Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
The Centrify User Suite takes a unique approach to security and single sign-on for Macs, SaaS apps, and mobile devices. The Centrify User Service (CUS) seamlessly integrates with Active Directory without poking extra holes in your firewall or adding devices in your DMZ. And unlike other solutions, Centrify does not make the fundamental security mistake of duplicating AD into the cloud, maintaining your organization's identity inside Active Directory and under your control.
CUS's live connection to Active Directory, with automatic load balancing and failover, ensures that your AD data is highly available and kept safe and in your control. CUS can optionally store external users' identity if you do not have Active Directory or want to extend applications to users (such as customers, contractors or partners) who are not in your AD. You can use cloud-only identities, Active Directory identities, or a hybrid management strategy.
Here is an overview of the key architectural components.
The Centrify Cloud Proxy Server is a simple Windows service that runs behind your firewall to provide real-time authentication, policy and access to user profiles without synchronizing data to the cloud. You keep control of your valuable Active Directory data while extending a common-sense user experience to your end-users.
This multi-tenanted service provides secure communication from your on-premise Active Directory to your Macs and mobile devices and to the MyCentrify User Portal. The Centrify Cloud Service facilitates secure single sign-on and controls access to your SaaS applications by acting as a security token service, which can authenticate users to the user portal with Kerberos, SAML or an Active Directory username/password. It then logs the user into a SaaS application through a one-click selection from a list of permitted SaaS apps.
SaaS applications and other resources are exposed to users in the MyCentrify user portal based on their identity and role within Active Directory. So, for example, the sales organization sees only sales apps, and the finance organization sees only finance apps. Role-based access control for SaaS applications benefits your enterprise by ensuring that end-users have quick, convenient access to the applications they need to perform work while IT retains control over which applications are required and visibility over how applications are used. The MyCentrify portal includes:
The MyCentrify mobile app is a native app that runs on the user's mobile device.
In addition to managing security policies received via the Centrify Cloud Service, the MyCentrify app provides users with access to their approved SaaS apps in much the same way that the browser-based MyCentrify User Portal does. An added benefit: once users unlock their device (thus authenticating), they have Zero Sign-On to their apps: they can simply launch an app without being challenged to re-authenticate, which is a tremendous usability and efficiency gain compared to the effort of keying in a username and password on a small touchscreen.
For ISVs and other developers, Centrify's Mobile Authentication Services SDK enables them to write apps that leverage the Centrify Cloud Service to provide Zero Sign-On to their organization's Active Directory.
Device data and security policies are stored directly in Active Directory, which means Macs, iPads, iPhones and Android devices can be managed using the existing tools and lifecycle processes you currently have in place. The Centrify Cloud Management Suite installs a collection of extensions to standard Windows-based management tools. The Centrify extension to Active Directory Users & Computers (ADUC) shows you the devices that are associated with a user's Active Directory profile. An extension to the Windows Group Policy Objects Editor (GPOE) lets you set up configuration and security policies that can be automatically applied to mobile devices.
The Centrify Cloud Manager is a browser-based administrative tool hosted by the Centrify Cloud Service. It provides a single pane of glass to administer SaaS app access and SSO, mobile devices, and user profiles. It also provides centralized reporting, monitoring and analysis of all SaaS and mobile activity.