Highlights of 14.5-14.6

By Centrify Advisor III on ‎08-29-2014 02:57 PM

Our 14.7 release is right around the corner...and I just realized that we haven't posted any updates regarding 14.5 and 14.6.  Let me bring you up to speed on what we've added to the product, and I promise I will stay on top of this for future releases.  I'm not going to bore you talking about every little featue; but, I do want to bring you up to speed on a few new ones.


Frist, from my last post I had mentioned that we were going to be making our provisioning feature available as a "preview release."  I'm happy to say that the customer testing of that preview release feature went very well, and provisioning is now generally available in the product for the following applications:


  • Box
  • Google Apps for Business
  • Office 365
  • Salesforce
  • Zendesk

This is an area where we will continue to invest and will be adding provisioning support for more apps with each release!


We've also improved our app management capabilities as follows:


  1. We've added support for applications using NTLM, IWA and HTTP Basic authentication.  This is enabled through a new app template (app templates can be found by typing "Generic" into the search bar in the App Catalog). 
  2. We've added support for cloning apps.  This feature facilitates depolying similar apps requiring minor modifcations to the app configuration.
  3. We've added support for exporting/importing apps.  This enables you to export the app configuration from one tenant and import it into another (e.g. for customers with separate production and test environments).



We've also added a couple of new features/policies based on customer demand:


  1. Our multi-factor authentication policies now support a user-defined security question as a second factor.
  2. We have added a policy control enabling you to specify if end-users can add personal apps to their user portal.

As you might have noticed, we upgraded User Suite on May 31st to version 14.4.  While I’m excited about the features mentioned in the announcement sent last week, I’m more excited about the work that’s been done on the preview release of our “provisioning” feature.  In case you are wondering, provisioning (also referred to as user provisioning) is the process of creating a user account in a target application for which our product provides single sign-on.


We have received tremendous positive feedback regarding the usability and design in the Centrify User Suite. This is a real testament to our UX and UI design teams, product managers and talented engineers who work tirelessly (literally) to provide the best possible experience to our customers and end-users. But just because our customers like what they have doesn't mean that it can't be improved. To that end there are a number of enhancements and design updates that are coming in 14.2. 


The first is an overhaul of the general look and feel to give it a more streamlined and corporate look. We have toned down the ammount of color that is used, made better use of screen real estate and generally tightened things up. Here is a quick peek at the user portal with its brand new clothes:




We have not changed the functionality, so there is no need to retrain your users. Think of this as more of a haircut and a shave...:)


We have provided a similar update to the Cloud Manager admin portal:




Notice how we have improved the ammount of information that you can see on the screen and rearranged the order of the tabs on the top to highlight the most commonly used and important tabs. In particular, notice the Dashboards tab has been moved first and we have created a brand spanking new dashboard that give you an at a glance view across users, apps and devices:




Many thanks to the design and engineering teams at Centrify who are not resting on the success that Centrify has seen, but continues to pursue a better user experience and improved effiency for both IT and end users of the Centrify User Suite. 



2014.1 ( 14.1 ) - What's New

By Community Manager Community Manager on ‎03-07-2014 06:01 PM - last edited ‎03-08-2014 10:33 AM

What is new in this release? 


Centrify for Mobile

  • Centrify has added support for device level KNOX VPN configuration which support FIPS modes
  • New Centrify Apps (14.1) will be available on the Apple store and Google Play store.
  • Please refer to the release notes for additional information after the update.

Centrify for SaaS


  • Centrify Policy Service – This is a major enhancement to the Centrify User Suite enabling IT to manage device policies entirely in the cloud. Centrify now provides the ability for both Users and Devices to be managed from either the Cloud Service or Active Directory based on the configuration options chosen by the Administrator. Centrify Policy Service will support full device management for iOS, Android and Samsung devices including management for Samsung KNOX containers. New Bulk upload wizard to populate many users in Centrify User Service
  • Support for Dutch Language
  • We now have more than 2000 Apps in our Catalog
  • Please refer to the release notes for additional information after the update. 

Centrify provides the industry's tightest integration of SaaS applications with Active Directory, without replicating your precious Active Directory data to the cloud - and out of your control. This has been a great benefit as you can cost effectively deliver SaaS single sign-on and security without adding costly new infrastructure and staff since you are using existing skillsets and processes already familiar with Active Directory. 


Customer's love our class-leading AD integration. But there are legitimate use cases where not all users who need access to SaaS application exist in your on premise Active Directory.


In the 13.9 release of the Centrify User Suite we are extending the Centrify User Service to help you manage users centrally from either Active Directory or in the Centrify Cloud (or both at the same time!) We still don't replicate your AD data to the cloud, but we are giving you the flexibility to store additional user accounts and manage them through the same unified interface.


Creating a user is simple, navigate to the user tab in the Centrify Cloud Manager and click on New CUS (Centrify User Service) User:




Fill out the relevant detail and click Save:




And now you will see in your use list a new user that exists only in the Centrify Cloud Service:




You can treat this user the same as any other AD based user by adding them to Roles, examining their Activity and granting them access (through their role membership) to applications.


NOTE: In addition to the new ability to add Centrify Cloud users to roles, we have also added the ability to add other roles to roles (nested roles). This allows you to manage new grouping and mix and match AD users and Centrify Cloud users.


I look forward to hearing about the neat use cases for with you use the new Centrify User Service. 



Centrify for SaaS 13.8 is a very significant release milestone. In addition to cool features like tenant rebranding, nested roles, support for hundreds of new applications, hundreds of fixes and enhancements - Centrify is excited to introduce MultiFactor Authentication.


As an SSO as a Service offering, it makes perfect sense that you would want to be as cautious as is reasonable in allowing access to so many applications protected only by a username and password. In 13.8 we are releasing the first of several capabilities to enforce more than a single username/password authentication factor.


After the feature is released, you will notice only a minor change in the way users log in until you configure MFA. Instead of being prompted for your username and password, you will be prompted first for your username (so that we can see what authentication factors you need to supply) then you will be prompted for your password (the only factor required by default.)


To configure MFA, log into cloud.centrify.com/manage and navigate to Settings ==> Authentication. Here you will see a configuration screen for MFA:




Let's take a look at the options:


By default, no MFA is required. This is referred to as the Normal MFA policy. If you want all users to use more than just their username and password, regardless of what device or network they are using, you can select additional Authentication Mechanisms which I will discuss a bit further down. In the same place under the High Column, you can specify which auth mechanisms you require when a higher level of assurance is required. 


The High level of assurance is invoked when either of the first two conditions are checked and encountered. The first condition is New Endpoint Connections. When a user is accessing either the MyCentrify or Cloud Manager portal for the first time from a device/browser, this option will require the High auth MFA policy be in place. For example, if a user is logging into MyCentrify for the first time from a browser that has never logged in before, the High auth mechanisms will be required. Once they successfully log in however, the Normal auth mechanisms will apply thereafter.


The second condition that can be enabled is Outside IP Addresses. In a nutshell, if you access either portal from outside the company network, then the High policy will be enabled. In order to configure the IP range(s) for the corporate network, you can navigate to Settings ==> Corporate IP Range:




Regardless of whether the Normal or High auth policy is applied, the login experience for the end user will consist of one or more of the following authentication mechanisms:


  • Username and Password - this is as it sounds. While it is possible to use the other authentication mechanisms, Centrify recommends that you keep using a username and password and add one of the following factors (something you know - username/password, something you have - a mobile phone for a code or phone call).
  • Phone Call Factor - this is really cool - the user will be called on their mobile device and be prompted by a voice to press a key to complete the authentication. Combined with the username/password the user is using more than one factor to authenticate
  • Text Message (SMS) / Email Message - This option will send a one time code to SMS (if a mobile phone is associated with the user in the directory) or to their email address. You can set the preference between SMS and email, with one failing over to the next if the first is not available. The user must then enter this one time password (OTP) into the login prompt

Let's take a look that the user authentication experience when MFA is involved:


1) The user navigates to cloud.centrify.com/my and enters their username and clicks next:




2) Centrify will determine the authentication factors that are required based on the policy set earlier, in this example the users Active Directory password and an OTP sent to a mobile device is required:




3a) Once my password is entered correctly, the next step will send an OTP code to my mobile device:




3b) I simply enter this OTP code into the log in form and click next:




4) Now I am allowed access to the MyCentrify portal with an added layer of security.


Many SaaS ISVs such as Dropbox, Google and many others are adding 2-step/MFA experiences to their individual applications. Each of these experiences are different and must be individually configured and maintained. Most of them are not applied when an SSO solution is being used. 


Centrify for SaaS provides a single policy management location for applying MFA across thousands of applications exposing a very straightforward experience for the end user. We are excited about this release and the MFA feature set is an area of significant interest for us moving forward.



Highlights of 13.8 - Nested roles

By Centrify Advisor II on ‎08-20-2013 10:52 AM

Nested roles is a relatively small feature update that greatly eases the burden of managing role assignments. In addition to assigning individual users and Active Directory groups to a role, you can now also assign other roles. The user and group assignments in those assigned roles are granted the same apps and privileges as the users and groups assigned directly to the role.


Here is an example of nested roles, where I have combined the memberships from two other roles into a new role:




When I drill into the details of this role, you can see that I have added the role assignments of two other roles, Sales and
Marketing into the Sales_and_Marketing role:





Highlights of 13.8 - Per tenant branding

By Centrify Advisor II on ‎08-19-2013 12:59 PM

Have you ever wanted to change that logo and background color from the Centrify red (which is near and dear to my heart, but I understand may not appeal to everyone's personal (or corporate) taste.) Well, now you can. 


Log into cloud.centrify.com/manage with a user who has administrative privilege and navigate to Settings ==> Account Customization:




Here you can set the background color, login screen logo and that logo up in the upper left corner. Here is an example for an ACME corporation:




The same branding will also be used in the MyCentrify portal:


mycentrify per tenant branding.png


As well as the login screen:



What is new in this release?


Centrify Cloud Service

  • Additional support for Multi-Forest environments
    • Two-way trust scenarios are now supported. One way trust environments are still not supported and will be available in a future release.

Centrify for Mac and Mobile

  • Enterprise App Store for iOS
    • Centrify now provides an Enterprise App Store for iOS users to be able to select approved applications for self service installation on their mobile device. This iOS App Store is delivered as a web clip application upon successful registration for device management services. Users will then be able to launch this app and see a list of mobile applications their administrator has configured for them via the Cloud Manager. 
    • Please refer to the release notes for additional information after the update.


Centrify for SaaS

  • Configurable user session timeout
    • Customers now have the ability to configure the period of time a user is allowed to stay logged in to the MyCentrify user portal
    • Additional App support
      • Refer to the list in the Release Notes.

A common request from customers and partners is the ability to configure the period of time a user is allowed to stay logged in to the MyCentrify user portal. You can now configure this setting in the Cloud Manager under settings:




The setting takes effect immediately for any new user sessions. When the timer is up, the user is logged out and will be required to log back in with their credentials. BTW - this timeout also applies to the Centrify Cloud Manager in addition to MyCentrify.

Highlights of 13.6 - Browser extensions

By Centrify Advisor II on ‎06-30-2013 11:57 AM

We have been hard at works adding support for hundreds of new applications both with SSO support (like SAML) and with username/password support. Until this 13.6 release, we have only supported a subset of username password apps that can be integrated by simply redirecting the user's browser with the appropriate info to login to the target app site. There are many more app sites that need additional help from the browser (to load the site before attempting login in order to have the approproate javascripts, cookies and others that need to be loaded before login will suceed.) In order to support those sites we have introduced browser extensions to facilitate the login process. As a result we are adding support for hundreds of new applications in this release.


Let's take a look at an example. Twitter is one of those popular sites that only supports username password login. They don't support simple browser redirection so we need to use the browser extension in order to support login to the twitter app.


You add the twitter app to your portal the same as any other app, either centrally managed through the Cloud Manager app or user managed through the MyCentrify portal. Either way you end up with a twitter app in your portal:




When you click on the Twitter app, if you don't have the browser extension installed on this broswer, you will be prompted to download and install the extension:




In my browser, safari on mac, I then have install the extension from the downloaded files:




After installing the extension, I am take back to the MyCentrify portal and the next time I click on the Twitter app, I can successfully login:




From now on, all username passwords apps that need help from the browser extension will automatically work.


There is broswer support for Safari (Mac only), IE 8+ as well as Chrome and Firefox (PC and Mac).


Oh, and feel free to follow me on Twitter as well: @coreywilliams

Are your list of apps looking a little sparse? Ever want to add your own apps and not wait for IT to add them for you?


Now you can with self-service apps! Simply click the Get More Apps and select your favorites:


self service 1.png



I use LinkedIn a lot, so to add this I simply check the LinkedIn apps and click Save Changes:

self service 2.png 


Then I am prompted for my username and password:

self service 3.png


That is it!

self service 4.png


End-users log into MyCentrify at cloud.centrify.com/my.

Admins log into Cloud Manager at cloud.centrify.com/manage


What if you are both an end-user and an admin? Well, you can add a generic shortcut and asign access to the sysadmin group I suppose, but in this release we made this a bit quicker with quick switching for those who have admin privileges. If you are an admin you can get from the MyCentrify portal to the Cloud Manager portal by selecting from the dropdown menu under your username:


From MyCentrify:

quick switch 1.png




From Cloud Manager:

quick switch 2.png

Highlights of 2013.5 - Dynamic Tags

By Centrify Advisor II ‎06-06-2013 03:17 PM

Tags have always been a useful way to organize lots of apps into smaller groups of apps based on your favorite apps, most frequently access apps and what roles you might what to group apps into (for example my sales apps or my HR apps).


Dynamic tags solve several use cases where you have a lot of apps and don't want to constantly be managing these tags by hand. In this case we have added several automated tags that will automatically show up in your tag drop down.


dynamic tags.png


The tags menu is in three sections:


- Dynamic allows you to see All Apps, your most frequently used apps (10 most used) and your most recently used apps (10 most recent)

- My Tags shows you the tags that you add manually to the settings of each app

- My Roles shows you the roles that have assigned you apps 


By selecting any of the entries you will see your list of apps filtered to the list that matches the appropriate criteria. 


Check it out!

Highlights of 2013.5 - About box

By Centrify Advisor II ‎06-06-2013 02:57 PM

Wait, where is the about box? You can't have a world class software product without an about box! Ok, we heard you and here you go:


about 1.png


You can then get easy access to what version of Centrify for SaaS you are using in addition to your customer id. This will help with any support calls or other tasks that require version or customerid.


about 2.png

I want to start using the forum to describe some of the new features we are adding to the product and how they might affect your users. As some of you may know, we are following an approximately 3 week release cadence as a way to add new features and respond to your feedback quickly. Since releasing Centrify for SaaS 2013 a couple of months ago we have since rolled out several releases focusing mostly on internal improvements as well as incrementally improving existing features.


One of those great features we added is "podding" so that we could provide a single login user experience for the Centrify Cloud Service, but our customers could specify their geographic preference with respect to where their users and data would be located. Currently we have three primary "pods" in NA, EMEA and APAC.


The upcoming release of Centrify for SaaS 2013.4 is due to be rolled out next week following this approximate schedule:

NA: Evening time of 5/28 PT

EMEA: Evening time of 5/29 CET

APAC: Evening time of 5/29 SST


When your tenant pod location is updated to 2013.4, there are several new features you should be aware of:


First, enhanced Office 365 support: We have greatly enhanced support for Office 365 including support for all web and rich clients across PC, Mac, iOS and Android. More to announce on this at TechEd during the week of June 3rd.


Second, login aliasing: VERY IMPORTANT, (but cool!): We have simplified the way that you login into the user portal (cloud.centrify.com/my) as well as the managment portal (cloud.centrify.com/manage). Please read this for details on how your login experience is going to change, hopefully for the better!


Basically, if you are manually logging on, you don't need to remember the customer id (that two letter plus three number thingy) anymore!


Simply navigate to https://cloud.centrify.com/my and notice that you are no longer prompted for a customer id!


Here you simply supply your full AD username (ADuser@domain.com instead of just ADuser) and password. We will lookup the right customer id based on your username:




NOTE: If at anytime this does not work for you, try ADusername|customerid (that is, your AD user name separated by the pipe symbol from your customer id. In case you forgot your domain alias for example)


How is this setup? Log into the cloud manager interface (cloud.centrify.com/manage) and click on settings. Here you can setup one (or more) aliases for your customer id:




And that is it!


We hope you enjoy this easier way to login without having to roll out or remember your customerid. If you have any questions, please post them to the forums!







Showing results for 
Search instead for 
Do you mean 

Community Control Panel