Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Centrify 21.2 Release Notes

26 February,21 at 03:52 PM

New Features

  • Privilege elevation for CClient – Phase 1 (preview #2)
    This release includes the second preview of the first phase of privilege elevation support for Centrify CClient. This preview adds the following features:

    - Workflow support. A distinct approver list can be specified for each privilege elevation policy. If no distinct approver list is specified in the policy itself, the default approver list set up for the system is used.

    - Auditing of PAS events. PAS events are generated whenever privilege elevation policy is defined / modified or deleted using the UI or via a REST API, or when a policy change fails. The event includes the command being executed, the user who made the change, the timestamp and a description of the change.

  • VM management for AWS (Preview)
    With many enterprises moving applications to the cloud, PAS is now expanding to support the discovery, inventory of cloud VMs. PAS will show all of the VMs running on the cloud provider and keep the inventory updated as existing VMs are deleted or new VMs are created.

    In addition, Single Sign-On to cloud VMs using enterprise identities (no shared local account) are also supported. Policies can be defined in PAS for who can do remote access to which VMs and who can run privilege commands on which VM machines. Auditors can find out who have remote access rights to VMs running in the cloud. Users can log in to VMs using PuTTY, SecureCRT, RoyalTS, mRemote, etc.

    This first preview supports VMs running in EC2 instances in AWS and can be enabled for your tenant by request.

  • Different password rotation policy for different local accounts and Active Directory accounts in a domain

    Different accounts often need different password rotation frequencies and complexities based on the privilege each account has. For example, an administrator account might need to be changed every 30 days but regular users might be allowed 90 days. It is now possible to create a unique password rotation policy and complexity to a set of local and domain users.


The following list records issues resolved in this release and behavior changes.

  • To prevent issues in enterprises that have a group policy enabled to block execution of unsigned scripts, all PowerShell scripts in the Hyper-Scalable Privileged Access Service package are now signed (CC-76803).
  • Old connectors that did not track the state of SSH or RDP configuration now consistently show them as enabled by default on the connector configuration page and network page (CC-77214).
  •  The documentation for the UpdateResource REST API has been updated to note that Name, FQDN and ComputerClass are required parameters. Previously the documentation had stated that these were optional (CC-75696).
  • When uploading secrets, dragging a folder would occasionally create multiple folders of the same name. Now a single folder is created as expected (CC-75882).
  • With the Linux agents, an empty /etc/centrifycc/user.ignore file will no longer fail login to the system for all users with all login methods (CC-77279).
  • New users can now log in for the first time when configured to use phone as an MFA factor (CC-76462).
  • Web and native RDP login now allows Unicode characters in the account name, password and system name (CC-75484).

Notice of discontinuation
  • In the 21.3 release support for TLS 1.1 will be fully deprecated from Centrify cloud products. Only TLS 1.2 and above will be allowed.
  • With the 21.5 release we are planning to drop browser extension support for Microsoft Internet Explorer version 11, due to Microsoft end-of-life-ing the product and to improve the security posture of the cloud service.

Supported Platforms

Centrify Connector

  • Windows Server 2012r2, Server 2016, Server 2019

Self-hosted Centrify Privileged Access Service

  • Windows Server 2012r2, Server 2016, Server 2019

Hyper-scalable Centrify Privileged Access Service

  • Windows Server 2016, Server 2019

Centrify Clients for Linux

Client for Red Hat 6:
  • Red Hat Enterprise Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1
  • CentOS 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 8.0
  • Fedora 30, 31
  • Oracle Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9
  • Amazon Linux AMI 2017.09, 2018.03
  • Amazon Linux 2 2017.09, 2018.03
Client for Red Hat 7 (ARM architecture):
  • 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1
Client for CoreOS
  • Latest stable release 2345.3.0

Client for SUSE 12
  • SUSE 12, 15

Client for Debian 9
  • Debian 9
  • Ubuntu 16.04LTS, 18.04LTS, 18.10, 19.04

Centrify Client for Microsoft Windows

  • Windows Server 2012r2, Server 2016, Server 2019

Windows PAS Remote Access Kit

  • Windows 10, Server 2012r2, Server 2016, Server 2019

Centrify app for Android

  • Android 4.4 (API level 19) and later

Centrify app for iOS

  • iOS 11 and above

(Tested systems and devices for Privileged Access Service are listed in the documentation)



Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.