End of life notification

This section contains notifications for upcoming termination of apps, features or programmatic access (APIs):

 

Termination of v1 REST API support

 

Why are we doing this?

 

• Centrify introduced the v2 enrollment APIs with the 17.2 release to support setting of additional resource-related information during enrollment. This new version is a superset of the original v1 enrollment APIs. As the Centrify Agent for Linux and Mac agents have been using the v2 APIs since 17.2, we are now planning to disable the old v1 enrollment APIs in 18.10.

 

Who will be affected?

 

• Customers who deploy Centrify Agent for Linux/Mac agents.
• Customers who develop their applications using the following REST APIs: ServerAgent/Register, ServerAgent/Enroll, ServerAgent/EnableFeatures

 

What steps do I need to take?

 

• If you deploy Centrify Agent for Linux/Mac agents, upgrade to the latest version of Centrify Agent for Linux/Mac.

 

If you develop applications using the REST APIs:

 

• Change your code to call the corresponding V2  REST API (e.g.,  ServerAgent/RegisterV2, ServerAgent/EnrollV2, ServerAgent/EnableFeaturesV2).

 

What happens if I do nothing?  What errors or issues am I likely to see?

 

• If you have deployed older versions of Centrify Agent for Linux/Mac agents, existing enrolled agents will continue to work, however new features will not be available.
• After the Centrify Identity Platform is upgraded to 18.10, once the agent is unenrolled it cannot re-enroll again.  You MUST upgrade the agent to re-enroll.
• If you have developed applications using the REST APIs, the REST API call will fail with an error.
   

 

New Features - Centrify Application Services   

MFA Redirect

• Allows  admins  or  users  with  multiple  accounts  potentially  in  different  domains  to  ensure  that  he  or  she  can  use  MFA  from  one  account,  namely  the  one  they  have  logged  into  the  Centrify  app  on  their  mobile  phone.
• Administrators  can  redirect  MFA  notifications  for  a  given  account  to  be  sent  to  another  account.
• For the account where the redirect is enabled and set, all subsequent notifications will be sent to the account specified.
• The user should be able to use an OTP code or Mobile Authenticator from the phone associated with the account that has been targeted for MFA notifications.
• Administrators can use policy to allow end users to be able to set their own MFA redirection.
• If enabled for a given user or set of users, the user will find the option to configure MFA redirect in the user portal under the Account page under the information about their phone.

  • •  

      

       

       

Centrify Browser Extension Enhancements

• Apps that leverage the Centrify Browser Extension can be launched directly from the browser's CBE menu: 
• To access applications from CBE:
  1. Install Centrify Browser extension for your browser.
  2. Sign-in with your username and password.
  3. Click on the CBE to select applications to launch.

All 4 major browsers supported (IE, Chrome, Mozilla & Safari). 

• 1. •  

        

        

        

SAML Script Editor

 

• The  editor  now  includes  inline  hints,  autocomplete,  and  onscreen  help  to  make  it  easier  for    customers  to  write  SAML  scripts.
• SAML  script  methods  appear  in  hints  and  can  be  used  with  autocomplete.
• On-screen  documentation  of  methods  and  variables  is  provided.

 

 

 

DevOps Application Category

 

• This  new  applications  category  in  the  apps  catalog  enables  customers  to  easily  set  up  SSO  for  popular  DevOps  CI/CD  apps.
• To  add  DevOps  applications  to  your  app  catalog:
  1. Login  to  Centrify  portal  as  administrator.
  2. Navigate  to  Apps  tab  and  click  “Add  Web  Apps”.
  3. DevOps  category  will  be  show  in  the  list  of  categories.

 

 

 

AWS CLI Utilities

 

• Centrify now offers Python and PowerShell CLI utilities for both admins and users to access Amazon Web Services (AWS) by leveraging Centrify Identity Services.
• Customers  have  the  option  to  download  the  AWS  utilities  from  the  user  portal  under  application  settings.
• A  new  tab  was  also  added  to  the  download  page  in  the  Admin  Portal  called  “CLI  Tools”  from  where  the  AWS  CLI  tools  can  be  downloaded.
• Official  documentation  to  setup  and  operate  also  available.

 

 

Time-based Workflow for Mobile and Desktop

 

• Customers  can  now  reduce  risk  by  requesting  and  granting  access  to  apps  only  during  a  given  time  window.
• Under workflow tab in the Apps section, you can select “Windowed”assignment type and specify start and end times.
• Approver can either accept requested window or modify.

 

  

 

 

 

The following catalog apps have been updated:

• • • • Jira Server (SAML)

 

 

New Features - Centrify Endpoint Services   

  

Delegated Administration

• Customers  can  now  implement  policy  sets  for  endpoints  and  mobile  devices  ensuring  that  endpoints  /  mobile  devices  are  being  added  to  and  removed  from  sets  dynamically,  based  on  changes  to  the  attributes  of  the  device.
• An  Administrator  can  define  specific  policy  sets  by  device  attributes  that  would  automatically  update  if  any  of  those  attributes  were  to  change.
• For  example,  Macs  can  have  a  specific  policy  and  if  that  endpoint  were  to  turn  off  FileVault  the  policy  would  be  updated  automatically.

 

 

• The Administrator can then go into Endpoints, select the dynamic set and see the endpoints that meet that query.

 

 

 

Office 365 Conditional Access

• An Administrator can limit access to Exchange o365 by recognizing whether the device is recognized as managed by the Centrify MDM solution.

 

 

• Conditional  access  for  apps  is  an  existing  feature  and  works  for  all  apps/browsers  that  support  cert  based  authentication.
• This  release  adds  cert  based  authentication  for  the  Outlook  app.
• Including  the  ability  to  install  a  ZSO  certificate  on  a  Samsung  device  to  support  this  feature.

 

 

 

 

New Features - Centrify API Services

New Documentation Updates (available 10/6/2018)

• AWS CLI installation guide: https://developer.centrify.com/docs/aws-cli
• AWS Powershell Utility v10: https://developer.centrify.com/docs/aws-powershell-utility-v10
• Authorization (Auth) Code Flow: https://developer.centrify.com/v1.2/docs/auth-code-flow

 

 

Resolved Issues and Behavior Changes

 

The following list records issues resolved in this release and behavior changes.

 

• To improve security, Forgot Password now completes the entire forgot password process for users that do not exist (CC-59842).
• The App Gateway tab now appears for on-premises SAML apps for users with read-only administrator permission. Previously read/write administrator permission was required (CC-62356).
• TLS 1.1 and 1.2 are now enabled by default on devices running Android 4.1 – 4.4 (CC-62436).
• The manager field can now be set for a normal SCIM user as well as an enterprise user (CC-60545).
• Third party VPN profiles now show correctly on the security tab (CC-62281).
• Mobile applications are now no longer installed automatically when associated with a role created prior to release 18.7 and automatic deploy is unchecked (CC-61763).
• Enrollment via QR code now works for iOS 12 (CC-61793).
• The Centrify mobile app for iOS no longer repeatedly prompts for a PIN (CC-61732).
• Mobile devices are now correctly tagged as corporate when the serial number is imported after the device is enrolled (CC-60193).
• Devices no longer unenroll unexpectedly when the device incorrectly reports the Centrify mobile app is uninstalled while it is in the update process (CC-61044).
• The change password tab no longer shows in client settings after the enrolled user has been locked (CC-60890).
• On Privilege Access Service workflow, the default time bounding is now updated after being changed by approver 1 (CC-59858).
• The discovery history page for Privilege Access Service now loads while a system discovery job is running (CC-61359).

 

Changes for HF1

 

• Connector LDAP queries for custom attributes are improved (CC-62898)

 

Changes for HF2

 

• Fixed an issue with display of Role membership. The Role members list is empty even if users are assigned to the role. (CPSSUP-473)
• Slow user provisioning for both full and incremental jobs has been improved. (CISSUP-4452, CISSUP-4431, CC-62998)
• User changes for large groups reported to cloud have improved use of caching. (CC-62658)
• Fixed an error presented when selecting a previously discovered service in the Admin Portal. (CC-61466)

 

Changes for HF3

 

• Fixed an issue with performance during bulk enrollment of mobile devices. (CISSUP-4560)

 

 

For security advisories and known issues, please see attached file.

 

 

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.