Re: Centrify 18.6 Release Notes

Centrify 18.6 Release Notes

By ‎06-15-2018 02:09 PM

End-of-life notification

This section contains notifications for upcoming termination of apps, features or programmatic access (APIs):

  • Action Required – TLS 1.0 Deprecation

    As part of our mission to protect customers and align with PCI DSS standards, Centrify updated the minimum TLS protocol required to connect to the Centrify Cloud Platform from TLS 1.0 to TLS 1.1 as of 18.5. TLS 1.0 support will be deprecated when Centrify Cloud 18.6 is released. Connectors running on machines with Windows Server 2008 R2 or older must upgrade the Connector to version 18.5 prior to the release of Centrify Cloud 18.6 to avoid potential disruptions. Please see this knowledge base article for important details.

 

New Features - Centrify Application Services   

BambooHR: Support for In-bound provisioning

  • Seamless Provisioning of user information from BambooHR into ActiveDirectory
  • Configurable Provisioning Rules that enable:
    • Explicit Mapping of attributes between BambooHR and AD
    • Specifying AD group in which user can be created
    • Selective Provisioning of all users or a subset (business unit)
    • Periodic full sync or incremental syncs
    • Customizable Attribute Mapping via scripts
  • Deeper insight into provisioning status via Job Reports

bamboohr.gif 

 

ADP: Enhanced Support for SSO into WorkforceNow

  • Extend SAML SSO support for ADP’s portfolio to WorkforceNow, a suite of apps from ADP covering Payroll & Tax, Time and Labor Management, Employee Benefits and ACA for midsize businesses

     

  • Complete Centrify's SAML SSO support to all apps in ADP’s portfolio including ADP Portal, my.adp.com, Vantage HCM and WorkforceNow Enhanced Time

 

adp.png 

 

 

The following apps have been updated:

 

  • UltiPro (User / Password)
  • ADP (SAML)

 

 

 

New Features - Centrify Endpoint Services

 

iOS Mobile App Management Improvements

 

  • Customized App Install message identifies the customer as the one installing the app rather than the tenant URL
    Screen Shot 2018-06-11 at 11.13.59 AM.png
  • Configurable App Installation attempts:
    • Policies -> Endpoint Policies -> iOS Settings -> Application Management Settings
      Screen Shot 2018-06-11 at 11.14.08 AM.png
  • Set once globally for all mobile app installations (required apps only)

 

 

Centrify Mobile Device Enrollment Improvements

 

  • New option allows user to select Company vs. Personal ownership during enrollment
  • Option to set default device ownership
    Screen Shot 2018-06-11 at 11.14.52 AM.png
  • Support for hyperlinks in the enrollment welcome screen
    Screen Shot 2018-06-11 at 11.15.04 AM.png
  • Streamlined device enrollment for iOS 11.3 and newer devices leveraging SFSafariViewController in enrollment
    mobile enroll.gif
  • Rooted Android device detection is now possible even when Magisk is used to hide detection

 

 

New Features - Centrify Infrastructure Services 

  

Privileged Access Service

 

New System Discovery Engine

 

  • The new discovery engine provides added capabilities:
    • Modular architecture: allows for additional types of discovery in different contexts (AA, system, etc.) using in a common framework.
    • New system discovery that allows for multiple types of approaches: AD or Port Scan.
  • Management Flexibility
    • “Actions” have broadened to support PAS strengths including “Add to set”
    • Discovery credential management.
    • Excluded systems (blacklist) management.
  • Extensible Framework

 system discovery 2.png

 

 

SailPoint IdentityIQ Integration – PAS Access Request

 

  • 18.6 starts the first phase of integration with SailPoint IdentityIQ.
  • With the SailPoint integration you can:
    • Onboard PAS objects (systems, accounts) as assets.
    • Use SailPoint IdentityIQ to manage the workflow lifecycle (request, approve, trace... etc.) for secure access or password checkout to PAS.

sailpoint PAS.png 

 

 

Privileged Access Service - Customer Hosted

 

Evaluation Mode

 

  • This option provides the ability to run Privileged Access Service (customer hosted) in a single node configuration without High-Availability.
  • This significantly reduces the complexity of evaluation pre-requisites.

PAS eval.png 

 

 

 

New Features - Centrify Core Services

 

Improved Language Support

 

Administrators can define Default Language by Policy in User Account Policy.

 

Users can change their language in User Portal under Account

  • User choice will override default policy

Bulk import to a Role that defines language

 

Platform honors the AD Preferred Language attribute

  • Centrify attribute will override what is stored in AD
  • Centrify does not update the AD Preferred Language attribute

Centrify Language Support

  • User Portal: 18 languages
  • Admin Portal: 10 languages

 

language.png 

 

New Features - SIEM and ServiceNow Integrations

 

Support MSP Use Case – Early Access

 

  • MSPs can now support multiple Centrify customers on one ServiceNow tenant
  • MSP support for all 4 Applications:
    • App Access Request
    • Privileged Access Request
    • Password Reset
    • Identity Service 

  

Support “Request” from ServiceNow 

  • Approve workflow request based leveraging existing CHG Request
    • If the ticket is approved within ServiceNow, access is fulfilled
    • If the ticket associated with the request isn’t approved, then go through the workflow engine within ServiceNow

 

Resolved Issues and Behavior Changes

 

The following list records issues resolved in this release and behavior changes.

 

  • A new policy has been added for default message language. By default, the language used is the message sender’s language setting (i.e. the language setting for the administrator that caused the message to be sent), but that can be overridden to a specific language by setting the policy (CC-51721).
  • Advanced script capabilities have been added to all SAML applications, previously this was only available on some SAML applications (CC-55466).
  • When enrolling devices, if PKI certificates are defined by Active Directory group policy to be downloaded, three certificates are now sent: root CA, user CA and issuing CA. This matches the behavior when PKI certificates are defined in a cloud policy (CC-57705).
  • An error is no longer shown when a user with read-only management right enters the Partner Management page (CC-58426).
  • Emailed reports no longer show an error if a relative date type is set (CC-57562).
  • Network unavailable is no longer shown on an iOS device using Safari when launching a bookmark app that has a mobile authenticator profile, with the MFA approval step on the same device (CC-58453).
  • Phone numbers for newly enrolled Android devices are now correctly shown in the Admin Portal (CC-58622).
  • Resolved an issue whereby some iOS native apps would continuously prompt for update due to two different version numbers inside the app (CC-58652).
  • Administrators can now block access from the Centrify mobile app to various domains in the firewall policy for Android devices. Individual domains can be blocked in the domain deny rules – denying all will still allow the mobile app to access the Centrify cloud (CC-58029).

 

For security advisories and known issues, please see attached file.

 

 

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.

Comments
By
on ‎06-26-2018 11:31 AM

Changes for Maintenance Release (hot fix) 1

 

  • Resolved a UI issue with the built-in reports name and description displaying with an "I18N" on the report detail page (CC-58844).
  • This hot fix also includes the first release of the 18.6 Centrify mobile app for Android and accompanying Samsung KNOX 2 in-container app.
By
on ‎07-05-2018 10:33 AM

Changes for Maintenance Release (hot fix) 2

 

  • Resolved an issue whereby LDAP users, from a customized LDAP deployment, attempting to login would receive an unknown user error (CC-60152).
  • Massive numbers of user change events no longer cause lock contention and delay in the update of groups and roles (CC-60130).
  • Resolved an issue where users were repeatedly prompted to update apps on iOS devices despite the apps being the latest version (CC-59983).
By
on ‎07-19-2018 09:58 AM

Changes for Maintenance Release (hot fix) 3

 

  • Resolved an issue where users were repeatedly prompted to update the Slack app on iOS devices despite the apps being the latest version (CC-60607).
  • DEP- and VPP-enrolled iPhones no longer receive multiple prompts that the Centrify mobile app for iOS is not up to date (CC-60494).
  • Resolved an issue whereby MFA challenges and invites via Twilio were not being received by users (CC-60593).
Showing results for 
Search instead for 
Do you mean 

Community Control Panel