New Features - Centrify Identity Service

New UI

Identity Service and Privilege Service admin portals have been merged.

• Vertical navigation to support more tabs
• Cross-product capabilities now grouped under “Core Services”
  
  
• Privilege Service specific capabilities grouped under “Infrastructure”
  
  
• Grouped tabs can be collapsed
  
  
• Tabs / Quick Start Wizard steps appear based on entitlement
• Caching for better performance

User Portal has been refreshed.

Managed Device Policy

Easily limit access to Apps and Infrastructure to trusted devices (managed devices)

• Now available as conditions in our rules builder:
  • Login Authentication Policy
  • App/Resource Policy
• No longer requires a policy script

Managed Device = device under management by Centrify (MDM), or a 3rd party (based on presence of a certificate).

Password Reset Confirmation Email

Improved security by sending email to user whenever password is changed:

• Password Reset (login UI)
• Password Change by User in the User Portal
• Password Change by Admin via Set Password action in Admin Portal

Admin must enable at tenant level

• Settings > Authentication > Security Settings
  

Local Admin Account Password Management for Mac

Unique admin password for each Mac

• Vaulted in CPS
• Rotated on schedule
• Policy driven account creation
• Policy to specify account name
  
  
• Automatic take-over of existing account
• “Checkout” for authorized admins
  
  
• Role must explicitly have the “Device Management All” right
  
  

 The following apps have been added to the catalog:

• Provisioning support for Workplace by Facebook app
• JIRA Cloud (SAML)

The following apps have been renamed:

• Facebook at Work  -->       Workplace by Facebook
• Adobe EchoSign     -->       Adobe Sign 

The following apps have been updated:

• dobe Sign
• Yahoo Mail
• Igloo (app icon only)
• AVG CloudCare
• QuickBooks Online
• EMC
• Redhat Support (Customer Portal)

New Features - Centrify Privilege Service

AD Account Unlock

• Provides administrator-assisted AD account unlock or automated unlock on CPS operations
• Another use for the domain’s “Administrative Account”
• A New Entitlement “Unlock account” at the domain level allows manual unlocks
• Policy at the domain level allows for automatic unlocks on privilege session or password checkout

Manual Multiplex Account Password Rotation and Swap

• Accelerates the ability to demonstrate password management for Services
• Prior to 17.5, it was not possible to rotate the password of any of the 2 physical AD account that make multiplex account
• The new behavior allows for the rotation of the account that is not in use
• Admins can push the password and Privilege Service does the rest

New Features - Centrify Analytics Service

Download Default Dashboards

Select any number of default dashboards to export. Anyone can upload these dashboards into Analytics Service to customize the default dashboard.

Analytics Service Usage Dashboard

This dashboard helps you understand who’s using the Analytics Portal and provides you it’s usage insights.

Added Table View for Insights Widgets

Dashboard Widgets can now to toggled to display data in table view.

Resolved Issues and Behavior Changes

The following list records issues resolved in this release and behavior changes.

• In addition to the new user experience in 17.5, numerous changes have been made to improve the responsiveness and performance. Two changes should be significantly faster:
  • When changing main navigation tabs that display grids, if the tab has been opened before in this session it should display very quickly the second and subsequent time it is accessed.
  • Search and sorting results on main navigation tabs that display grids is also cached, so repeating a search or sort a second time in a session will provide the results quickly.
• Inbound provisioning with Workday now supports setting a date when the user should be created, with the default date of the user’s start date. Previously users were always created on the user’s start date (CC-45723).
• A confirmation email can now be sent to a user after a successful password reset. This option is off by default, but can be enabled in Settings>Authentication>Security Settings (CC-46035).
• Managed device status (i.e. is or isn’t a managed device) can now be used in auth rules for application access (CC-45765).
• When disabled users are deleted in Active Directory they are now correctly deleted from Office 365 if the deprovisioning rule User Deleted in Active Directory > Delete Office 365 Object Account is set to cause it (CC-47436).
• The reset password option is now present for Samsung devices that do not support Android for Work profiles (CC-47067).
• IdP metadata now lists all supported NameID formats (CC-46853).
• The link in the SMS invite for device enrollment for iOS devices now correctly directs users to the App Store to download the Centrify app (CC-46743).
• When IWA is triggered a random Connector will now be chosen. Previously all but one of the Connectors could be chosen due to a math error, meaning that in forests with two Connectors, one was always being chosen (CC-46162).
  
   

For security advisories and known issues, please see attached file.

For 17.5 Hot Fix 1 security advisories and known issues, please see attached file.

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.