This article describes planned changes for Centrify products and services on February 23rd, 2019 and applies to Centrify-only customers (as distinct from Idaptive-only, or joint customers) who subscribe to the Centrify Privileged Access Service (PAS). . The attached PDF file towards the end of this article can be used for end-user communications.
Overall Administrator Experience
As Centrify administrators, you can expect to see some minor cosmetic and functionality changes to the User Portal, Admin Portal, Centrify Browser Extension (CBE), and Centrify mobile application. Our overriding goal is to improve your experience and productivity by providing you with a unified experience -- all PAM-related functionality now being in one convenient place, making your life easier.
Access and management of all your resources is now handled via a unified interface to help streamline your workflow. As such, there is no distinct User Portal nor a corresponding Switch to User Portal option in the unified user interface. The default User Portal URL of the form: aap1234.my-test.acme.com/my will no longer function.All user functionality will now be through a unified Admin Portal as described below, with a PAS-relevant subset of User Portal capabilities migrated here for convenience. Likewise, all relevant notification banners will now appear in the unified Admin Portal.
Unified Admin Portal
The default portal URL of the form: aap1234.my-test.acme.com/manage will now default to the form: aap1234.my-test.acme.com/home.Previously, customers were able to give certain admins the ability to remotely log into servers but without login rights to the Admin Portal. This was achieved via login to the User Portal. For backward compatibility, these users may now be granted a minimal set of rights to log into the unified portal with limited access to the Workspace, User Preferences and Profile (see below for details). Users will see a new Centrify Privileged Access Service splash screen with links to a product Overview and a download link for the Centrify Connector.
Users will now see a simplified menu layout to improve your navigation, one that makes more sense given Centrify’s exclusive focus on PAS.
Some menu items such as Endpoints have been removed and other menu items renamed and/or recategorized. The images below show the before and after top-level menu items and as you can see, more common items are now conveniently located at the top level.
The table below summarizes the major changes:
|Pre-February 23rd Menu Items||Post February 23rd Menu Items|
|Pre-February 23rd Menu Items||Post February 23rd Menu Items|
|Replaced with a new Access menu item|
Core Services -> Reports is now its own top-level menu item
Apps -> Mobile Apps removed
Apps -> Web Apps now contains a reduced set of apps tailored to administrative use vs. end-user. Prior apps configured in User Portal are retained
|Infrastructure||Replaced with new Resources menu item|
Infrastructure -> Discovery item is now its own top-level menu item
Infrastructure -> Workspace is now its own top-level menu item
Downloads -> Mac agent removed
Downloads -> Mac Tools removed
Settings -> Customization is now Settings -> General
Settings -> Endpoints is removed
Settings -> Authentication -> FIDO U2F Security Keys moved to Access
Settings -> Authentication -> OATH Tokens moved to Access
Settings -> Authentication -> Derived Credentials is removed
Settings -> Network -> SafeNet KeySecure Configuration moved to Settings -> Resources
Settings -> Users -> Social Login removed
Settings -> Users -> Inbound Provisioning removed
Settings -> Users -> Outbound Provisioning removed
Settings -> Users -> Administrative Accounts is now accessed under Resources -> Domains
Settings -> Resources is a new menu item
Settings -> Enrollment is a new menu item
|The Web apps for Centrify will no longer support the Apps and End Point centric apps in the catalog.|
If you have previously configured Web Apps in the User Portal, for your convenience those same applications will be automatically migrated to the Apps -> Web Apps screen of the unified portal along with their configured permissions.
These applications can be launched via the Actions menu (or workflow-based Request to launch, if configured via the application’s Workflow tab) and will continue to function. Once deleted, these web apps if not available in the Centrify catalog , can no longer be added back.
Security, Devices, and Activity
|Access to your Security settings (password change, security questions, passcodes), Devices, and Activity data can now be found in the new Profile option under your account name.|
|This is also where you will add 2nd factors for multi-factor authentication (MFA), such as an OATH OTP Client|
The Workspace tab has a new widget called My System Accounts. Any local accounts (e.g., root on Linux) with a new Workspace Login permission box checked on it will be listed here
This is a convenience to customers who previously deployed System Accounts to users who only had User Portal access for remote login to servers.
Note that the Workspace Login permission replaces the legacy Portal Login permission.
Centrify Browser Extension (CBE)
The Centrify Browser Extension will be updated to the new Centrify Browser extension and will no longer have the following Application services functionality
CBE updates were previously notified and actionable only in the User Portal. Relevant notifications are now sent to the Apps -> Web Apps screen of the Admin Portal. This banner will show up when a new release of the CBE is available.
- Land and Catch
- Form fill
- App capture for the FireFox extension
Any new install of the CBE after February 23rd will receive the new Centrify Browser extension.
On-Premises Privileged Access Service
During upgrade, Centrify customers who have licensed the on-premises (customer-managed) version of the PAS will need to set an Advanced Configuration option to disable all the legacy portal features including access to the User Portal.This new Advanced Configuration key is called EnableNewCentrifyExperience. If the logged-in admin user sets this key to True, the Apps and Endpoints entitlement will be removed, the page reloaded, and the user will experience the new Centrify Admin Portal. THIS IS THE RECOMMENDED SETTING FOR ALL CENTRIFY-ONLY CUSTOMERSIf the key is not set, deleted, or set to False, the Apps and Endpoints entitlement will be added, the page reloaded, and the user will experience the legacy portal. However, please note that in the upcoming 19.2 release, the EnableNewCentrifyExperience setting will be forced.
Centrify Cloud Agent for Windows
In release 19.3, a new Centrify Windows Agent will be available from the Admin Portal (downloads). This cloud based agent can be used for MFA for servers and brokered authentication. For privilege elevation and auditing please install the Windows agent , from our download center: https://centrify.force.com/support/CentrifyDownload.