settings > Restriction Settings

Samsung KNOX.png


 The following apps have been updated:


  • Windows Live
  • Skype
  • Yahoo Mail
  • eFax
  • Box
  • Lynda
  • My Adobe
  • Twitter
  • PollEverywhere
  • Juniper Pulse renamed to Pulse Secure



New Features - Centrify Privilege Service


Privilege Service On-Premises


  • Centrify Agent for Windows is bundled with Privilege Service on-premises
  • Accessible via Admin Portal > Downloads > Centrify Agents

CPS om prem.png 


Web Proxy Option - Centrify Agent for Linux 


In this version we introduce the -p (--http-proxy) option for the cenroll command to specify a web proxy for Centrify Agent for Linux enrollment operations.

Using this option will update the and agent.web.proxy.order parameters of the /etc/centrifycc/centrifycc.conf file (ref:CC-42880)



Resolved Issues and Behavior Changes


The following list records issues resolved in this release and behavior changes.


  • De-provisioning both a user and user’s manager at the same time in the NetSuite app now correctly de-provisions the user’s manager (CC-43569).
  • The Internet Explorer browser extension now loads pages where there is no document.defaultView object (CC-43553).
  • The Download Signing Certificate help tip now displays on IE in the WebEx SAML app (CC-42130).
  • Samsung KNOX UMC enrollment is now initiated with the Chrome browser on Samsung KNOX devices (CC-43323).
  • The IMEI is now displayed correctly for Android 6.0+ devices (CC-43164).
  • A device no longer shows as enrolled in the Admin Portal if enrollment was cancelled before completion (CC-43731).
  • The derived credential status no longer gets stuck at “pending” for devices running Android versions earlier than 7.0 (CC-43436).
  • Manager and Subsidiary field values are now sent to NetSuite (CC-42932).
  • Existing users are no longer overwritten by the Slack provisioning app if the option to keep existing users is checked (CC-42907).
  • All phone numbers (office, home, mobile) are now synched by the Slack provisioning app (CC-37056).
  • The Qmarkets provisioning app now supports the option to disable a user (CC-42967).
  • If a role is assigned as a workflow approver, the name of the role member that approved is now displayed after the approval has been given (CC-43221).
  • In the Google Apps for Work provisioning app, it is now possible to add a child Active Directory group for a synched Active Directory group (CC-39478).
  • Sync records for rejected user cases are no longer deleted by the Office 365 provisioning app (CC-43514).
  • All approvers on a Workflow request are now shown in the approval/rejection email to the affected user (CC-43171).
  • The Role “Add Members” dialog no longer pre-fills the list of all available users to improve UI performance (CC-43291).


For security advisories and known issues, please see attached file.


For 17.1 Hot Fix 1 security advisories and known issues, please see attached file.


For 17.1 Hot Fix 2 security advisories and known issues, please see attached file.


Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.