Centrify Trust

Cloud Components

Centrify’s Identity-as-a-Service (“IDaaS”) Infrastructure

Centrify Identity Service is an integrated SaaS, mobile and Mac management solution built upon the Centrify Identity Platform, and delivered via our fully redundant, multi-tenant Centrify Cloud. Our cloud-based identity offering delivers the utmost flexibility in where you can store your identity information, be it in your on-premises Active Directory, in the cloud, or a combination of both.

Centrify’s IDaaS offering is architected from the ground up for enterprise scale and high availability. Available in data centers across the globe, the Centrify Cloud  services large multi-national companies and small businesses, worldwide. Centrify’s commitment to being a global provider is further evidenced by Centrify offering its cloud-based identity solutions to end users in 15 different languages.

With an easy-to-use and powerful web-based user portal and app for Single Sign-on (“SSO”), Multi-Factor Authentication (“MFA”), and self-service; as well as a powerful admin portal for application management, mobility management, provisioning, policy management and reporting, Centrify Identity Service is simple to access, easy to deploy, and has the global performance expected of modern cloud services.

The Centrify Cloud

The Centrify Cloud is comprised of the Centrify Identity Platform and the Centrify Identity Service application that is built on top of the Identity Platform. Users and administrators access the Centrify Cloud via both web and mobile user interfaces.

In addition, Centrify also offers optional on-premises components: The Centrify Cloud Connector, which securely connects your on-premises applications and directory to the Centrify Cloud, and the Active Directory Users & Computers (“ADUC”) extensions for AD group policy-based mobile device and Mac management.  

Centrify Identity Platform 

The Centrify Identity Platform is a fully extensible and scalable cloud directory and a set of policy, authentication and reporting engines that power Centrify Identity Service.

Centrify Cloud Directory
The Centrify Cloud Directory is an optional directory built into Identity Service, for customers without Active Directory, or who prefer to use a combination of Active Directory and a separate Cloud Directory. For example, an organization can use a hybrid of Active Directory for internal identities and the Centrify Cloud Directory for external users like contractors, partners, or customers.

Centrify Policy Engine
The Centrify Policy Engine allows IT to build secure app and device policies, with the most robust set of parameters available. Using combinations of device type, location, time, user, app type, network, and more, IT can build custom per-app access policies to mitigate identity-based data risks.

When needed, the Policy Engine includes a live connection to Active Directory so IT can incorporate AD Group Policy as part of IT-defined rules. This connection to AD eliminates the need to replicate data to the cloud, helping to keep IT identity data secure. If a customer chooses not to use Active Directory, the policy engine can optionally be run entirely from the cloud without the requirement for, or dependence on, Active Directory.

The Centrify Policy Engine also powers the capabilities of Identity Service to provision and de-provision users with popular SaaS applications and Active Directory, the Centrify Cloud Directory, or both.

Centrify Authentication Engine
Authentication is at the heart of the Identity Platform, and Centrify provides an Authentication Engine that leverages either Active Directory, the Cloud Directory, or a hybrid of both, to manage app and device authentication and access. The Authentication Engine enables single sign-on for thousands of SaaS and mobile applications and supports popular standards such as SAML.

Integrated into the Authentication Engine is Centrify’s Multi-Factor Authentication (“MFA”) support, which allows IT to implement strong authentication for specific apps, or across their entire portal — all from the cloud. Centrify MFA was designed to be simple yet powerful, and is seamlessly integrated with the Centrify Mobile App, as well as the Admin and User Portals. Users don’t have to become authentication experts, and IT can deploy secure authentication as needed — without changing code, or working with app vendors. 

Centrify Reporting Engine
The Centrify Reporting Engine allows IT to monitor and report on user actions, app access, device usage, and much more. Fully customizable reports allow granular reporting across an enterprise, or just for specific apps — as needed by IT.

Centrify Identity Service Application

Centrify Identity Service is an application built on top of the Identity Platform. Centrify Identity Service is the only IDaaS solution that integrates cloud single sign-on, provisioning and MFA with enterprise mobility and Mac management.

Centrify User and Admin Portals
and the Centrify Mobile App

End users and IT administrators access Centrify Identity Service via both web and mobile apps, including the User Portal, Admin Portal, and a native mobile app.

User Portal
The Centrify User Portal provides one click (or one-tap) access to cloud and on-premises apps. Apps are made available based on user role, and managed by IT, and the portal is available across desktops, laptops and mobile devices.

In addition, the User Portal allows for optional self-service device management. Users can locate, lock, or wipe lost or stolen devices, as well as enroll new devices to be managed by IT — without requiring assistance or time from IT. 

Admin Portal
The Centrify Admin Portal allows IT to define and implement app and device policy, as well as report on user, app, and device activity. Admins can set up automated user account provisioning, define app access policies and SSO, deploy MFA, manage mobile apps and devices, and more, all from a single cloud portal. 

Centrify Mobile App
The Centrify Mobile App provides integrated application SSO, device management, and MFA to users’ mobile devices. The Centrify Mobile App allows users to enroll their devices in corporate policy — enabling simple one-tap access to business apps, as well as complete device management.

 For ISVs and other developers, Centrify's Mobile Authentication Services SDK enables them to write apps that leverage the Centrify Cloud Service to provide Zero Sign-On to their organization's Active Directory. 

Optional On-premises Software

Centrify Cloud also offers optional software in the form of the Centrify Cloud Connector as well as Active Directory Users & Computers (“ADUC”) extensions to seamlessly connect the Centrify Cloud to on-premises infrastructure. This allows IT to use on-premises Active Directory for single sign-on and user policy, and can also make on-premises apps available to remote users without the need for VPN.

Centrify Cloud Connector
The Centrify Cloud Connector is an easy-to-install Windows service that runs behind your firewall to provide a real-time Active Directory proxy to connect user profiles and group policy without synchronizing data to the cloud. You keep control of your valuable Active Directory data while extending a common-sense user experience to your end-users.

The Cloud Connector also provides an On-Premises App Gateway — available as a feature of Centrify Identity Service, App+ Edition — to provide secure, encrypted access to behind-the-firewall apps without the hassles of VPN.

Centrify ADUC Extension for Active Directory-based Mobile and Mac Management
The Centrify Cloud Connector can also install a collection of extensions to standard Windows-based management tools without any AD schema changes. The Centrify ADUC extension shows the devices that are associated with a user's Active Directory profile— inside the Active Directory user interface. A Centrify provided extension to the Windows Group Policy Objects Editor (“GPOE”) lets you set up configuration and security policies that can be automatically applied to mobile devices.