Privileged Access Request application update for ServiceNow’s New York release
The ServiceNow integration for PAS enables IT users to request temporary or permanent access to the specific systems or network devices they need to manage, checkout the password, or request a new role assignment associated with a specific resource from the ServiceNow asset management database. This release updates the certification of the integration for the most recent ServiceNow release, New York.
Documentation enhancements for integrating with Okta and Azure Active Directory Identity Providers
Integrations with Identity Providers can allow for federated user authentication from other directory sources into Centrify Privileged Access Service. This release will include documentation on how to configure SAML-based single sign-on for integrating the Privileged Access Service with both Okta and Microsoft Azure Active Directory.
End of life notification
This section contains notifications for upcoming termination of apps, features, programmatic access or device support.
In this release 19.5, the minimum supported iOS version has been raised from 10.0 to 11.0. Devices running an iOS release prior to 11.0 are still able to access Privileged Access Service using the Centrify mobile app from a previous release; however newer features introduced after the mobile app was introduced will be unavailable (CC-69019).
The following list records issues resolved in this release and behavior changes.
Starting with release 19.5, newly provisioned Centrify tenants will be using new tenant URLs in this format, <tenant>.my.centrify.net.
Here are a few UI changes: (1) Reports are now under Builtin Reports -> Resources, (2) Import tab is available on Web Apps page, (3) Export tab is also available (CC-67432).
The time format on the workflow approval screen is changed to 24-hour format from 12-hour format (CC-67605).
Web apps launched in admin portal are now launched in their own new tab (CC-69861).
The following features are available: (1) an end user can set which device should receive notification via the Profile UI, (2) an admin user can see a default report showing all registered devices, (3) an admin user can perform actions (Unregister Device) on the registered devices via the report, (4) an end user can perform actions on one's registered devices via the Profile UI (CC-67502, CC-67503).
Local client support for RDP and SSH is now available on Mac (CC-65810).
'Use My Account' feature is now available to federated users (CC-67069).
Partner Federation now also works with AD domain that is already registered as a login suffix (CC-68358).
Fixed a bug that fingerprint is not working on Samsung 9.0 device (CC-67605).
Fixed a bug that OATH OTP verification fails if MFA is enabled (CC-67930).
Fixed a bug that 'Use My Account' feature does not work with sshd for OpenSSH version 7.8p1 or above (CC-68056).
Fixed a bug in UK keyboard mapping on RDP web client (CC-68112).
Fixed a bug that allows Domain Local Group being added to Role in PAS (CC-68272).
Fixed an intermittent bug that the first MFA prompt does not work on iOS client (CC-68490).
Fixed an intermittent bug that "Sync all apps" fails with an unhandled exception (CC-68884).
Fixed a bug that vaulted account password is not expiring in a rare race condition (CC-69335).
Fixed a bug that the command csetaccount returns with non-zero error code even in a successful execution (CC-69394).
Fixed a bug that fails to add Sybase Database in PAS (CC-70175).
Fixed a bug that adding a Centrify Directory User to a tenant fails with error saying, "The request failed with unhandled error." (CC-70204).
Changes for Hot Fix 1.
The value of the Secret field is now preserved when 'Map federated user to existing directory user' is changed from Disabled to Optional or Required for an existing Partner Management configuration (CC-70367).
When a federated login is initiated from the Service Provider, the username on the Identity Provider is automatically populated (CC-69617).
Changes for Hot Fix 2.
Fixed a bug where a Privileged Access Service user might get an error message "Storage layer exception occurred" if there exists permission conflict (CC-70699).
Changes for Hot Fix 3.
Federation session length control is now supported with a tenant configuration setting (CPSSUP-859).
Changes for Hot Fix 4.
Resolved a vulnerability issue in the Reports tab (CC-71662, CC-71764).
Resolved a vulnerability issue in the Web Applications tab (CC-71848).
Resolved a vulnerability issue in the Policies tab (CC-71852, CC-71862).