New Features - Centrify Identity Service
Custom user attributes can now be stored in the Centrify Directory.
- Attributes can be stored for users regardless of the user’s source directory (AD, LDAP, Centrify, Google, Federated User, B2C user)
- Attributes can be used in SAML attributes
- Attributes can be used in MFA
- Attributes can be used in Reports
For companies who use Workday and want Workday to be the system of record for user identities.
- Workday --> Active Directory
- Once in AD, users are visible to Centrify through the connector.
Inbound Provisioning will create and update users in AD.
Writing to AD requires privilege:
- Domain Admin, or
- Enterprise Admin
Platform now stores Admin Accounts in order to write to AD. Centrify Privilege Service and AD are supported.
Search Added to OATH Tokens Page
Admins can now search for a specific OATH Token for easier management.
- This is helpful when the admin needs to delete a token because:
- User loses token
- User leaves the organization
Force Fingerprint for Mobile Authenticator (iOS)
Policy to require fingerprint read is now supported on iOS:
- Anytime using mobile authenticator MFA Method, a required fingerprint pop-up will appear
- Policy to allow or disallow PIN Fallback
Centrify Analytics Service Limited Public Beta
Centrify Analytics Service is now available for beta testing in production tenants on cloud.centrify.com. Features include:
- Real-time Access Insights
- Risk-based Access
- Dynamic Events Explorer
Please email email@example.com to inquire about participation in the beta program.
The following apps have been added to the catalog:
The following apps have been updated:
- OfficeSpace (SAML)
- Red Hat support (customer portal)
- Zendesk (provisioning)
New Features - Centrify Privilege Service
User-defined Sets of Resources and Accounts
Persistent named sets of resources and accounts
- User defined
- Operate on a set to act on all its members
- E.g. set permissions for a user on all the servers in a set
- Complete UI visibility of how users inherit permissions
- Static and dynamic sets
- Dynamic sets use a query to automatically update members
Resolved Issues and Behavior Changes
The following list records issues resolved in this release and behavior changes.
- A new field InternalDeviceType has been added to the device enroll event, returning a device type identifier (I for iOS, A for Android, M for Mac and W for Windows) for device enroll events with 17.2 or later. Using this field in queries with device enroll events prior to the 17.2 release will not return a valid response (CC-44777).
- DeviceId has now been added as a common property to all events, it is set if available when the event is posted (CC-44310).
- On devices enrolled using Android for Work, all of the applications associated with a user’s role now show on a single page (CC-44283).
- Choosing to email a built-in application report now emails the report (CC-44862).
- The built-in report User Provisioning for Office 365 now shows provisioned users (CC-43619).
- The Modify action has been removed from the Office365 domains section as it had no function (CC-43887).
- Administrators now have the right to see device locations for devices with location tracking enabled without requiring a separate permission to be granted (CC-44579).
- Added four new attributes to the OfficeSpace SAML app template – first_name, last_name, email and name (CC-43840).
- The help tips for sync options have been corrected in the provisioning UI (CC-41814).
- A search function has been added for OATH tokens in settings (CC-44193).
- Email and Exchange policies now show compliance status on Android devices (CC-43253).
For security advisories and known issues, please see attached file.
For 17.2 Hot Fix 1 security advisories and known issues, please see attached file.
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.