Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Centrify 17.2 and 17.2 Hotfix 1 Release Notes

11 April,19 at 11:50 AM

New Features - Centrify Identity Service

 

Extensible Directory 

 

Custom user attributes can now be stored in the Centrify Directory.

  • Attributes can be stored for users regardless of the user’s source directory (AD, LDAP, Centrify, Google, Federated User, B2C user)
  • Attributes can be used in SAML attributes
  • Attributes can be used in MFA
  • Attributes can be used in Reports

 

extensible directory.gif

  

 

Inbound Provisioning

 

For companies who use Workday and want Workday to be the system of record for user identities.

  • Workday --> Active Directory
    • Once in AD, users are visible to Centrify through the connector.

 inbound provisioning.gif

 

Administrative Accounts

 

Inbound Provisioning will create and update users in AD. 

 

Writing to AD requires privilege:

  • Domain Admin, or
  • Enterprise Admin

Platform now stores Admin Accounts in order to write to AD.  Centrify Privilege Service and AD are supported. 

 

administrative accounts.gif

 

 

Search Added to OATH Tokens Page

 

Admins can now search for a specific OATH Token for easier management.

  • This is helpful when the admin needs to delete a token because:
    • User loses token
    • User leaves the organization

 

 

 OATH.gif

 

 

Force Fingerprint for Mobile Authenticator (iOS)

 

Policy to require fingerprint read is now supported on iOS:

  • Anytime using mobile authenticator MFA Method, a required fingerprint pop-up will appear 
  • Policy to allow or disallow PIN Fallback

 

FingerPrint.png

 

 

Centrify Analytics Service Limited Public Beta

 

Centrify Analytics Service is now available for beta testing in production tenants on cloud.centrify.com. Features include:

  • Real-time Access Insights
  • Risk-based Access
  • Dynamic Events Explorer

 

Please email analyticsbeta@centrify.com to inquire about participation in the beta program.

 

analytics.png

 

 

The following apps have been added to the catalog:

  • Interact (SAML)

 

The following apps have been updated:

  • OfficeSpace (SAML)
  • Red Hat support (customer portal)
  • Zendesk (provisioning)

 

 

New Features - Centrify Privilege Service

 

User-defined Sets of Resources and Accounts

 

Persistent named sets of resources and accounts

  • User defined
  • Operate on a set to act on all its members
    • E.g. set permissions for a user on all the servers in a set
  • Complete UI visibility of how users inherit permissions
  • Static and dynamic sets
    • Dynamic sets use a query to automatically update members

 

 CPS.png

 

 

 

Resolved Issues and Behavior Changes

 

The following list records issues resolved in this release and behavior changes.

 

  • A new field InternalDeviceType has been added to the device enroll event, returning a device type identifier (I for iOS, A for Android, M for Mac and W for Windows) for device enroll events with 17.2 or later. Using this field in queries with device enroll events prior to the 17.2 release will not return a valid response (CC-44777).
  • DeviceId has now been added as a common property to all events, it is set if available when the event is posted (CC-44310).
  • On devices enrolled using Android for Work, all of the applications associated with a user’s role now show on a single page (CC-44283).
  • Choosing to email a built-in application report now emails the report (CC-44862).
  • The built-in report User Provisioning for Office 365 now shows provisioned users (CC-43619).
  • The Modify action has been removed from the Office365 domains section as it had no function (CC-43887).
  • Administrators now have the right to see device locations for devices with location tracking enabled without requiring a separate permission to be granted (CC-44579).
  • Added four new attributes to the OfficeSpace SAML app template – first_name, last_name, email and name (CC-43840).
  • The help tips for sync options have been corrected in the provisioning UI (CC-41814).
  • A search function has been added for OATH tokens in settings (CC-44193).
  • Email and Exchange policies now show compliance status on Android devices (CC-43253).

 

 

 

For security advisories and known issues, please see attached file.

 

For 17.2 Hot Fix 1 security advisories and known issues, please see attached file.

  

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.

Attachments:
17.2-Release-Notes-Known-Issues.pdf
.pdf

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleCentrify 16.12 & 16.12 Hotfix 1 Release Notes articleCentrify 17.4 and 17.4 Hotfix Release Notes articleCentrify 17.6 and 17.6 Hotfix Release Notes articleCentrify 17.5 and 17.5 Hotfix Release Notes articleCentrify 18.10 Release Notes articleCentrify 17.1, 17.1 Hotfix 1 & Hotfix 2 Release Notes