Centrify Server Suite Editions

Show More Detail
Edition Components Features
Standard
DirectManage
Centralized Management and User Administration
DirectControl
Centralized Authentication and Access Control
DirectAuthorize
Role-Based Authorization and Privilege Management
Enterprise

Standard Edition plus:
DirectAudit
Detailed Auditing of User Activity
Platinum

Enterprise Edition plus:
DirectSecure
Server Isolation and Protection of Data-in-Motion
Application

Optional modules available with any edition
Centrify for Applications
Single Sign-On for On-Premise Applications

Centrify Server Suite Editions

Show Less Detail
Edition Components Features
Standard
DirectManage
Centralized Management and User Administration
Centrally discover servers and deploy software
Automate discovery of identity and access management issues on *NIX servers
Rapidly migrate *NIX identities into Active Directory
Provision and manage access and roles via MMC & CLI
Advanced reporting of access and usage
DirectControl
Consolidate Identities and Centralize Authentication
Join Active Directory and authenticate users
User account pre-validation and privileges caching
Advanced Active Directory support (one-way trusts, zero schema mods)
Centralized UNIX identity management (map multiple UIDs to one AD account)
Unique, hierarchical zone-based management of UNIX profiles
Group Policy enforcement
Legacy integration and migration (NIS & LDAP Proxy Servers)
Centrify-enabled versions of OpenSSH, Kerberos, PuTTY, and Samba
DirectAuthorize
Role-Based Authorization and Privilege Management
Role-based authorization & privilege management
Dynamic access restrictions (time, access method)
UNIX: Restricted shell environment (whitelist)
UNIX: Simple sudo migration and dzdo command leverages Active Directory for centralized, granular role-based privilege elevation
Windows: One-click system tray for privilege elevation without re-entering passwords
Enterprise

Standard Edition plus:
DirectAudit
Detailed Auditing and Playback of User Activity and Sessions
User session capture for Windows, UNIX and Linux
User session search and replay with command list
Trigger session recording based on user, role, machine or elevation
SQL–based event reporting and archiving
Platinum

Enterprise Edition plus:
DirectSecure
Trust-Based Protection of Sensitive Systems
Secure sensitive information by dynamically isolating cross-platform systems
Enable end-to-end encryption of data in motion
Leverage Windows 7 DirectAccess to access UNIX and Linux systems
PKI certificate auto issuance and renewal
Application

Optional modules available with any edition
Centrify for Applications
Single Sign-On for On-Premise Applications
SAP NetWeaver (SAPgui and Web) single sign-on
Integrated web single sign-on (Apache, Tomcat, JBoss, WebSphere, WebLogic)
IBM DB2 single sign-on modules

Centrify User Suite Editions

Show More Detail
Components Features SaaS Editions
Mac
Premium
Centrify for SaaS
Single Sign-On for SaaS and Mobile Apps Supported   Supported
Centrify for Mac
Active Directory-Based Security and Management for Mac OS X   Supported Supported
Centrify for Mobile
Mobile and BYOD Management
Supported Supported Supported
Centrify Cloud Service
Unified Architecture for SaaS, Mobile & Mac Management
Supported Supported Supported

Centrify User Suite Editions

Show Less Detail
Components Features SaaS Editions
Mac
Premium
Centrify for SaaS
Single Sign-On for SaaS and Mobile Apps

Single sign-on for SaaS and mobile applications
  • Enterprise catalog of thousands of pre-integrated SaaS apps using SAML, individual or shared username/password, and other authentication standards
  • Users access their approved applications via MyCentrify web portal or Centrify mobile app
  • Unique, Centrify mobile app for zero sign-on (ZSO) to authorized apps

Multifactor Authentication
  • User selectable authentication factor
  • Centrify Mobile Authenticator soft OTP token factor
  • Interactive mobile phone call to verify user factor
  • One-time passcode (OTP) sent via SMS or email factor

Per app authorization policy
  • Trigger multifactor or step up authentication based on per-app policy
  • Rich policy script to check the context of the authentication request based on time of day, network location, role, user attributes, device attributes, client type
  • Deny access or require additional authentication factors

User provisioning for select apps (coming soon)
  • Role based auto provisioning/deprovisioning of app user accounts and attributes
  • Generic SCIM support
Supported   Supported
Centrify for Mac
Active Directory-Based Security and Management for Mac OS X

Best-in-class Active Directory-based Identity Service
  • Users login to Active Directory for Single Sign-on to AD integrated services
  • SSO to Enterprise Services enables seamless access to applications and services
  • Integrated software agent and cloud management: manage Macs via Active Directory whether on-premise or remote
  • Profile management supporting basic MDM Profiles
  • Remote Lock or Wipe supported for lost or stolen Macs

Advanced Identity Services
  • Advanced Active Directory authentication supporting multi-forest environments
  • Robust identity management supporting Zone-based identities with granular access controls for high security environments
  • Granular user access management to restrict access to individuals, groups or IT
  • Automated home directory management for mobile user with local home or network user with network home directory
  • Remote administration privilege management enables IT support with remote access with local admin privileges

Advanced Security Services
  • Group Policy-based security management of computer and user configuration
  • Automated certificate management for strong authentication to wired and wireless networks
  • Automated management of FileVault 2 for full disk encryption to protect data at rest
  • Hybrid on-premise and cloud-based management supporting all MCX, Profiles and plist file based management controls
  • Comprehensive enterprise security configuration via Group Policy settings

Basic Smart Card Services
  • Smart Card authentication for PKI enabled Web sites
  • JITC-approved two-factor authentication via CAC, CACNG, PIV or PIV-I smart cards

Advanced Smart Card Services
  • Smart Card login to Active Directory enabling single sign-on to enterprise services and applications
  • FIPS 140-2 validated crypto engine
  • Group Policy-based management for smart card login, screen lock on card removal, trusted CAs, and certificate validation configuration
  Supported Supported
Centrify for Mobile
Mobile and BYOD Management

Basic mobile device management (MDM)
  • Automated security and configuration enforcement using Windows Group Policy or Centrify Policy Service
  • Security policy enforcement supporting passcode, Exchange, Wi-Fi, and VPN settings
  • Remote device administration supporting device lock, wipe or unenroll
  • User lifecycle enforcement simplifying user-based support processes
  • Compromised device detection for rooted or jail-broken devices
  • Device location reporting

Advanced mobile device management (MDM)
  • Full mobile device policy enforcement supporting Apple iOS, Android and Samsung Enterprise Device management (SAFE) policies
  • Certificate auto-issuance and renewal for PKI authentication to Wi-Fi, VPN and Exchange Active Sync
  • Exchange Active Sync server access management thru auto-management of the Allow/Block/Quarantine access rights to User's mailboxes
  • Pre-enrollment support for iOS device supervision

Secure mobile container management (MCM)
  • Cross platform container management with full support for Samsung KNOX
  • Remote container administration supporting container create, lock, and wipe.
  • Full mobile container policy enforcement for complete configuration and policy management to apply container specific-policies (e.g. apps allowed)
  • Role-based container application management supporting application installation, whitelist along with Single Sign-on service authorization control

Unified mobile application management (MAM)
  • Web and mobile application authentication and access management from a single console
  • Role-based mobile application assignment supports user centric mobile app installation and management for custom and commercial apps for iOS and Android
  • User self service mobile app management interface for enterprise distribution of rich mobile client apps
  • Apple Volume Purchase Program (VPP) support for paid mobile applications

Mobile Authentication and SSO Services (MAS)
  • Zero Sign-on application access across multiple web and mobile applications
  • Authentication SDK provides Zero Sign-on for enterprise mobile applications
  • Role-based user authorization simplifies administration leveraging Active Directory or Centrify Cloud User Service
  • Mobile as multi-factor authentication token supporting one time passcode for user authentication to the Centrify User Portal
Supported Supported Supported
Centrify Cloud Service
Unified Architecture for SaaS, Mobile & Mac Management

Built for the global enterprise
  • Secure by design with a separately encrypted tenant for each organization
  • Centrify Cloud Service certifications: SOC 2 Type II: Truste Trustmark and Safe Harbor; E.U. Safe Harbor
  • World wide service covering North America, EMEA and APAC regions
  • Multi-language support for more than a dozen popular languages

Identity where you want it
  • Manage identities (users and groups) through live Active Directory connections, Centrify User Service, or both
  • Class leading Active Directory integration with no replication of users and multiforest support
  • Centrify User Service for users that are not or shouldn't be in your Active Directory
  • Built-in Integrated Windows Authentication (IWA) for silent authentication from corporate networks

Cloud-based centralized administration
  • Centrify Cloud Manager provides unified IT administration for SaaS apps, Macs and mobile devices
  • Role-based rights management for administration and application access
  • Corporate IP range restrictions

User self-service
  • Add personal username/password apps to MyCentrify
  • Drag-and-drop app shortcut/bookmarks
  • Self-service device enroll and unenroll supporting user driven device upgrades
  • Change Active Directory password and edit account details
  • Locate, lock or wipe enrolled Macs and devices

Advanced reporting
  • Comprehensive pre-built and custom reporting for inventory, activity tracking and analysis
  • Over three dozen built-in reports, all customizable
  • Unique "live reports" allow interactive drill-down into details on devices, users, apps and roles
  • Location based events can be displayed on a map style report
  • Custom reporting using standard SQL queries
  • Role-based report sharing to preserve delegated administrative controls

Custom branding for admin and user portals
Supported Supported Supported