New Features - Centrify Application Services (formerly known as Identity Services)
Multiple Security Questions
- Administrator can set policy enabling users to provide a bank of security questions
- Questions can be both Admin-Defined and User-Defined
- Administrator can set policy for minimum character length
- Number of security questions user must answer can now be defined under Authentication Profiles
- User is prompted to setup security questions in User Portal
- MFA using security questions will randomly select a security question from the bank of questions
Simplified SAML Configuration
Create Groups via Role Mapping
New Features - Centrify Endpoint Services
End-user Checkout for Mac LAPM Account
Install only iPad compliant apps on iPads
iOS Apps will only be deployed to compliant devices
- Based on the devices supported as identified by the app developer
- If an app is not supported on an iPhone or iPad, it will not deployed and will not show up in the Company Apps catalog
The following apps have been added to the catalog:
The following apps have been updated:
- Amazon Web Services (User/Password)
- Highfive (SAML)
- JIRA Cloud (SAML)
- G Suite (SAML+Provisioning)
New Features - Centrify Infrastructure Services (formerly known as Privilege Service)
Discovery of IIS Application Pool Identity
Resolved Issues and Behavior Changes
The following list records issues resolved in this release and behavior changes.
- A new Active Directory permission has been added for Privilege Service called “Add Account”. This permission is required for administrators that add managed or unmanaged Active Directory account passwords into Privilege Service. Existing users (even if they have the Privilege Service Administrator entitlement) will not be able to add Active Directory accounts until they explicitly add the permission under the target domain’s permissions tab.
- Search for apps in the User or Admin portals now uses “contains” style searching rather than “begins with”. Search will match a string as long as that string is contained within the app name (CC-54222).
- The SSO status of the device now shows correctly in the User Portal device details page (CC-36580).
- In-house iOS apps are now only shown in the Company Apps store on a device if they are compatible with the device. Universal apps are shown for all device types, but iPad apps are not shown for iPhones and vice versa (CC-33856).
- It is now possible to add users to roles, or invite users, by searching by first name or last name (CC-44032).
- Support has been added for OpenID Connect apps that do not support https. http URIs are now supported (CC-53010).
- Fingerprint authentication now works on Android devices after the device resume from the lock screen (CC-53006).
- The SharePoint Server app now allows external users to access via the App Gateway (CC-53369).
- The SharePoint OnPrem app now supports linked apps (CC-52744).
- The serial number for Centrify-provisioned derived credentials on Android devices is now shown. Previously they were only shown on iOS devices (CC-53665).
- The location of iOS devices is now correctly updated periodically, as well as when a location change occurs, when the policy is enabled (CC-53466).
For security advisories and known issues, please see attached file.
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.