Centrify 18.8 Release Notes

Centrify 18.8 Release Notes

By on ‎08-17-2018 03:34 PM - last edited ‎09-24-2018 07:27 PM

End of life notification

This section contains notifications for upcoming termination of apps, features or programmatic access (APIs):

 

Termination of v1 REST API support

  • Why are we doing this?
    Centrify introduced the v2 enrollment APIs with the 17.2 release to support setting of additional resource-related information during enrollment.  This new version is a superset of the original v1 enrollment APIs. As the Centrify Agent for Linux and Mac agents have been using the v2 APIs since 17.2, we are now planning to disable the old v1 enrollment APIs in 18.10.
  • Who will be affected?
    • Customers who deploy Centrify Agent for Linux/Mac agents.
    • Customers who develop their applications using the following REST APIs: ServerAgent/Register, ServerAgent/Enroll, ServerAgent/EnableFeatures
  • What steps do I need to take?
    • If you deploy Centrify Agent for Linux/Mac agents, upgrade to the latest version of Centrify Agent for Linux/Mac.
    • If you develop applications using the REST APIs:
      • Change your code to call the corresponding V2  REST API (e.g.,  ServerAgent/RegisterV2, ServerAgent/EnrollV2, ServerAgent/EnableFeaturesV2).
      • Contact Centrify Support
  • What happens if I do nothing?  What errors or issues am I likely to see?
    • If you have deployed older versions of Centrify Agent for Linux/Mac agents, existing enrolled agents will continue to work, however new features will not be available.
      • After the Centrify Identity Platform is upgraded to 18.10, once the agent is unenrolled it cannot re-enroll again.  You MUST upgrade the agent to re-enroll.
    • If you have developed applications using the REST APIs, the REST API call will fail with an error.

New Features - Centrify Application Services   

Dome9 SAML App in the App Catalog

  • Dome9 delivers full visibility, control and faster time to protection as organizations scale in AWS, Azure and Google Cloud environments.
  • A new SAML App for Dome9 has been added to Centrify's App Catalog, simplifying Dome9 integration for SSO.

dome9.png

 

Password Complexity and History Enhancements

  • New Password History Policy ensures that passwords can only be changed after a minimum configured password age (default is 0 days).
  • Self-Service Password Reset Policy limits the number of forgotten password resets within a time window (default is 10 days).

password complexity.png  

 

 

Centrify Browser Extension Enhancements

 

  • The settings tab within the Centrify Browser Extension now has the following abilities:
    • Sign In
    • Set preference to open apps in new tab
    • Configure the portal host name
    • Export Diagnostics logs

cbe.png

 

 

The following apps have been added to the catalog:

 

  • Dome9 (SAML)

 

The following apps have been updated:

  • Brainstorm QuickHelp (SAML)
  • Eat Club (User / Password)
  • Cognology (SAML)

 

The following apps have been renamed:

  • Ace of Sales --> Outstand

 

  

Resolved Issues and Behavior Changes

 

The following list records issues resolved in this release and behavior changes.

 

    • With self-hosted Infrastructure Service, if there is an existing database folder prior to a restore operation, it is renamed and the restored data will be placed in a new folder that has the correct database folder name (CC-60616).
    • Apostrophes are now correctly handled in email addresses in workflows (CC-61544).
    • The inbound provisioning sync report no longer shows UnexpectedUserSyncException when synching AD users. You must update to the 18.8 connector in order to use the revised code (CC-60349).
    • Mobile apps marked for Automatic Install in the Admin Portal are now shown as “Recommended” on mobile devices rather than “Optional” (CC-60865).
    • When enrolling an Android device in Android for Work DO mode, checksum errors are no longer seen (CC-56928).
    • The “Uninstall this app if the app is unassigned from the user” policy has been revised to prevent unexpected automatic uninstall of apps from mobile devices (CC-60347).
    • SCIM provisioning now allows users to be added to Salesforce (CC-60678).
    • The sysadmin role no longer has Automation Deploy and Run permissions by default for all apps (CC-60135, CC-59392).
    • The timestamp for an iOS device’s location is now correctly updated after using “Find Now” in the User Portal, even if the device has not changed location since the last shown location (CC-59992).
    • SAML metadata import now works on IE (CC-54410).
    • It is now possible to upload SP metadata XML to a SAML app (CC-58762).
    • On older Android devices shortcuts are now still available after switching to kiosk mode (CC-60958).
    • With mobile devices, when there are multiple approvers for a workflow, prior approvers in the chain are shown on the approval screen for later approvers (CC-59832).
    • The connector now correctly determines the Active Directory forest based on the forest it was registered against, not the forest that the user registering the connector was logged in against (CC-59922).
    • Users with read-only admin permission can now view APNS details and VPP settings page for iOS (CC-60743).

 

Changes for hot fix 1.

 

    • Android 9 devices can now be successfully enrolled (CC-61936, CISSUP-4347).
    • Apostrophes are now correctly handled in email addresses in workflows (CC-61544).
    • URLs are re-added for catalog and custom SAML apps for Federation (CC-62009, CISSUP-4358).
    • The CreateUsers API has been extended to add ExtData (extended data attributes) functionality (CC-61830).
    • The domain account can now be entered for the “Port Scan” type’s discovery profile for Centrify Privilege Access Service (CC-61908).
    • Error now prompted when an invalid password is entered for an administrative account in the domain settings page for Centrify Privilege Access Service (CC-61585).
    • Error now prompted when the password for an administrative account is set by a user that does not have “Add Account” permission for Centrify Privilege Access Service (CC-61170).

 

Changes for hot fix 2.

 

    • Slow API response times issue has been improved (CISSUP-4366).
    • Outlook stops prompting for zso and becomes unmanaged preventing login on iOS and Android devices after user password change (CISSUP-4356).
    • Loading time for admin dashboards has been improved (CISSUP-4289).
    • A configuration has been added for limiting the amount of data shown in a dashboard (CC-62491).
    • TcpRelay BeginWriteWithStream is updated for using the correct stream in all cases (CC-62446).
    • Resolves issue with AsyncTcpConnection, causing TcpRelay read exceptions and reconnects (CC-62406).
    • Resolves an issue on iOS devices where user credentials are not updated resulting in MSFT Authenticator error after a user performs password change (CC-62289).
    • Resolves error 'Download failed(HTTP result 500: internal server error)' when install munkiimport apps/iOS/Android inhouse apps (CC-62186).

 

Changes for hot fix 3.

 

    • Additional improvements have been added to address slow API response times (CISSUP-4407).
    • Performance improvements have been added for reloading user role membership with a large number of direct users when viewing user details in the Admin Portal (CC-62484. 
    • Issue related to backend stale cache error is now resolved (CC-62573).

 

Changes for hot fix 4.

 

    • Additional improvements have been added to address slow API response (CISSUP-4168).

 

For security advisories and known issues, please see attached file.

 

 

Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.

 

Showing results for 
Search instead for 
Do you mean 

Community Control Panel