New Features - Centrify Application Services
SAP SuccessFactors: Support for In-bound provisioning
- Seamless Provisioning of user information from SAP SuccessFactors into ActiveDirectory
- Configurable Provisioning Rules that enable:
- Explicit Mapping of attributes between SAP SuccessFactors and AD
- Specifying AD group in which user can be created
- Selective Provisioning of all users or a subset (business Unit)
- Periodic full sync or incremental syncs
- Customizable Attribute Mapping via Scripts
- Deeper insight into provisioning status via Job Reports
Delegated Administration for Apps via Sets
Ability to create a set of Apps (or delete) through the Admin portal by either selecting Apps manually, or via a dynamic script
Ability to specify permissions for a user, group or role to Grant, View, Edit and Delete the Set of Apps
Ability to review recent activity on a set
The following apps have been updated:
• Sydney Morning Herald (User name / Password)
• JIRA Server (SAML)
• Webex (User name / Password)
• DocuSign (User name / Password)
New Features - Centrify Endpoint Services
Delegated Administration for Endpoints via Sets
- Endpoint administrators can now create and manage custom sets of Endpoints, beyond the built-in sets
- Assign policies to admin-defined sets of Endpoints
- Ability to specify permissions for a user, group or role to Grant, View, Edit and Delete sets of Endpoints
- Note: For this release, sets of Endpoints will not include dynamic sets defined as the result of a query
Certificate Auto Renewal for iOS, Android & Mac
- Certificates are now automatically renewed
- Effective for all mobile policies leveraging certificates including Email, WiFi, VPN and ZSO certificate
- Renewal request starts when 20% of the certificate lifetime is left
Time Bound Workflow Approval on Mobile
- Workflow approval for Infrastructure Services now supports time bound access
- Previously, approvers could only approve or deny access permanently
- Now approvers can provided a window of time where access is allowed, matching what can be done via the browser
- Flexibility to choose permanent or windowed access regardless of the request type
New Features - Centrify Infrastructure Services
Privileged Access Service
Centrify Agent for Linux – CoreOS Support
- Centrify Agent for Linux now supports CoreOS. Key capabilities include:
- Brokered Authentication
- Ability to register the container directly on Privileged Access Service
- This feature will be released with samples via Centrify GitHub to facilitate demos, evaluation and deployment scenarios
Enhanced Password Generation Rules
- New Password Rules:
- Restrict the number times a given character can appear in a password
- Restrict the minimum number of alphabetic characters that can appear in a password
- Restrict the number of non-alphabetic characters that can appear in a password
- Accommodates additional rules implemented in systems such as IBM AIX
- 18.7 Includes the following performance optimizations:
- Password Checkout Performance
- RDP and SSH Session Performance
Remote Access Kit – Host Trust Verification
- Remote Access Kit allows a PAS user to use their local SSH (PuTTY) or RDP (Microsoft Remote Desktop Client) to initiate privilege sessions
- With 18.7, the Remote Access Kit has been enhanced to support host trust verification
Privileged Access Service - Customer Hosted
Windows Server 2016 Support
- Privileged Access Service (Customer Hosted) was launched last year with support for Windows Server 2012 R2.
- Customer Hosted installation now supports the current version of Windows Server (2016)
Resolved Issues and Behavior Changes
The following list records issues resolved in this release and behavior changes.
- Unassigned users in a provisioning group from Workday are no longer synched to an Active Directory “test” group (CC-57998).
- Tagging a SAML app in the User Portal no longer generates an error (CC-54368).
- The Dynamic CRM plug-in now works using WS-Trust (CC-60305).
- New default load sample scripts are supplied in the Source to Target tab for Workday inbound provisioning (CC-57792).
- Report names can now include the pound (“#”) symbol (CC-54880).
- The Export Reports and Email Reports commands have been restored to the option drop down in My Reports (CC-59978).
- The Samanage app configuration documentation has been updated (CC-59414).
- Users with the User Management right now have the right to update the policy needed to invite users (CC-60184).
- Users now need the Application Management or Read Only System Administration right in order to see the job history list (CC-60191).
- Previously any systems with port 135 (DCE/RPC) open were discovered by the Privilege Access Service as Windows computers. HP-UX have this port open by default and are now correctly discovered as HP-UX (CC-60104).
- Users are no longer prompted for a certificate to use when attempting to Zero Sign On when using an external Certificate Authority but with no Certificate Authorities available (CC-59389).
- It is now possible to select more than one department in the Source Selection Rule for inbound provisioning (CC-60062).
- The Trace function now functions correctly in an Office 365 advanced script (CC-58773).
- Iterating in a SAML script through users who are members of a large number of groups no longer produces an exception (CC-59099).
- Calculation of the date for the next discovery run for the Privilege Access Service is now correct (CC-58627).
For security advisories and known issues, please see attached file.
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.