Centrify Cloud Service

Unified Architecture for SaaS, Mobile & Mac Management

Unleash user productivity and enhance IT efficiency with a unified, cloud-based solution for securing and managing IT resources

The Centrify User Suite takes a unique approach to security and single sign-on for Mac systems, SaaS apps and mobile devices. The Centrify Cloud Service delivers a unified administrative interface and self-service Centrify User Portal to provide the lowest total cost of ownership.

  • Cloud Manager provides administrators with a single pane of glass to manage applications, devices, roles and security policies.
  • The Centrify User Portal enables users to gain SSO to their applications as well as to manage their own devices through self-service.
  • The Cloud Proxy Server seamlessly integrates with Active Directory without poking extra holes in your firewall or adding devices in your DMZ.
  • The Centrify User Service (CUS) allows you to manage users' identity where you want it: Store your users' identity in our cloud, optionally leverage Active Directory without replication to our cloud or a hybrid of both without sacrificing control of your corporate identities.
  • The Centrify Policy Service (CPS) allows you to manage corporate or BYOD iOS, Android, Samsung and Mac devices either from the cloud or optionally by leveraging Active Directory group policy.

Here is an overview of the key architectural components.

Centrify Cloud Proxy Server

The Centrify Cloud Proxy Server is a simple Windows service that runs behind your firewall to provide real-time authentication, policy and access to user profiles without synchronizing data to the cloud. You keep control of your valuable Active Directory data while extending a common-sense user experience to your end-users.

Centrify Cloud Service

This multi-tenanted service provides secure communication from your on-premise Active Directory to your Macs and mobile devices and to the Centrify User Portal. The Centrify Cloud Service facilitates secure single sign-on and controls access to your SaaS applications by acting as a security token service, which can authenticate users to the Centrify User Portal with Kerberos, SAML or an Active Directory username/password. It then logs the user into a SaaS application through a one-click selection from a list of permitted SaaS apps.

Centrify User Service

The Centrify User Service (CUS) optionally sets up a live connection to Active Directory, with automatic load balancing and failover, to ensure that your Active Directory data is highly available and kept safe and in your control. CUS can store external users' identities in the cloud service if you do not have Active Directory or want to extend applications to users (such as customers, contractors or partners) who are not in your Active Directory. You can use cloud-only identities, Active Directory identities, or a hybrid management strategy.

Centrify Policy Service

The Centrify Policy Service leverages a live connection to Active Directory to extend the power, familiarity and flexibility of Active Directory Group Policy to enroll devices, detect jailbroken devices, remotely lock or wipe devices, and manage hundreds of settings for iOS, Android, Samsung and Mac devices. CPS can optionally be run entirely from the cloud without the requirement for, or dependance on, Active Directory. You can control the security posture, manage cloud and mobile apps, and control access to your enterprise network and data from a fully integrated and cloud-based SaaS and mobile management service.

Centrify User Portal

SaaS applications and other resources are exposed to users in the Centrify User Portal based on their identity and role within Active Directory. So, for example, the sales organization sees only sales apps, and the finance organization sees only finance apps. Role-based access control for SaaS applications benefits your enterprise by ensuring that end-users have quick, convenient access to the applications they need to perform work while IT retains control over which applications are required and visibility over how applications are used. The Centrify User Portal includes:

ADUC Integration
Centrify User Portal

Users log in once and then point, click and launch the SaaS apps they are authorized to use without having to remember their username and password for each app.

  • Apps: Shows users their approved SaaS apps, with a one-click interface for single sign-on.
  • Devices: Lets users view the properties of their enrolled Mac, smart phones and tablets, including location and status. It provides self-service passcode reset, device lock, and remote wipe.
  • Profile: A self-service interface that lets users update selected Active Directory information, reset their password, or unlock their account.
  • Activity: A list of events that can help users self-report suspicious activities on their account.

Centrify Mobile App

The Centrify mobile app is a native app that runs on the user's mobile device.

ADUC Integration
Centrify Mobile App

Centrify's application management capabilities auto-provision mobile and Web apps to iOS and Android devices. Users obtain Zero Sign-On to all SaaS and corporate apps with a single click of an icon — whether accessing from their Mac, PC or mobile device.

In addition to managing security policies received via the Centrify Cloud Service, the Centrify mobile app provides users with access to their approved SaaS apps in much the same way that the browser-based Centrify User Portal does. An added benefit: once users unlock their device (thus authenticating), they have Zero Sign-On to their apps: they can simply launch an app without being challenged to re-authenticate, which is a tremendous usability and efficiency gain compared to the effort of keying in a username and password on a small touchscreen.

For ISVs and other developers, Centrify's Mobile Authentication Services SDK enables them to write apps that leverage the Centrify Cloud Service to provide Zero Sign-On to their organization's Active Directory.

Centrify Administration and Management

ADUC Integration
Centrify Cloud Manager

The Centrify Cloud Manager enables IT managers to manage access to SaaS apps, apply role-based access controls, and run reports.

Device data and security policies are stored directly in Active Directory, which means Macs, iPads, iPhones and Android devices can be managed using the existing tools and lifecycle processes you currently have in place. The Centrify Cloud Management Suite installs a collection of extensions to standard Windows-based management tools. The Centrify extension to Active Directory Users & Computers (ADUC) shows you the devices that are associated with a user's Active Directory profile. An extension to the Windows Group Policy Objects Editor (GPOE) lets you set up configuration and security policies that can be automatically applied to mobile devices.

The Centrify Cloud Manager is a browser-based administrative tool hosted by the Centrify Cloud Service. It provides a single pane of glass to administer SaaS app access and SSO, mobile devices, and user profiles. It also provides centralized reporting, monitoring and analysis of all SaaS and mobile activity.