Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Centrify 17.3 Release Notes

11 April,19 at 11:50 AM

New Features - Centrify Identity Service


Updated Dashboards 


  • Dashboards have been improved with new loading indicator bar
  • “User Activity” dashboard has been renamed to “User Login Map”
  • Changes to Security Dashboard:
    • Dashboard now reflects denied events only
    • Successful events are now displayed in a new “User Logins” Dashboard




OATH Management Rights


OATH Management (add/delete) rights now available to Users with the following rights:

  • User Management (new)
  • Sysadmin (system generated Admin Role)




Policy to Display Password Expiration Notification on Mobile


New policy to control whether enrolled mobile devices warn user that password needs to be reset

  • Policies > User Security Policies > Password Settings

 policy to display password.png



Apple VPP v2 Support


Now supporting the latest features of Apple VPP (Volume Purchase Program)

  • License config is done per-app
  • Support both old “redemption code” method and new token method
  • For more information, please see the Apple VPP site





Preview: CIP Support for Windows


  • CIP Supports Windows 10 MDM
  • Desktops, Laptop, Surface, Tablet and Mobile
  • Policy to enable Windows Enrollment and Portal Prompt
  • Agentless enrollment
  • ZSO certificate deployed
  • Locate, Lock, Wipe, Reset Password
  • Please contact Centrify Support to enable this preview feature





The following apps have been added to the catalog:

  • Yardi eLearning (SAML)
  • Palo Alto Networks firewalls (SAML)
  • Subscribe HR (SAML)


The following apps have been updated:

  • BrainStorm QuickHelp (SAML)
  • Salesforce (Provisioning + SAML)
  • 15Five (SAML)
  • Dropbox (Provisioning + SAML)
  • Citrix ShareFile
  • Publix
  • RackSpace Cloud Control Panel
  • HootSuite
  • SendGrid
  • US Airways
  • DocuSign (user-password only)
  • ServiceNow (user-password only)
  • Hy-Vee


The following apps have been renamed:

  • Google Apps -> G Suite


New Features - Centrify Privilege Service


HP NonStop OS Support


Shared Account Password Management for:

  • SUPER.SUPER account
  • Alias accounts
  • User accounts


  • SSH Session access (shared account/manual login)
  • Requires SSH daemon and SafeGuard enabled

 CPS HP nonstop.png



New Entitlement – View Permission


  • Limits visibility of objects to users or role assignees
  • Allows for the enforcement of the least access/least privilege model
  • Enhances the capabilities of Sets (static sets can be used to set visibility)
  • Enhanced Permissions tab shows:
    • Who has access
    • What entitlements
      CPS New Entitlement.png
    • Inherited from what role(s)
      CPS new entitlement 2.png
  • Enhances the new “Privilege Service User” administrative right.



 Administrative Rights Changes


  • "Privilege Management (Limited)" is now called “Privilege Service Power User”
  • "Privilege Management" is now called “Privilege Service Administrator”
  • "Privilege Management (Portal Login)" is now called “Privilege Service User Portal”
  • A new administrative right “Privilege Service User” has been introduced to enforce least access administration

CPS administrative rights changes.png


Privilege Service User – UI 

  • Reduced Menus
    • PSU role will only see a reduced number of menus
    • No Dashboard, Database, etc.
  • Least Access
    • PSU role assignees can only see resources that have been explicitly granted view permission
  • Settings Tab
    • PSU role assignees will only see the local client preferences

CPS UI.gif



Local Client for RDP


  • Allows end-users to launch Windows Remote Desktop sessions using the local client (mstsc.exe)
  • This is the preferred method for high-performance and scalable RDP access
  • Uses the Centrify Connector as a proxy to connect to Windows resources
  • Optional Local Client Launcher for a streamlined experience

 Screen Shot 2017-03-13 at 3.00.26 PM.png



Centrify Agent for Linux


  • In CPS on-premises deployments, functionality has been added to check for back-end server version
  • This is to make sure the agent is compatible with newer functionality (e.g. sets, view permission, etc.)
  • Checks are performed during enrollment, startup and upgrade
  • A new CLI option for cinfo (--platform-version) has been added to manually check the version of the back-end CPS server



New  GA - Centrify Analytics Service


Analytics Service can be enabled for existing Centrify Identity Service / Centrify Privilege Service Customers.


Contact your sales representative for details. Analytics Portal will be part of the menu dropdown after this service is enabled.


analytics service ga.png


Real-time Access Insights 


  • Real-time toolkit for analyzing the access behavior of Apps and Infrastructure
    • 12 Widget Types
    • 7 Real-time Dashboards – Risk, User Experience, Endpoints, MFA, Resources, Apps, User Insights
    • Drill down for detailed analysis
    • Custom Dashboard Builder
    • Export / Import Dashboards
  • Uses Time, Location and Device Macro dimensions to analyze access behavior

real time access insights.png


Risk-based Access


  • Profile the behavior of a user and detect anomalies using machine learning. Authentication profiles can be triggered based on:
    • High Risk
    • Medium Risk
    • Low Risk
  • Integrates with existing Rules for Portal, App or Resource access

risk based access.png



Dynamic Events Explorer


  • Real-Time Events Explorer for administrators to investigate access anomalies/behaviors
  • Ability to Investigate the nature of an Anomaly
  • Real-time toolkit for exploring access behavior
    • Events Cross-filtering
    • Dynamic Widgets – over 12 included 
    • Custom query generator
    • Export / Import query




Resolved Issues and Behavior Changes


The following list records issues resolved in this release and behavior changes.


  • Standard variables that represent user properties can now be used in app restrictions in Android for Work. Currently supported variables are:

  • Administrators can now configure the attribute used for the user name sent to RADIUS for third party MFA configuration (CC-44919).
  • Can now re-register a Connector from the Connector configuration UI without having to restart the configuration UI (CC-44045).
  • The following Centrify Privilege Service administrative rights have been renamed:
    Privilege Management (Limited)  is now called  Privilege Service Power User
    Privilege Management  is now called  Privilege Service Administrator

    Privilege Management (Portal Login)  is now called  Privilege Service User Portal

    And a new administrative right  Privilege Service User  has been introduced to enforce least access administration.

    Roles granted the Privilege Service User administrative right will only be able to view the system menus that correspond to objects that they can access and the settings page will be limited to their local client preferences (CC-43925).
  • In this release only the following policies contribute to the policy compliance status calculation:
    iOS passcode
    iOS restriction settings
    KNOX device restrictions
    KNOX device security settings
    KNOX device password settings
    KNOX workspace container passcode settings
    KNOX workspace container restriction settings

    Location tracking enablement (excluding Admin location setting)


  • When a conflict is detected during a provisioning sync operation the correct UPN is now set for the user (CC-40777).
  • Zero Sign-On login from an enrolled iOS or Android device can now identify the enrolled device, this allows policies that restrict access only to enrolled devices (for example) to correctly determine a device’s access (CC-38798).
  • The Firefox browser extension install instructions have been updated to reflect new install steps (CC-31958).
  • System-managed groups have been removed from provisioning options for the Dropbox app as membership of these cannot be modified (CC-43906).
  • Corporate-owned devices can now be tagged as corporate instead of personal after self-service enrollment based on a serial number list of corporate-owned devices uploaded to the admin portal (CC-44277).
  • Apps launched through the app gateway are now correctly shown in the Frequently Used and Recent lists in the User Portal (CC-39239).
  • Exchange ActiveSync profiles now correctly show status, previously the status was always pending (CC-44465).
  • Report folders can now be deleted in the Admin Portal (CC-44286).
  • Full preview syncs with the Office 365 app in hybrid sync mode now correctly shows the number of synched, failed and skipped users and groups (CC-44461).
  • SMS enrollment invites are now sent in the language used by the user in the User Portal (CC-44787).
  • A policy script to block Microsoft.Exchange.MAPI has been added to the Office 365 app (CC-44204).
  • The “Items Up To Date” value is now correct after a sync failure (CC-44654).

In the device list the “Compliance” column now shows “Compliant” for compliant devices instead of a blank (CC-44476).


For security advisories and known issues, please see attached file.


Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.