Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Centrify 17.2 and 17.2 Hotfix 1 Release Notes

11 April,19 at 11:50 AM

New Features - Centrify Identity Service


Extensible Directory 


Custom user attributes can now be stored in the Centrify Directory.

  • Attributes can be stored for users regardless of the user’s source directory (AD, LDAP, Centrify, Google, Federated User, B2C user)
  • Attributes can be used in SAML attributes
  • Attributes can be used in MFA
  • Attributes can be used in Reports


extensible directory.gif



Inbound Provisioning


For companies who use Workday and want Workday to be the system of record for user identities.

  • Workday --> Active Directory
    • Once in AD, users are visible to Centrify through the connector.

 inbound provisioning.gif


Administrative Accounts


Inbound Provisioning will create and update users in AD. 


Writing to AD requires privilege:

  • Domain Admin, or
  • Enterprise Admin

Platform now stores Admin Accounts in order to write to AD.  Centrify Privilege Service and AD are supported. 


administrative accounts.gif



Search Added to OATH Tokens Page


Admins can now search for a specific OATH Token for easier management.

  • This is helpful when the admin needs to delete a token because:
    • User loses token
    • User leaves the organization






Force Fingerprint for Mobile Authenticator (iOS)


Policy to require fingerprint read is now supported on iOS:

  • Anytime using mobile authenticator MFA Method, a required fingerprint pop-up will appear 
  • Policy to allow or disallow PIN Fallback





Centrify Analytics Service Limited Public Beta


Centrify Analytics Service is now available for beta testing in production tenants on Features include:

  • Real-time Access Insights
  • Risk-based Access
  • Dynamic Events Explorer


Please email to inquire about participation in the beta program.





The following apps have been added to the catalog:

  • Interact (SAML)


The following apps have been updated:

  • OfficeSpace (SAML)
  • Red Hat support (customer portal)
  • Zendesk (provisioning)



New Features - Centrify Privilege Service


User-defined Sets of Resources and Accounts


Persistent named sets of resources and accounts

  • User defined
  • Operate on a set to act on all its members
    • E.g. set permissions for a user on all the servers in a set
  • Complete UI visibility of how users inherit permissions
  • Static and dynamic sets
    • Dynamic sets use a query to automatically update members






Resolved Issues and Behavior Changes


The following list records issues resolved in this release and behavior changes.


  • A new field InternalDeviceType has been added to the device enroll event, returning a device type identifier (I for iOS, A for Android, M for Mac and W for Windows) for device enroll events with 17.2 or later. Using this field in queries with device enroll events prior to the 17.2 release will not return a valid response (CC-44777).
  • DeviceId has now been added as a common property to all events, it is set if available when the event is posted (CC-44310).
  • On devices enrolled using Android for Work, all of the applications associated with a user’s role now show on a single page (CC-44283).
  • Choosing to email a built-in application report now emails the report (CC-44862).
  • The built-in report User Provisioning for Office 365 now shows provisioned users (CC-43619).
  • The Modify action has been removed from the Office365 domains section as it had no function (CC-43887).
  • Administrators now have the right to see device locations for devices with location tracking enabled without requiring a separate permission to be granted (CC-44579).
  • Added four new attributes to the OfficeSpace SAML app template – first_name, last_name, email and name (CC-43840).
  • The help tips for sync options have been corrected in the provisioning UI (CC-41814).
  • A search function has been added for OATH tokens in settings (CC-44193).
  • Email and Exchange policies now show compliance status on Android devices (CC-43253).




For security advisories and known issues, please see attached file.


For 17.2 Hot Fix 1 security advisories and known issues, please see attached file.


Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.