Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
Wednesday, February 15, 2012
Before I get into blogging about the details of our recently announced Centrify for Mobile, I wanted to show my readers a few screenshots of it in action using my iPhone as an example. In other words, we are using our own internal Active Directory to manage our fleet of mobile devices used by employees.
To help you visualize what it does, here is my iPhone joined to Active Directory (to protect the innocent I have put these grey boxes in front of folks' emails).
And here is the ADUC Properties window for my iPhone, as you can see I am running an old model of an iPhone that runs iOS 4.2.1. I am waiting for the iPhone 5 to come out, so yes I am still running an iPhone 3!
Because my phone is joined to the domain, Group Policies are automatically being applied to it. More on that later.
Now below is another view of all the mobile devices joined to our AD domain but looking at it from our Cloud Manager. The Centrify Cloud Manager is the administrative interface into our Centrify Cloud Service — a multi-tenanted cloud service that provides a secure communication from your on-premise Active Directory to your organization's mobile devices. The Centrify Cloud Service facilitates over-the-air policy integration with Active Directory — even if devices are not connected to an organization's network. It also provides the same type of management we allow from ADUC but in a web interface that runs off the cloud. So if our internal IT needs to unlock my iPhone, they could either do it from within ADUC or via the Cloud Manager (i.e. no need to fire up ADUC if they are at home and need to do a remote wipe or lock etc.)
The Cloud Manager also lets an IT admin see the Apps installed on a device. Below are the apps on my iPhone. As you can see I have some games for my kids to play on my phone (although I am partial to PvZ) and I also have some Apps I use for business such as WebEx and LinkedIn.
Finally, here is a photo of the profiles being enforced on my iPhone via Group Policy. Centrify for Mobile gives customers complete control of all the device security and management controls exposed by mobile vendors such as Apple. The policies are fairly common across devices. Policies can configure settings for Exchange as well as Passcode policy (length, number of complex character, failed attempt before locking, etc.) and device restrictions, such as which applications can be installed, use of camera, or enabling screen capture. In addition, Centrify DirectControl for Mobile automatically sets up profiles that enforce the customer's policies for WiFi and VPN access, authentication, proxy and protocol settings.
This is way cool stuff — the industry's first and only Active Directory Bridge for mobile devices. In my next blog I will walk you through how Centrify for Mobile works in more detail!