New Features - Centrify Identity Service
This feature allows users to go directly to username / password app to login through Centrify without going to the User Portal.
Form-Fill now available for:
User can enable/disable auto-login.
Force finger print for Mobile Authenticator (Android)
This is a new policy to require finger print scan.
- When using mobile authenticator MFA Method, a required finger print pop-up will appear
- Policy to allow or disallow PIN Fallback
- iOS coming in the next release
Remediation Actions for Unreachable Devices
If a device is unreachable for X days, the following actions are available to admins:
3D Touch / App Shortcuts
Long press on the Centrify app icon will bring up:
- Send MFA Code (Mobile Authenticator)
- The last 2 apps used
- Notifications area
This feature is available for Both for iOS and Android 7.1+.
New policy for Samsung KNOX – Force GPS
Admins can now force managed Samsung KNOX devices to have GPS enabled. New policy is available here:
- Policies > Mobile Device Policies > Samsung KNOX Device Settings > Restriction Settings
The following apps have been updated:
- Windows Live
- Yahoo Mail
- My Adobe
- Juniper Pulse renamed to Pulse Secure
New Features - Centrify Privilege Service
Privilege Service On-Premises
- Centrify Agent for Windows is bundled with Privilege Service on-premises
- Accessible via Admin Portal > Downloads > Centrify Agents
Web Proxy Option - Centrify Agent for Linux
In this version we introduce the -p (--http-proxy) option for the cenroll command to specify a web proxy for Centrify Agent for Linux enrollment operations.
Using this option will update the agent.web.proxy.global and agent.web.proxy.order parameters of the /etc/centrifycc/centrifycc.conf file (ref:CC-42880)
Resolved Issues and Behavior Changes
The following list records issues resolved in this release and behavior changes.
- De-provisioning both a user and user’s manager at the same time in the NetSuite app now correctly de-provisions the user’s manager (CC-43569).
- The Internet Explorer browser extension now loads pages where there is no document.defaultView object (CC-43553).
- The Download Signing Certificate help tip now displays on IE in the WebEx SAML app (CC-42130).
- Samsung KNOX UMC enrollment is now initiated with the Chrome browser on Samsung KNOX devices (CC-43323).
- The IMEI is now displayed correctly for Android 6.0+ devices (CC-43164).
- A device no longer shows as enrolled in the Admin Portal if enrollment was cancelled before completion (CC-43731).
- The derived credential status no longer gets stuck at “pending” for devices running Android versions earlier than 7.0 (CC-43436).
- Manager and Subsidiary field values are now sent to NetSuite (CC-42932).
- Existing users are no longer overwritten by the Slack provisioning app if the option to keep existing users is checked (CC-42907).
- All phone numbers (office, home, mobile) are now synched by the Slack provisioning app (CC-37056).
- The Qmarkets provisioning app now supports the option to disable a user (CC-42967).
- If a role is assigned as a workflow approver, the name of the role member that approved is now displayed after the approval has been given (CC-43221).
- In the Google Apps for Work provisioning app, it is now possible to add a child Active Directory group for a synched Active Directory group (CC-39478).
- Sync records for rejected user cases are no longer deleted by the Office 365 provisioning app (CC-43514).
- All approvers on a Workflow request are now shown in the approval/rejection email to the affected user (CC-43171).
- The Role “Add Members” dialog no longer pre-fills the list of all available users to improve UI performance (CC-43291).
For security advisories and known issues, please see attached file.
For 17.1 Hot Fix 1 security advisories and known issues, please see attached file.
For 17.1 Hot Fix 2 security advisories and known issues, please see attached file.
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.