11 April,19 at 11:50 AM
In our 16.6 Centrify Identity Service release we are introducing a new Centrify Agent for Macs specifically geared to enhancing management for Macs enrolled in the Centrify Identity Service in the cloud. This new agent will serve as a foundational component for Centrify to deliver additional Mac management capabilities beyond what we can currently accomplish without an agent. This first release of the new Centrify Agent for Mac will deliver the following features and improvements
Enabling Mac Enrollment and the new Mac Agent
The new Centrify Mac agent replaces our existing web enrollment for Macs. This feature is optional and can be enabled in our cloud policy by enabling Mac enrollment. Users can be prompted to enroll their Macs whenever they visit the user portal from a Mac that is not currently enrolled.
An Important Note for Already Enrolled Users
If you have a Mac that was previously enrolled for management with the Centrify Identity Service without the new Centrify Mac Agent, upon running the new agent you will see a message that says you are already enrolled. The user will need to unenroll first before proceeding with the new agent enrollment. This step of unenrolling can be initiated by the end user as a part of the new agent, or via the user portal or admin portal as a device action. See the screen shot below for what the user will see when the agent is run.
Centrify Mac Agent End User Experience
(Note: You can see a video capture of the end user experience of the enrollment process here: https://www.youtube.com/watch?v=W4UJ3tumBQA)
If you have enabled the policy to prompt users to enroll their device, the next time they visit the Centrify User Portal from a Mac they will see the following:
If the user chooses to proceed with enrollment, they will be reminded that this is intended for personal systems only and not intended for shared systems.
Upon continuing with the enrollment process, the new Centrify Mac Agent will be downloaded to the user’s system in the form of a .dmg file.
Once they have completed the download and run it they will begin the new enrollment process. The user will be asked to enter their username and password and any additional factors of authentication required. This will follow the same rules that apply for the user to access the Centrify User Portal.
Upon successful authentication, the user will be asked if the accept the EULA, and would like to proceed with enrollment. The user will be prompted to enter credentials for an administrative account in order to complete the enrollment.
Once enrollment has completed, there is just one more step required to configure Safari appropriately to leverage the newly provisioned ZSO certs (Zero Sign-on).
Once enrollment has completed the user will notice the management profiles and certificates under the “Profiles” section of System Preferences.
Once complete the user will have a new application installed which is a shortcut to the Centrify User Portal and one for the Centrify Apps for enterprise Apps. Following these shortcuts and or accessing any other applications that federate authentication to the Centrify Identity Service should result in access without the need for additional authentication, unless the application or portal has been specifically configured to require MFA. This experience will be true for Safari, Chrome and Firefox browsers.