New Features - Centrify Application Service
- Box de-provisioning. Option to transfer content to admin account in addition to previously supported de-provisioning options.
- Password Complexity Settings. Adhere to NIST standard (NIST 800-63B).
- ADFS MFA Plugin (Beta only). Centrify’s MFA plugin for ADFS 3.0.
- SCIM server APIs. CRUD for user/group resources.
- Custom MFA Phone Messages. Allows the customer to customize the audio messages for phone calls related to MFA.
- Mandatory Setup of MFA (require end users to set up MFA). Allows administrators to force and ensure end users have setup required MFA factors at first portal login.
New Features - Centrify Endpoint Service
- iOS - Show a custom message on Lock screen: Device lock MDM command (Lock Screen action) supports custom message (both iOS/Mac) and Phone number (iOS).
New Features - Centrify Privileged Access Service
- Better support for just-in-time access with a new control to disallow permanent grant of permissions in the access request workflow
- Update to SSH library for improved security
Resolved Issues and Behavior Changes
The following list records issues resolved in this release and behavior changes.
- A count of MDM commands send to each device is now kept, there are separate counters for the current day and the current week. To report on a specific device:
Select DeviceId, Name, CommandCountToday, CommandCountThisWeek from Device
The count includes both MDM and client app commands such as Lock client app. The count is only incremented when the command is actually delivered to the app, so if a device is offline or has no connectivity the counts won’t be incremented even if they may have some pending commands (CC-62146).
- LDAP users in a group are now added to a Role that group is assigned to if the server is using a special identifier (CC-64534).
- Administrators can now set a customized message for phone call multi-factor authentication. Separate messages can be set for supported languages (CC-51720).
- The O365 app has been updated with the full set of correct license names (CC-63413).
- Users deleted in Active Directory are now synched with O365 and correctly removed (CC-62876).
- App policy now works for WS-Trust applications (CC-63632).
- Verifying SCIM provisioning in a custom SAML app no longer produces an exception error (CC-63602).
- It is now possible to save an Authentication Profile to a newly created custom SAML app (CC-63587).
- It is once again possible to manage apps in Munki – the manage column has been reinstated in the Admin Portal (CC-64227).
- The Inactive Users Report now correctly completes when the user’s language is set to French (CC-63414).
- A control has been provided for Privilege Access Service to turn on/off the “Permanent” workflow option for password checkout (CC-59489).
- With Privilege Access Service, discovery now finds local Linux accounts (CC-64307).
- Privilege Access Service administrators can now configure the command timeout for RoboTyper scripts when managing systems and network devices (CC-52388).
- Modifying Sets of systems no longer causes a syntax error (CC-64051).
- Cenroll can now add resources to a particular Set when the same name is used both for a server and a non-server object type (CC-63763).
- Privilege Access Service limited view users no longer require domain view permissions to use domain accounts (CC-58717).
For security advisories and known issues, please see attached file.
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.