Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Centrify 17.4 and 17.4 Hotfix Release Notes

11 April,19 at 11:50 AM

New Features - Centrify Identity Service

 

Support using DN for Cert Subject Alternative Name 

 

Certificates generated from tenant CA will use DN for SA

  • Customer request – many VPN and WiFi devices use this parameter for the username
  • Old method was to use the UPN

 

ZSO on Android without MDM (SSO only mode)

 

ZSO can now function on Android when not using MDM (SSO Mode)

  • This applies to Android only – iOS uses external cert
  • External Certs for “is Managed” do not work on Android – enroll Centrify client in SSO mode

  

Support Split Screen Multi-tasking in iPad Pro

 

Centrify app can now be used in split-screen mode with the iPad Pro.

 

 splitscreen.png

 

  

Policy to Limit Device Enrollment to Corporate Owned

 

New policy to limit enrollment to corporate devices

  • Do not use Sets with a deny policy to limit corporate enrollment

 

limitdevice.png 

 

 

Mobile UI Improvements for Notifications

 

  • Better display and swipe to delete functionality
  • Both iOS and Android Apps have been updated

 

 

 mobileUI.png

 

 

Centrify Agent for Mac 17.4

 

  • Moved from a .app in 16.12 to a .pkg in 17.4
  • Manual update only
  • Automatic update coming soon after 17.4
    macagent1.png
  • Added "Enroll On Behalf Of Another User"
    macagent2.png
  • Allows an admin user to enroll another user
    macagent3.png

 

Mac App Management (powered by Munki & AutoPkg)

 

munki1.png

 

  • Old Method Deprecated but still supported
    munki2 - oldmethod.gif
  • Policy to enable Managed Software Center installation (AKA Munki Client)
    munki3 - policy to enable.png
  • Centrify Munki & AutoPkg admin tools in the Download Center
    munki4 - centrify munki and autopkg.png
  • Run munkiimport on an enrolled Mac (requires App Management rights)
  • Munki Apps Automatically imported leveraging ZSO
  • New App type for Munki Apps
    munki5 - zso.gif
  • Application details automatically populated
  • Assignment can be done through User Access or through Munki command line
  • AutoPkg will automate the population of the App catalog via Recipes
    munki6 - application details.gif
  • Enrolled Macs securely authenticated via ZSO cert
  • Silent installation of automatic apps
  • Catalog of optional apps with categories
  • Rich App Store like Enterprise App Store

 

 

The following apps have been added to the catalog:

  • WordPress

 

The following apps have been removed from the catalog:

  • US Airways

  

The following apps have been updated:

  • MangoApps
  • Twitter
  • AWS (provisioning + SAML)
  • Concur (provisioning + SAML)
  • ServiceNow (provisioning + SAML)
  • BrowserStack
  • Formstack

 

New Features - Centrify Privilege Service

 

Access Request for Privilege Roles

 

  • Allows the use of CPS as a workflow engine for CSS resource roles
  • Ideally used for temporary access control to individual systems
  • Requesters are AD users, the approval chain can contain any type of CIP users
  • Permanent, Temporary and Windowed assignments can be requested with approver override
  • Support for documenting ticket numbers
  • Canned reports to demonstrate “documented approvals”

 cps.png

  

Resolved Issues and Behavior Changes

 

The following list records issues resolved in this release and behavior changes.

 

  • AssertionConsumerServiceIndex is now supported in SAML app advanced scripts to allow choice of which ACS URL a SAML response will be sent to (CC-45125).
  • Some jurisdictions’ privacy laws do not allow user location to be tracked or displayed, so a configuration option has been added to allow Centrify Support to disable map and location tracking on a per-customer basis, based on customer request (CC-45760).
  • Provisioning job reports have been improved with updated section titles and section order. In addition, the status reported for various issues has been changed as follows:
    • User rejected by script was in “user already synced or not updated” and is now in “user skipped”
    • Sync user without email was in “user already synced or not updated” and is now in “user failed”
    • Sync user with invalid email was in “user already synced or not updated” and is now in “user failed”
    • Deprovision user scenario “do not de-provision selected” was not shown, now in “user skipped”
    • Deprovision deactivated user “do not de-provision selected” was not shown, now in “user skipped”
      (CC-45399, CC-44926).
  • Hybrid flow is now supported for OpenID Connect apps for the following flows: “code id_token”, “code token” and “code id_token token” (CC-40656).
  • A policy has been added to Container Settings > Restriction Settings to allow Samsung devices capable of KNOX 2.5 and above to permit use of USB by apps inside the KNOX container (CC-43425).
  • The display of the Mobile Authenticator on devices is now controlled by the following policy: Mobile Device Policies > Common Mobile Settings > Security Settings > Show Mobile Authenticator by Default (CC-44270).
  • Both policy rules and default profile for per-app policy, and VPP can now be set by users that have only the Application Management right (CC-43779, CC-45403).
  • Support has been added for multiple versions of an in-house Android app, with role membership determining which version is made available to a particular device (CC-43131).
  • Google has rebranded “Android for Work” as “Android Management” and this change is reflected in 17.4 (CC-44164).
  • Enrollment notification date/time now shows in local time, previously it was shown in UTC (CC-43938).
  • The policy compliance status is now shown correctly for Samsung KNOX devices (CC-45512).
  • App gateway launch events are now included in the user activity report (CC-45266).
  • Enabled support for TLS 1.1 and 1.2 to both cloud and Connector (CC-44120, CC-46930).

 

 For security advisories and known issues, please see attached file.

 

For 17.4 Hot Fix 1 security advisories and known issues, please see attached file.

For 17.4 Hot Fix 2 security advisories and known issues, please see attached file.

For 17.4 Hot Fix 3 security advisories and known issues, please see attached file.

For 17.4 Hot Fix 4 security advisories and known issues, please see attached file.

  

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.

Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles