Centrify Infrastructure Services (Privilege Service) can securely store account and password combinations for local accounts.
In a break glass scenario, an authorized user can checkout a password using the Centrify mobile app.
The password can subsequently be checked in manually or automatically after a set period of time and potentially rotated if it is a managed password.
MFA is becoming a necessity these days and Centrify makes it easy for you to deploy “MFA Everywhere”. You can support authentication factors like phone-call, SMS, Push notification, Yubikey, FIDO U2F, Smartcards, OATH OTP, and the list goes on. For many of these authentication mechanisms, your user’s can simply leverage their own smartphone. But what if some of your users don’t have smartphones? Can you convince your CIO to purchase and manage hardware tokens? Many organizations want to get away from the overhead of managing tokens. You can see why MFA using a good old-fashioned phone call is a good option for these types of scenarios. The concept is easy, first, the user registers his/her phone number in the self-service portal. Then, at authentication time, the user confirms the receipt of a phone call to his/her mobile device by pressing the # or * key (in addition to another knowledge-based factor). There you go, 2 factors of authentication completed. But there’s a catch.Read more...
Device is enrolled in External MDM
Application's like "ServiceNow" are managed by Centify Identity Service
Users want to use Native "Servicenow" application on their Mobile Devices and achieve SSORead more...
Centrify for Google Chromebook Single Sign-On Configuration Guide
Google G Suite has become one of the most popular on-demand business software in the market and your organization took the plunge to migrate to Google G Suite. You need to assign licenses to your end users automatically, and give them single sign-on. You’re worried about Chrome Book device management and BYOD, and how to manage all that for on-premises apps and cloud apps, too. You’ve got a few questions, and are looking for answers. Without SSO user productivity is greatly affected, without Multi Factor Authentication the risk of exposing inappropriate access increases and without automated account provisioning / de-provisioning IT has to manage all accounts manually.
Fortunately, Centrify Identity Service (CIS) provides a solution. CIS for Google G Suite offers a complete, robust, and easy-to-use Active Directory (AD) or CIS Cloud Directory integration with Google G Suite, providing a seamless authentication experience for Google G Suite users and an easy to use intuitive Administrative interface for IT staff to automate the process of on- and off-boarding employees with day one productivity.
With CIS you can ensure that users have seamless access via single sign-on (SSO) and that their Google G Suite accounts are created, updated, and deactivated on an integrated cycle with the rest of the systems in IT.
Centrify Identity Service enables integration with any web application that also enables administrators to:
- SSO via SAML or CIS form fill to all Google G Suite: Gmail, Docs, Sites, Calendar, Analytics, etc.
- Provide secure SSO with Active Directory integration
- Automatically provision/de-provision users & apps by Active Directory group
- Demonstrate compliance through usage auditing
- Increase application ROI with seat-utilization reporting
Secure Application Access via MFA from unauthorized systems or locationsRead more...
Centrify for Google G Suite offers a complete, robust, and easy-to-use Active Directory (AD) or Centrify Cloud Directory integration with Google G Suite providing a seamless authentication experience for Google G Suite users and an easy to use intuitive Administrative interface for IT staff to automate the process of on- and off-boarding employees with day one productivity.
With Centrify you can ensure that users have seamless access via single sign-on (SSO) and that their Google G Suite accounts are created, updated, and deactivated on an integrated cycle with the rest of the systems in IT.
Secure access to Google G Suite from any device. Enforce and update mobile security settings, and remotely lock or wipe devices. Lock the Centrify Mobile App with a passcode or fingerprint, and prevent unauthorized users from accessing your Google data. No separate software required.
The Google G Suite Deployment Guide covers…
- Preparing your Google G Suite and Google G Suite developer account
- Limiting access to certain Google G Suite based on Security Group
- Configuring automated account provisioning into Google G Suite
- Enabling Single Sign On in Google G Suite
- Provisioning new Users
- Integration with Active Directory
- Securing the Administrative Account for Google G Suite
One of the more anticipated features of the Centrify Identity Service 17.3 release is the ability to manage Windows 10 devices. This feature is currently in preview mode, but is available once enabled on your tenant. This post details the steps to enroll such a device into CIS. If you are interested in what administrators need to configure for Windows 10 mobile device management, please click here.
1. Under Settings, choose Connect to work or school.
2. Choose Connect
3. Enter your email address
4. This should locate your tenant in Centrify Identity Service. Enter your user name.
5. Enter your password
6. Choose an authentication method for multi-factor authentication
7. Respond to the challenge
8. You should see a success message, as below.
9. On the settings screen, you should see your work account similar to what is shown below
10. If you select the work account, you should see additional details similar to what is shown below
11. Log into your CIS tenant and select device tab. Your Windows 10 device is enrolled and should show here.
12. The Wipe Device and Unenroll Device actions should now be available.
Want to configure wireless settings for your users without having to manually touch each device? With the Centrify Identity Service, WiFi settings can be pushed to Mac, iOS, and Android mobile devices using policy.Read more...