Identity consolidation and privileged access management across Windows, Linux, and UNIXEnterprise Edition
Detailed auditing of privileged user sessions on Windows, Linux and UNIXPlatinum Edition
Dynamic segmentation and isolation of cross-platform systemsApplication Edition
Secure, centralized single sign-on to on-premises business applications
Single sign-on and unified management for cloud and mobile apps and devicesMac Edition
Centralized security and management for Macs and mobile devicesPremium Edition
SaaS and Mac Editions combined with mobile security management
The Centrify User Suite takes a unique approach to security and single sign-on for Mac systems, SaaS apps and mobile devices. The Centrify Cloud Service delivers a unified administrative interface and self-service Centrify User Portal to provide the lowest total cost of ownership.
Here is an overview of the key architectural components.
The Centrify Cloud Proxy Server is a simple Windows service that runs behind your firewall to provide real-time authentication, policy and access to user profiles without synchronizing data to the cloud. You keep control of your valuable Active Directory data while extending a common-sense user experience to your end-users.
This multi-tenanted service provides secure communication from your on-premise Active Directory to your Macs and mobile devices and to the Centrify User Portal. The Centrify Cloud Service facilitates secure single sign-on and controls access to your SaaS applications by acting as a security token service, which can authenticate users to the Centrify User Portal with Kerberos, SAML or an Active Directory username/password. It then logs the user into a SaaS application through a one-click selection from a list of permitted SaaS apps.
The Centrify User Service (CUS) optionally sets up a live connection to Active Directory, with automatic load balancing and failover, to ensure that your Active Directory data is highly available and kept safe and in your control. CUS can store external users' identities in the cloud service if you do not have Active Directory or want to extend applications to users (such as customers, contractors or partners) who are not in your Active Directory. You can use cloud-only identities, Active Directory identities, or a hybrid management strategy.
The Centrify Policy Service leverages a live connection to Active Directory to extend the power, familiarity and flexibility of Active Directory Group Policy to enroll devices, detect jailbroken devices, remotely lock or wipe devices, and manage hundreds of settings for iOS, Android, Samsung and Mac devices. CPS can optionally be run entirely from the cloud without the requirement for, or dependance on, Active Directory. You can control the security posture, manage cloud and mobile apps, and control access to your enterprise network and data from a fully integrated and cloud-based SaaS and mobile management service.
SaaS applications and other resources are exposed to users in the Centrify User Portal based on their identity and role within Active Directory. So, for example, the sales organization sees only sales apps, and the finance organization sees only finance apps. Role-based access control for SaaS applications benefits your enterprise by ensuring that end-users have quick, convenient access to the applications they need to perform work while IT retains control over which applications are required and visibility over how applications are used. The Centrify User Portal includes:
The Centrify mobile app is a native app that runs on the user's mobile device.
In addition to managing security policies received via the Centrify Cloud Service, the Centrify mobile app provides users with access to their approved SaaS apps in much the same way that the browser-based Centrify User Portal does. An added benefit: once users unlock their device (thus authenticating), they have Zero Sign-On to their apps: they can simply launch an app without being challenged to re-authenticate, which is a tremendous usability and efficiency gain compared to the effort of keying in a username and password on a small touchscreen.
For ISVs and other developers, Centrify's Mobile Authentication Services SDK enables them to write apps that leverage the Centrify Cloud Service to provide Zero Sign-On to their organization's Active Directory.
Device data and security policies are stored directly in Active Directory, which means Macs, iPads, iPhones and Android devices can be managed using the existing tools and lifecycle processes you currently have in place. The Centrify Cloud Management Suite installs a collection of extensions to standard Windows-based management tools. The Centrify extension to Active Directory Users & Computers (ADUC) shows you the devices that are associated with a user's Active Directory profile. An extension to the Windows Group Policy Objects Editor (GPOE) lets you set up configuration and security policies that can be automatically applied to mobile devices.
The Centrify Cloud Manager is a browser-based administrative tool hosted by the Centrify Cloud Service. It provides a single pane of glass to administer SaaS app access and SSO, mobile devices, and user profiles. It also provides centralized reporting, monitoring and analysis of all SaaS and mobile activity.