Updated August 12, 2021
New Features for Centrify Vault Suite
Force Password Check-In
With Vault Suite 21.5, users are able to force the check-in of a password that is currently checked out by another user.
This is useful when the user who originally checked out the password forgot to check it back in, making it inaccessible. This avoids having to wait until the checkout window expires or the user manually checks the password back in.
This is achieved by rotating the password on the checked-out account, which will clear the check-out flag making it available again for check-out.
Improved Report Sharing and Management
With this update, the reports feature no longer uses a folder structure to contain individual reports. This brings consistency with the way all other objects are displayed and handled.
CLI Commands Without Admin Rights
This new feature allows users to run CClient CLI commands such as cgetaccount and csetaccount without having to log in as "root".
Before this version, Centrify CLI commands required root privileges to run as they would communicate with the platform using the machine credential. With 21.5, it is now possible to run CLI commands in a regular user context – which will prompt the user for credentials that will be used to authenticate against the Platform.
Notice of discontinuation
- It is now possible to set / edit a system’s VpcIdentifier. Previously the VpcIdentifier was set automatically on EC2 discovery and the VPC information was shown on the Details page, however for systems that were added manually that are in a VPC there was no way to set the VpcIdentifier. There is now a VPC Identifier field on a system’s Settings tab that can be set as needed.
- All Cloud Suite packages (Linux and Windows) have been updated in this release to match those supplied with Centrify Server Suite release 2021.
- With this release we have dropped browser extension support for Microsoft Internet Explorer version 11 due to Microsoft end-of-life-ing the product and to improve the security posture of the cloud service.
- With this release support for TLS 1.1 has been fully deprecated from Centrify cloud products, including mobile apps. Only TLS 1.2 and above are now allowed.
- This release includes the final release of self-hosted Privileged Access Service. Customers using self-hosted Privileged Access Service should migrate to using Hyper-scalable Privilege Access Service.
Changes for Hot Fix 1
- Resolved an issue where in some cases after the 21.5 back end upgrade the Reports tab was missing from the PAS Portal (301523).
- Improved performance when a system is deleted from PAS (300292).
The following list records issues resolved in this release and behavior changes.
- By default, strict transport security (HSTS) is now turned on in IWA Web server response in the Connector service. There are two new registry settings that control HSTS:
1. EnableHSTS values 0/1 default 1 (on)
2. HstsAge integer default 31536000
- The pg_restore script in self-hosted Centrify Privilege Access Service can now accept ‘[‘ in passwords (CC-78637).
- Custom OpenID Connect apps can now be created in self-hosted Centrify Privileged Access Service and Hyper-scalable Privilege Access Service (CC-78116).
- Performance has been improved in Hyper-scalable Privilege Access Service when there is a large number of sets defined (CC-78350).
- Set-based permission now works when enrolling a system that was added via discovery (CC-78425).
- A new configuration parameter is supported by cedit, agent.autoedit.disabled, to disable auto-editing of NSS and PAM configuration files. The default is false (CC-76049).
- Selecting LDAP users in reports no longer causes bad HTTP request errors (CC-78076).
- The Centrify Android app has been updated to correct aspect ratio issues in the mobile authenticator (CC-78724).
- Resolved an issue with local administrative account provisioning on UNIX/Linux machines. It is again possible to select a discovered UNIX/Linux machine and select “Provision Local Administrative Account” as an action (CC-78598).
Self-hosted Centrify Privileged Access Service
- Windows Server 2012r2, Server 2016, Server 2019
Hyper-scalable Centrify Privileged Access Service
- Windows Server 2012r2, Server 2016, Server 2019
Centrify Clients for Linux
- Windows Server 2016, Server 2019
Client for Red Hat 6:
Client for Red Hat 7 (ARM architecture):
- Red Hat Enterprise Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
- CentOS 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
- Fedora 33, 34
- Oracle Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
- Amazon Linux 2 Latest Version
Client for SUSE 12
Client for Debian 9
- 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
Client for Alpine Linux 3
Client for CoreOS
Centrify Client for Microsoft Windows
- Debian 9.0 – 9.13, 10.0 – 10.9
- Ubuntu 18.04LTS, 20.04LTS, 21.04
Windows PAS Remote Access Kit
- Windows 10 LTSB/LTSC, Windows Server 2012r2, 2016, 2019 LTSC
Centrify app for Android
- Windows 10, Server 2012r2, Server 2016, Server 2019
Centrify app for iOS
- Android 5 (API level 21) and later
(Tested systems and devices for Privileged Access Service are listed in the documentation)