Support

What's New

Complete details on recent product releases and announcements

  • Identity Service

    New features for App/App+ and Mac editions
  • Privilege Service

    New features in Privilege Service
  • Server Suite

    New features in Standard and Enterprise editions, plus updates on platform support

Announcements of On-Going Interest


 

November 19, 2016

What's New in Centrify Cloud 16.11

  • Component Name Changes
  • Centrify Browser Extension Form-Fill Preview
  • Windows MFA
  • Policy Compliance
  • Aggregate Map of Device Locations
  • Notifications Menu

Centrify Privilege Service

  • The Centrify Agent for Linux
  • Manage Account Passwords for SQL Server Clusters

For details see Centrify Cloud 16.11 Release Notes.

 


 

November 11, 2016

Centrify Server Suite 2016.1 Now Supports MFA for Servers on Login to Windows

The updated Centrify Server Suite 2016.1 Agent for Windows includes MFA at login capabilities to Windows Server. Centrify Server Suite now supports MFA for Servers on login and at privilege elevation for Windows, Linux and UNIX systems.

Adding the MFA security layer to your Server Suite environment will help defend against human and automated attacks that target an enterprise through privileged credentials. By requiring a second authentication factor in security policies, attackers are unable to misuse accounts without possessing the physical device or email address needed to complete the authentication process. This ensures the entity attempting to gain access to critical resources, whether human user or “headless”, is who they say they are.

MFA at Server Login

Server Suite prompts for a second factor of authentication during login to Windows, Linux and UNIX servers. Building on the privileged access control capabilities within Server Suite, (Zones, roles, and rights), MFA is enforced on login for specific users or servers. There is no need to enforce MFA for every login event.


MFA on Privilege Elevation

Once on the server, the user may selectively be prompted for a second factor when elevating privilege to run a highly privileged command.


Thwart in-progress attacks with MFA for Servers:

Please refer to the Release Notes for a detailed description of this feature.

 


 

October 31, 2016

Centrify Identity Service: Getting Started On-Demand Webinar

In this on-demand webinar, community super-user @TonyC provides detailed instructions on various components of the Centrify Identity Service in order to help you establish a baseline configuration. At the end of the presentation, you should have a functioning cloud tenant that's ready to manage user identity and provide authentication to secure applications, along with mobile device management.


Watch Now

 


 

October 29, 2016

What's New in Centrify Cloud 16.10

  • Improved App Policy
  • Changes to Login Authentication Policy
  • Improved People Picker for SAML App Script Testing 
  • Warning Message for Administrative Changes Resulting in Sysadmin Lockout
  • Deprecated Support for IWA over HTTP

Centrify Privilege Service

  • Improvements to Application Management
  • Re-enable Domain Account Management

For details see Centrify Cloud 16.10 Release Notes.

 


 

September 24, 2016

What's New in Centrify Cloud 16.9

  • Administrative Tutorials ("Walk Me Through" Quick Start Wizard)
  • User Security Question Report
  • New Adaptive Authentication Conditions
  • Centrify Browser Extension (CBE) Private Preview
  • Preview: Derived Credentials Support for SCEP CAs
  • Device Location Reporting Option for Admins
  • New Centrify for Mac Agent – macOS Sierra & HSPD 12

Centrify Privilege Service

  • Computer and Service Account Discovery
  • Windows Service Account Password Management
  • Re-enable Domain Account Management

For details see Centrify Cloud 16.9 Release Notes.

 


 

September 21, 2016

Centrify Provides Day Zero Support for macOS Sierra

Centrify is pleased to continue its tradition of offering customers immediate support for the latest macOS operating system. An updated version of the Centrify for Mac Agent is available today for macOS Sierra.

Refer to the macOS Sierra Support Resources Page for everything you need to successfully implement Centrify for Mac with macOS 10.12.

Read the Centrify for macOS 10.12 Release Notes for a list of changes and known issues.

For further assistance, please contact Centrify Support.

 


 

September 1, 2016

Centrify Mac Agent Early Access Build Now Available

Centrify is pleased to continue its tradition of offering customers day one support for the latest macOS operating system. An updated version of Centrify Identity Service for Mac is in the works to be available in time for the Sierra launch. In order to assist administrators with testing prior to Sierra’s launch, Centrify is providing an early access beta for registered Centrify customers.

This release is provided as an early access release, and it is intended for the sole purpose of testing Centrify with Apple’s upcoming macOS 10.12 (Sierra) release. This unsupported early access release is provided “as-is” and it is not intended for use in production environments. This build should be used with macOS 10.12 beta 4 and later.

For more information see the macOS Sierra Support Resources page.

 


 

August 27, 2016

What's New in Centrify Cloud 16.8

  • 3rd Party RADIUS (e.g., RSA SecurID) Support
  • Dashboard Updates
  • UI Enhancements
  • Smart Card Support for Office 365 Thick Clients
  • Derived Credentials UI Improvements
  • Gmail is now the default email app in Android for Work

Centrify Privilege Service

  • Deprecating the Centrify CLI Toolkit

For details see Centrify Cloud 16.8 Release Notes.

 


 

July 28, 2016

What's New in Centrify Cloud 16.7

  • Improved Settings Pages
  • Additional Attributes for MFA
  • Google Apps Support for Multiple Domains
  • Changes to IWA
  • Mobile Notifications on Multiple Devices

Centrify Privilege Service

  • Rotate Password Now
  • Improved Cloud Connector Selection for Databases

For details see Centrify Cloud 16.7 Release Notes.

 


 

July 20, 2016

Announcing the Centrify Repo

Centrify is pleased to announce the Centrify Repo to simplify software installation for Yum and APT capable systems. This repo will provide the latest version of Centrify Server Suite for both Standard and Enterprise Edition as well as the Centrify Privilege Service.

In order to use the Centrify Repo, go to the Download Center and click on “Setup Repo Now”

 


 

June 18, 2016

What's New in Centrify Cloud 16.6

  • RADIUS Support for Multiple Challenges
  • SMTP Server Configuration
  • Cross-Origins Resource Sharing (CORS) Support
  • UI Changes
  • UI for Enabling Smart Card Support
  • Derived Credentials
  • Mobile Feature – Device Enrollment Notifications
  • Introducing the New Centrify Identity Service Mac Cloud Agent

Centrify Privilege Service

  • Database Application Account Password Management
  • Security Settings and Account Types

For details see Centrify Cloud 16.6 Release Notes.

 


 

May 23, 2016

Announcing Availability of Centrify Server Suite 2016.1

Centrify is pleased to announce Centrify Server Suite 2016.1, an update to our industry-leading solution for consolidating identities, enforcing multi-factor authentication, and implementing least privilege access all while monitoring privileged sessions across Windows, Linux and UNIX systems.

Enhancements to Centrify Server Suite include new platform support for multi-factor authentication (MFA) for servers.  MFA for servers is now supported at login for IBM AIX, HP-UX, and Solaris, while MFA can also be enforced when privilege is elevated on Windows, Linux and UNIX systems. Additionally, MFA for Servers now supports existing RSA SecureID environments.  This release also extends smart card and certificate management capabilities with support for Elliptic Curve algorithms.

In addition to the new features delivered in this release, Centrify Server Suite 2016.1 delivers many usability and performance improvements, as well as flexibility through added reporting options, audit configuration options, and command line utilities. 

New platform support in this release includes: AIX 7.2; Amazon Linux AMI (latest); CentOS 7.2; Debian Linux 7.10, 8.3, 8.4; Oracle Enterprise Linux 7.2; Scientific Linux 7.2; openSUSE 42.1; SUSE 12 SP1; and Ubuntu 16.04 LTS.

Please refer to the What’s New in Centrify Server Suite 2016.1 page for a detailed description of new features.

 


 

May 20, 2016

What's New in Centrify Cloud 16.5

  • Additional Controls for Adaptive Authentication
  • More Robust Cloud Connector

Centrify Privilege Service

  • Multi-factor Authentication for Accounts and Resources
  • Password History Clean Up
  • Global Policies and Settings Moved in the User Interface

For details see Centrify Cloud 16.5 Release Notes.

 


 

April 28, 2016

What's New in Centrify Cloud 16.4

  • Show Password Complexity Requirements 
  • Recovery of Forgotten User Name 
  • Require Separate Device for MFA 
  • Expanded SAP Support 
  • Box Role Mapping Support for Union 
  • Mobile - Invite based enrollment 
  • Mobile - Multi-Select on Devices Tab 
  • Mobile - Tabs Icon for Open Web Apps 
  • Improved OATH Token Management for Admins 

For details see Centrify Cloud 16.4 Release Notes.

 


 

April 15, 2016

Customer Notice on Samba Badlock

On April 12th, 2016, serious vulnerabilities were disclosed in current and prior versions of both Samba and Microsoft Windows.  These so-called Badlock vulnerabilities are categorized at Badlock.org as “mostly man-in-the-middle or denial of service attacks”.

In the past, Centrify has provided a Samba binary package, patched from the open source Samba project, to work with DirectControl.  The last Centrify-patched version of Samba for Server Suite was CentrifyDC-samba 4.5.9, based on Samba 3.6.25.

Samba Updates

Samba.org released security updates to fix the Badlock vulnerabilities in three versions of Samba on April 12th, 2016: 4.2.11, 4.3.8, and 4.4.2. Samba.org does not plan to patch any earlier versions of Samba.

Microsoft Windows Updates

Microsoft released security updates to fix the Badlock vulnerabilities in versions of Microsoft Windows and Windows Server from Windows Vista forward on April 12th, 2016.

Centrify Plans for Samba

The export of software cryptography from the United States is subject to the U.S. Export Administration Regulations administered by the Bureau of Industry and Security in the U.S. Department of Commerce.  Because of export control requirements related to the cryptographic library used by Samba, Centrify can no longer provide a Samba binary to its customers.

Because of this, Centrify had planned on changing our approach to our Samba support.  The Badlock security issue has caused Centrify to have to accelerate our plans.  Centrify is extending CentrifyDC-adbindproxy to enable Linux and UNIX computers running Centrify Server Suite to use the stock Samba distribution, without any patches to the Samba code by Centrify.  Centrify believes this is a better, more sustainable approach to enabling its Server Suite customers to use Samba.  Centrify still provides the ActiveDirectory integration that provides value to our customers, we just cannot provide the Samba product and our customers will need to download that from Samba.org. This means Centrify will no longer be able to provide a Samba binary, nor distribute any Samba code through Server Suite or any other mechanism. Centrify will continue to provide our ActiveDirectory integration piece and support our customers with the configuration of that to work with the Samba server from Samba.org.

The last version of Samba that was patched by Centrify was CentrifyDC-samba 4.5.9, based on Samba 3.6.25.  Centrify does not plan to patch any later versions of Samba.

Customer Mitigation

Linux and Unix

Centrify plans to release updates to CentrifyDC-adbindproxy to enable Linux and UNIX computers running Centrify Server Suite to use stock Samba v4.2.11 and later distributions.  These updates will roll out as Centrify completes its internal validation for specific *nix distributions.  Instructions on replacing CentrifyDC-samba with a stock Samba binary will be included.

Centrify Server Suite versions 2013.3 and later will be supported by these updates to CentrifyDC-adbindproxy.

The updates to CentrifyDC-adbindproxy will be distributed on the Centrify web site as a separate package.

The target release date for support of the following Linux distributions is April 26, 2016. Operating system version support is as specified for Centrify Server Suite 2013.3 and later.

  • Red Hat Enterprise Linux
  • SUSE Linux Enterprise
  • Ubuntu
  • CentOS

The target release dates for support of AIX, Solaris, and HP-UX have not been determined, but will follow Linux support as rapidly as possible.  

For Linux and UNIX computers not running Centrify Server Suite, Centrify strongly suggests its customers update to a patched version of Samba (with the Badlock security updates) wherever possible.

For environments that cannot update to the patched Samba versions, Centrify strongly suggests implementing the MITM and DoS mitigations recommended at Badlock.org.  

Microsoft Windows

Centrify strongly suggests its customers apply the Badlock security updates to Microsoft Windows computers.

Centrify Knowledge Base update

Centrify will continue to update customers about this issue, including target release dates, via this Knowledge Base article:

KB-6731: Impact of Badlock (CVE-2016-0128/CVE-2016-2118) on Centrify-Enabled Samba

References

Samba

https://www.samba.org

https://www.samba.org/samba/latest_news.html#4.4.2

https://www.samba.org/samba/security/CVE-2016-2118.html

Microsoft

https://technet.microsoft.com/library/security/MS16-047

Badlock

http://badlock.org/

 


 

March 29, 2016

What's New in Centrify Cloud 16.3

Centrify Identity Service, App Edition
  • MFA Reports
  • OATH Token Management for Admins
  • Multi-select Actions for Mobile
  • SharePoint Installation Script
  • App Capture Diagnostic Improvement

For details see What's New in Identity Service.


Centrify Privilege Service
  • Remote Access and Active Directory Accounts
  • Unchanged Passwords by Default

For details see What's New in Privilege Service.

 


 

March 8, 2016

Centrify Connect: The Identity Security Conference

Centrify Connect is 2-day conference in New York, scheduled for May 11th and 12th. Centrify Connect is a power-packed, two-day identity security immersion to help you maximize the Centrify assets you already own, and also provide opportunities for you to hear what industry experts, company leaders and your peers have to say about protecting both end users and privileged users across today’s hybrid IT world of cloud, mobile and data center.

In addition to over 40 business and technical tracks focused on identity security, there are multiple opportunities for one-to-one demo sessions, networking with security architects and industry peers as well as the opportunity to earn CPE credits toward CISSP certification.

Early Bird Deadline is March 31st.

For additional details visit http://www.CentrifyConnect.com.

 


 

March 8, 2016

Impact of DROWN vulnerability (CVE-2016-0800)

Centrify Server Suite is not affected by this vulnerability. For more information on CVE-2016-0800, please see KB-6430: Does CVE-2016-0800 affect Centrify? 

 


 

March 1, 2016

What's New in Centrify Cloud 16.2

Centrify Identity Service, App Edition
  • Revised Settings Menu
  • Extend Centrify MFA to thick apps (VPNs etc.) through RADIUS
  • OATH Support
  • Passcodes Menu in Centrify Mobile App
  • Box
  • Office 365: Ability to specify if license assignment can take  first role that matches
  • Office 365: Granular control of deprovisioning options for Users,  Groups, Resources and Contacts
  • Samanage Feature: Specify domain for Samanage tenant
  • New Apps

For details see What's New in Identity Service.


Centrify Privilege Service
  • Manage passwords for Active Directory accounts
  • Update out-of-sync passwords for managed accounts

For details see What's New in Privilege Service.

 


 

January 21, 2016

Webinar Recording Now Available: What's New in Centrify Server Suite 2016

Centrify Server Suite 2016 is packed with power to help you minimize your attack surface, block in-progress attacks and govern privileged access. 

Watch this on-demand webinar recording to learn more about what’s new in Centrify Server Suite 2016. 

  • Multi-factor authentication for Linux login and elevated privilege 
  • Local account provisioning 
  • Reporting Services for Microsoft® SQL Server™ 
Watch Now

 


 

January 21, 2016

Internet Explorer 8, 9 & 10 - End of Support as of March 31, 2016

What is the change?
  • Microsoft has announced support for only the most current version of IE (version 11) starting January 12, 2016 (see: https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support).
  • With our Centrify Cloud 16.3 release, Centrify will no longer support IE versions 8, 9 & 10.
  • Centrify will continue to support IE versions 8, 9 & 10 with currently supported Centrify Cloud versions equal to or lower than 16.2 through March 31, 2016.
What does this mean?
  • IE versions 8, 9 & 10 will no longer get security updates from Microsoft potentially exposing them to security vulnerabilities that could compromise data.
  • While IE versions 8, 9 & 10 may continue to work with Centrify Cloud versions 16.3 or later, Centrify will no longer test, investigate or address defects or other issues with these versions of IE.

For additional information, please contact Centrify Support.

 


 

January 19, 2016

What's New in Centrify Cloud 16.1

Centrify Identity Service, App Edition
  • Google Directory Support
  • B2C Customization
  • Improvements to Cloud Connector Selection (Performance)
  • Improved Provisioning
  • New Apps Supported in 16.1
  • Admin Notifications to Mobile Device

For details see What's New in Identity Service.


Centrify Privilege Service
  • Tag accounts as favorites for workspace and tiles

For details see What's New in Privilege Service.

 


 

December 21, 2015

What's New in Centrify Cloud 15.12

Centrify Identity Service, App Edition
  • B2C General Availability
  • Setting to Capture Login Password
  • Provisioning User Passwords into Google Apps
  • Provisioning Groups into Google Apps 
  • Provisioning Email Alias into Google Apps 
  • Ability to cancel pending provisioning jobs
  • CDC ADFS template now available in App Catalog
  • Provision FederationID into Salesforce
  • Migrate policy from AD to Cloud
  • New Apps: Halogen Software, JIRA Server and more

For details see What's New in Identity Service.


Centrify Privilege Service
  • Application to application password management
  • CLI Toolkit
  • Password History

For details see What's New in Privilege Service.


What's New in Centrify Suite 2016

Centrify Server Suite
  • Multi-factor authentication
  • Zone-based application identity management (local account management)
  • Reporting Services
  • Windows Agent enhancements and more

For details and additional new features see What's New in Server Suite.


Centrify Identity Service, Mac Edition

  • Individual FileVault keys
  • Improved authentication speed
  • Smart Card improvements
  • El Capitan support

For details see What's New in Identity Service, Mac Edition

 


 

December 8, 2015

What's New in Centrify Cloud 15.11

Centrify Identity Service, App Edition
  • B2C: SSO/Authentication for Customers via Social Login
  • Self-Service Account Unlock
  • Portal Login for Smart Card Users
  • Improved Support for Authentication Challenges
  • Server Suite Authentication
  • Improved Sync for Office 365
  • Ability to Delete Provisioning App without De-Provisioning Users
  • Preview Support for OpenID Connect
  • Simplified oAuth for provisioning into Google Apps, Box
  • New Reports
  • New Apps Supported in 15.11
  • New iOS Features
  • New Android Features

For details see What's New in Identity Service.

 


Centrify Privilege Service
  • User Portal Interface to Resource Login
  • User Portal Interface to Shared Account Login
  • Mapping Resource Subnets to Specific Cloud Connectors

For details see What's New in Privilege Service.

 


 

November 3, 2015

What's New in Centrify Cloud 15.10

Centrify Identity Service, App Edition

  • Tenant URLS (“Vanity URLs”)
  • Workflow for managing app request, approval, and provisioning
  • B2B Federation
  • Office 365 Instant Object Sync
  • Provisioning users into existing groups in Box
  • Ability to Hash certain form fields
  • Policy to control whether users can view/copy password to clipboard
  • New Apps Supported
  • SSL Certificate Pinning
  • SMS MFA link
  • Enterprise app store for MAC
  • Filevault 2 enabled in the cloud

For details see What's New in Identity Service.


Centrify Privilege Service

  • New option for securely storing passwords on-premises
  • Automatic, periodic password rotation
  • Enhancements for unmanaged accounts

For details see What's New in Privilege Service.

 


 

October 6, 2015

What’s New in Centrify Cloud 15.9

Centrify Identity Service, App Edition

  • Showing Apps Assigned to a User
  • Authentication Profiles
  • Centrify + Android For Work
  • Office 365: Prevent scripts with syntax errors from being saved
  • Office 365: Ability to filter/exclude Active Directory objects from sync
  • Office 365: Ability to link AD objects in provisioning scripts
  • Office 365: Performance improvements for provisioning jobs
  • Office 365: Support for Windows 10 Azure AD Join through Centrify
  • In-place upgrade of web apps (Username and Password)
  • De-provisioning Support for Salesforce
  • Google Apps for Work
  • Chrome for Work
  • Official support for Chromebooks
  • Certification with Concur​

For details see What's New in Identity Service.


Centrify Privilege Service

  • Windows account name format improvements
  • Distinct network segments

For details see What's New in Privilege Service.

 


 

September 23, 2015

Centrify Provides Day Zero Support for OS X El Capitan

Centrify is pleased to continue its tradition of offering customers immediate support for the latest OS X operating system. An updated version of the Centrify for Mac Agent is available today for the soon-to-be-released OS X El Capitan.

Refer to the OS X El Capitan Support Resources Page for everything you need to successfully implement Centrify for Mac with OS X 10.11.

Read the Centrify for Mac OS X 10.11 Release Notes for a list of changes and known issues.

For further assistance, please contact Centrify Support.

 

 


 

August 31, 2015

What’s New in Centrify Cloud 15.8

Centrify Identity Service, App Edition

Centrify Identity Service 15.8 includes several exciting new features and updates.

  • New Login Pages
  • App Categories and Tags
  • Summary of Administrative Rights for Users
  • Improved Cloud Connector Configuration
  • Password Change from Mobile
  • True SSO on Mobile
  • App Compliance Report
  • Mac App Management Support for Updates
  • Device Enrollment Program Support for Mac
  • Cleaner and Safer Federation Configuration for Office 365
  • New Applications (SAML)

For details see What's New in Identity Service.


Centrify Privilege Service

Several bug fixes

 


 

August 20, 2015

What’s New in Centrify Cloud 15.7

For more information on Centrify Cloud 15.7, please see What's New in Centrify Identity Service and What's New in Centrify Privilege Service.

 


 

August 17, 2015

Impact of CVE-2015-5600 on Centrify-OpenSSH

OpenSSH 7.0 which addressed CVE-2015-5600 was released on August 12th, 2015.​

A new updated version of the Centrify compiled version of OpenSSH will be released in Centrify Suite 2016. For more information, please see KB-5534.

 


 

July 16, 2015

What's New in Centrify Identity Service: App Edition 15.6

Centrify Identity Service 15.6 includes several exciting new features and updates.

New Platform and Application Features:

  • New Office 365 provisioning options

New Mobile Features:

  • Multi-factor Authentication now available for mobile device enrollment

For details see What's New in Identity Service.

 


 

July 13, 2015

Announcing Availability of Centrify Server Suite 2015 Update 1

Centrify is pleased to announce Centrify Server Suite 2015.1, an update to our industry-leading solution for consolidating identities, implementing least privilege access and monitoring privileged sessions across Windows, Linux and UNIX systems on-premises and in the cloud.

Enhancements to Centrify Server Suite include streamlined identity management for Hadoop environments. Hadoop jobs are now ensured to complete even after a user logs out leveraging infinite renewal for the user’s Kerberos tickets. This release also extends smart card and certificate management capabilities by enabling a validation, during the single sign-on process, that a user’s initial log in was performed with a smart card and PIN.

In addition to the new features delivered in this release, Centrify Server Suite 2015 update 1 delivers many usability and performance improvements, as well as flexibility through added options for configuration, scripting, command line utilities and deployment reports.

New platform support in this release includes, CentOS 7.1; Citrix XenServer 6.5; Debian Linux 8.x; Fedora 22; Oracle Enterprise Linux 7.1; Red Hat Enterprise Linux Server 7.1; Scientific Linux 7.1; Ubuntu Server/Desktop 15.04.

Please refer to the What’s New in Centrify Server Suite 2015.1 for a detailed description of new features.

 


 

June 13, 2015

What's New in Centrify Identity Service: App Edition 15.5

Centrify Identity Service, App Edition 15.5 includes several exciting new features and updates.

New Platform and Application features:

  • Updated design for Centrify portals
  • Improved Quick Start Wizard
  • App gateway enhancements
  • Office 365 license summary
  • New HTTPS warning notification
  • Improved reporting for user login using IWA
  • New apps added to the Centrify catalog
  • New SAML app documentation has been added

New Mobile features:

  • MFA notifications now available for Apple Watch users
  • Ability to unlock Android mobile app using NFC
  • New add shortcut feature for Centrify for KNOX mobile app
  • Access Centrify Privilege Service (CPS) resources from a mobile device

For details see What's New in Identity Service.

 


 

June 2, 2015

Centrify for Office 365 Customer Success Video Series

We are excited to announce the launch of Centrify for Office 365 Customer Success Video Series. This video series is designed to guide system administrators through the A to Z’s of Centrify for Office 365, with practical information on everything from preparing Office 365 tenants to Active Directory set up and configuration.

Centrify’s Technical Support team members have prepared this video series with hands-on experience they’ve gained in the field, and we hope you will find this content helpful. We are kicking off the series with the first three modules. Additional modules will be posted on a regular basis, so please subscribe to the How-To video tech blog for real time updates. 

 


 

May 18, 2015

[Webcast Replay] An Introduction to Centrify Privilege Service

WATCH ON-DEMAND REPLAY

What's the best way to minimize the risks associated with sharing privileged accounts? Don’t share! But when you must, you need a solution that enables IT to centrally control access to shared credentials by privileged users who may be on-premises or, increasingly, remote…or even outsourced.

In this webinar, Centrify CEO Tom Kemp and Director of Product Management Brad Zehring explain why traditional, on-premises-bound solutions can't address the new use cases required by the modern enterprise. With a secure, cloud-based service that doesn't mandate VPN access, IT can securely manage and monitor the use of privileged accounts across on-premises and cloud infrastructure for their distributed workforce.

In this webinar you will learn how to:

  • Minimize risks associated with sharing privileged accounts in the hybrid enterprise
  • Increase remote access security for IT and outsourced IT without a VPN
  • Prove access control compliance and monitor privileged sessions for individual and privileged accounts

 


 

May 4, 2015

Introducing Centrify Privilege Service™

Centrify Privilege Service is the industry's first cloud-based password and access management solution.  Privilege Service combines shared account password management with the ability to securely manage and audit access by internal and outsourced IT. The net result is increased security when sharing privileged accounts, simplified compliance, and secure remote access to on-premises and cloud-based infrastructure.

Privilege Service complements Centrify Server Suite™, which combines comprehensive bridging of Linux and UNIX systems to Active Directory with powerful privilege management and session monitoring across Windows, Linux and UNIX systems.

Privilege Service is built on the Centrify Identity Platform and delivered as Software as a Service (SaaS) from the Centrify Cloud. In addition to its powerful features for password and access management, Privilege Service includes all the features and functionality of Centrify Identity Service App+ Edition.

With Centrify Privilege Service you can:

  • Enforce centralized control over shared accounts. Control who can access shared account credentials, audit all password check-in/check-out activity, and record privileged sessions.
  • Increase access security. Grant IT and outsourced IT secure access to the data center and cloud-based infrastructure they manage without giving out full VPN access.
  • Enable cost-effective compliance and auditing for shared accounts, Simplify compliance through proof of who has access to shared privileged accounts and who has used that access, with full video capture of privileged sessions.

Learn More

 


 

April 6, 2015

What's New in Centrify Identity Service: App Edition 15.3

Centrify Identity Service, App Edition 15.3 includes several exciting new features and updates.

New Administrative Features Added

  • Plugin Download Link in Application Settings
  • App gateway improvements
  • Preview Support for LDAP as an Identity Source
  • Centrify for Office 365 Improvements
  • New Office 365 Sample Policy Scripts 

New User Features Added

  • New App Icon
  • New Catalog Apps!

For details see What's New in Identity Service

 


 

March 16, 2015

Centrify Security Notice: ​Samba Remote Execution Vulnerability CVE-2015-0240​

Summary

A vulnerability was identified (CVE-2015-0240) in Samba release 3.6.24 that could allow the execution of arbitrary code with root privileges.

Affected Products

Centrify-Enabled Samba Version 4.5.8 (based on open source version 3.6.24) and older.

Customer Mitigation

Centrify has released 4.5.9 of Centrify-Enabled Samba, based on the updated Samba 3.6.25 codebase. The new release is available for download.

For additional questions, please go to the Knowledge Base and search for “KB-5141”. If you need further assistance, you can open a case.

What Is a Centrify Security Notice?

The Centrify Support Team publishes Centrify Security Notices to inform customers of security issues involving Centrify products. For additional information on this Centrify Security Notice, please contact your normal support channels.

For a list of all published Security Notices refer to our Product Security Policy.

 


 

March 9, 2015

What's New in Centrify Identity Service: App Edition 15.2

Centrify Identity Service, App Edition 15.2 includes several exciting new features and updates.

New Administrative Features Added

  • Shared account icon
  • Centrify for Office 365 improvements
  • App gateway improvements
  • New catalog apps!
  • Simplified cloud connector configuration

New User Features Added

  • Updated App settings interface
  • Improved password management

For details see What's New in Identity Service

 


 

February 19, 2015

Centrify Security Notice: Centrify Server Suite, Enterprise Edition Security Vulnerability

Summary

A vulnerability in Centrify Server Suite, Enterprise Edition could allow an user with permissions on the DirectAudit installation to connect to the management database, execute a stored procedure and obtain unencrypted credential for the user-configurable account (“Ongoing account”).

Affected Products

Centrify Server Suite, Enterprise Edition 2012 or higher

Customer Mitigation

This issue has been addressed in Centrify Server Suite 2015. For customers using DirectAudit (Windows or UNIX) prior to this version, please refer to the following KB article for a workaround:

Knowledge Base Article KB-5070 
Log in to the Support Portal, and search for “KB-5070” in the  Knowledge Base

Centrify recommends all customers to make this change on their Database being used for DirectAudit.

What Is a Centrify Security Notice?

The Centrify Support Team publishes Centrify Security Notices to inform customers of security issues involving Centrify products. For additional information on this Centrify Security Notice, please contact your normal support channels.

For a list of all published Security Notices refer to our Product Security Policy.

 


 

February 18, 2015

Centrify Server Suite 2015 introduces features to secure and simplify Hadoop environments, makes SIEM integrations easier and delivers new platform support

Enhancements to Centrify Server Suite enable the seamless integration of the nodes in a Hadoop cluster into Active Directory for user authentication leveraging centralized access controls defined within Active Directory. Centrify also automates the configuration of Hadoop in secure mode centrally, from the name node. Centrify generates service accounts within Active Directory and distributes service account credentials across all nodes. This central management of service accounts simplifies running Hadoop in secure mode and ensures the continued management of the Kerberos environment required for secure mode.

Hadoop administrators and Big Data analysts benefit from simplified access to the Hadoop cluster, as they leverage single-sign on to the cluster and across nodes using their standard Active Directory credentials. Centrally managing user accounts in Active Directory eliminates the need to create multiple identities for users and ensures a “one user, one identity” framework that strengthens security, lowers IT costs and streamlines your organization. 

Other enhancements include:

  • Easier integration with security information and event management (SIEM) systems
  • Smart card support for Red Hat 7
  • Smart card re-authentication for Windows privilege elevation
  • Improved auditing performance
  • Privacy features for audited data
  • More automation capabilities for reporting and audit database management

New client platform support includes:

  • CentOS 5.11, 6.6, Debian Linux 7.7, Fedora 21, Linux Mint 17.1, OpenSUSE 13.1, 13.2, Oracle Linux 5.11, 6.6,7.0, Oracle Solaris 11.2, Red Hat Enterprise Linux Server/Desktop 5.11, 6.6, Red Hat Enterprise Linux Server 5.10, 5.11, 7.0, Scientific Linux 5.11, 6.6, 7.0, Ubuntu Desktop/Server 14.10, SUSE Enterprise Linux 12

For detailed list of improved features and supported platforms, please see what’s new in Server Suite 2015

 


 

January 24, 2015

What's New in Centrify Identity Service: SaaS Edition 2015.1

Centrify Identity Service, SaaS Edition 2015.1 includes several exciting new features and updates.

New Name – Same Great Product!

The Centrify User Suite isn’t a suite of products or tools but is primarily focused to centralize and manage privileged identity using the Centrify cloud “as-a-service”. The Centrify User Suite has now been renamed as the Centrify Identity Service.

New Administrative Features

  • App Gateway Beta sign-up has been extended
  • Context-aware application policy scripts
  • New application policy restrictions
  • New Catalog Apps added
  • New registration links available for Username/Password apps
  • HTTPS support for Integrated Windows Authentication (IWA)
  • Support for Microsoft Certification Authority use with Cloud-based policies

New Mobile Features

  • Primary device support
  • Kiosk Auto-update feature
  • Multi-factor Authentication (MFA) notifications

For details see What's New in Identity Service.

 


 

December 23, 2014

Centrify-Enabled Samba Now Supports Samba Version 3.6.24

The latest release of Centrify-Enabled Samba now includes support for the Samba 3.6.24 codebase. Centrify-enabled Samba consists of the standard Samba open source package, which has been compiled with our Kerberos libraries. We provide this Centrify-enabled Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems.

This release also includes additional bug fixes and all known security patches to date.

New Features in Centrify Samba 4.5.8

  • Samba version updated to 3.6.24
  • Fix for CVE-2014-0178 is included in this release

Added support for

  • Red Hat Enterprise Linux Server 7.0 (64-bit)
  • Red Hat Enterprise Linux Desktop 7.0 (64-bit)
  • CentOS 7.0 (64-bit)
  • Oracle Linux 7.0 (64-bit)
  • Debian Linux 7.4, 7.5, 7.6 (32-bit and 64-bit)
  • Linux Mint 17 (32-bit and 64-bit)
  • Linux Mint Debian Edition 201403 (32-bit and 64-bit)
  • Ubuntu Desktop 14.04 LTS (32-bit and 64-bit)
  • Ubuntu Server 14.04 LTS (32-bit and 64-bit)

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

 


 

December 12, 2014

What's New in Centrify for SaaS 2014.10

Centrify User Suite, SaaS Edition 2014.10 includes several new features and updates to customers of Centrify User Suite.

New Administrative Features

  • User Portal access controls have been added
  • Device enrollment restrictions
  • Improved support for Administrators to debug mobile
  • Custom Email Templates and ability to invite Active Directory users
  • Ability to delete inactive proxy hosts from Cloud Manager

New SaaS Applications & Features

  • App Gateway Beta sign-up has been extended
  • App Catalog report
  • On-premise SharePoint Server template now included in the App Catalog

For release notes on this and other Centrify Identity Services updates, see the Documentation Resources page.

 


 

November 21, 2014

Announcing Centrify Trust: Security, Availability and Privacy of the Centrify Cloud Service

Centrify's thorough approach to availability, reliability, scalability, security and privacy ensures that you can depend on us as a trusted partner and provider. To succeed and earn your trust, we need to meet your expectations every single day, with every interaction. Using Centrify Trust, you can find real-time updates on Centrify Cloud Service performance and availability, and you can subscribe to notifications and alerts. 

To provide transparency to our customers, we are launching a new service so that you have a single pane of glass into the health of Centrify Cloud Service. While the information has always been available by a request to Centrify Support, we are now making this information available to all customers of Centrify.

 


 

November 12, 2014

What's New in Centrify for SaaS 2014.9

Centrify User Suite, SaaS Edition 2014.9 now includes several new features and updates to customers of Centrify User Suite.

  • Added support for SSO to apps using WS-Federation
  • Certificate based Email, Wi-Fi and VPN Cloud-based Policies for Mobile
  • Improved Cloud Policy Service
  • New security enhancements and administrative policy restrictions now available
  • Improved UI for adding mobile devices
  • Centrify mobile browser now displays mobile version of webpages by default
  • KNOX 2.0 Features

For release notes on this and other Centrify Identity Services updates, see the Documentation Resources page.

 


 

October 22, 2014

What's New in Centrify for SaaS 2014.8

The latest release of Centrify User Suite, SaaS edition 2014.8 contains a wealth of updates to customers of Centrify User Suite:

  • Improved flow when adding Web Apps in both User Portal and Cloud Manager
  • Search enabled in Cloud Manager for Users, Apps, Devices and Roles
  • Users tab in Cloud Manager now contains “Invited User Status”
  • Support for sending SMS invite to on-board users
  • New and improved upgrade experience for the Centrify Browser Extension
  • User provisioning support for DocuSign and Samanage
  • Hybrid Exchange support for Office 365 app
  • Simplified proxy registration
  • Control over Proxy Auto-Update timing
  • Browser affinity for mobile clients
  • Ability to specify KNOX app installation location
  • KNOX password two factor authentication
  • iOS 7 / 8 per-app VPN

Expanding on a couple of the most exiting features in detail:

Improved Usability

The App Catalog has been massively overhauled with the following features:

  1. Improved search featuring browse by category
  2. Add web apps
  3. A custom tab for easy access to app templates and Infinite Apps
  4. A more prominent Import option for importing apps which have been exported from another tenant / earlier backup.

For release notes on this and other Centrify Identity Services updates, see the Documentation Resources page.

 


 

October 16, 2014

Centrify Provides Day One Support for Yosemite

Centrify is pleased to continue its tradition of offering customers day one support for the latest Mac OS X operating system. An updated version of Centrify User Suite, Mac Edition (Centrify for Mac) is available today for the newly released OS X 10.10 Yosemite operating system.

This Centrify for Mac release is a required update for anyone wanting to run Yosemite on a Centrify-managed system. Current users of Centrify for Mac will need to upgrade the Centrify for Mac agent AND be in Connected mode first, BEFORE migrating to Yosemite. Upgrade instructions and updated group policy templates are also included in the download package.

In addition to bringing support for OS X 10.10, additional key updates for this release include:

  • Support for smart card (CAC, CAC NG, PIV and PIV-I) login support on Mac OS X Yosemite, ensuring strong authentication and single sign-on to other applications and services for Active Directory users.
  • Support for remote silent installation via Apple Remote Desktop and other deployment solutions.

Consult the Centrify for Mac OS 10.10 Release Notes for a list of changes and known issues.

To download:

 


 

October 14, 2014

Centrify Customer Security Notice on ADSETGROUP Vulnerability

Note: The information in this Security Bulletin should be acted on as soon as possible.

Vulnerability Summary:

/usr/share/centrifydc/libexec/adsetgroups is a setuid root utility and is used on older UNIX systems (such as Solaris, AIX, HPUX, etc) where the system is only able to support smaller sets  ( 16 ) of groups per user.   Working in conjuction with a large customer, Centrify has discovered a bug in the adsetgroups utility that may result in data leakage in certain circumstances.

Acknowledgements:

  • Centrify would like to thank Travis Emmert for working with us in reporting the issue and protecting our customers.

Affected Products:

  • Centrify Server Suite 2008 through Centrify Server Suite 2014.1 and
  • Centrify DirectControl 3.x.x through 4.2.0 (which were shipped prior to Centrify Server Suite 2008)

Customer Mitigation:

This tool is not commonly used anymore and new systems such as Linux do not have the small group set limitation. For users who do not use this tool (e.g. not using an older UNIX system), Centrify recommends removing the adsetgroups utility or, as an alternative, removing the setuid bit on the executable using “chmod -s”.  This command can be pushed via group policy or through Deployment Manager. Please refer to KB-4825 for additional details.

Resolution:

This has been fixed in the refreshed version of Centrify Suite 2014.1

Centrify recommends customers follow the steps from the Mitigation plan above and/or upgrade to the current release of 2014.1 as soon as possible. The release is available on the Download Center.

For assistance or questions open a case with Centrify Support.

For further information, see the Centrify Product Security Policies.

 


 

September 29, 2014

Centrify Customer Security Notice on “Shellshock” (CVE-2014-6271)

On Sept 24th, 2014, a serious vulnerability was disclosed in the UNIX/Linux bash shell (the acronym bash stands for Bourne-again shell). The so-called "Shellshock" vulnerability affects the bash interpreter and can enable an attacker to execute arbitrary commands on the system. Any system that uses the bash shell is affected.

After the vulnerability was disclosed, Centrify conducted a comprehensive security review of the impact of Shellshock on its software products and services.

No Centrify software or services explicitly use bash.

Centrify User Suite, SaaS Edition 

The Centrify User Suite, SaaS Edition is not affected by this vulnerability.

Centrify Cloud 

The Centrify Cloud Service is not affected by this vulnerability.

Centrify Server Suite and Centrify User Suite, Mac Edition 

Centrify Server Suite and Centrify User Suite, Mac Edition do not explicitly use bash. Instead, they use the default system shell. Both products invoke the default system shell in a variety of places.

  • Scripts
  • CLI commands 
  • The dzdo command invocation (to set up the library path)
  • The dzdo.validator script (if specified)

Unfortunately, some UNIX/Linux distributions make bash the default system shell. These distributions include Red Hat and SUSE. On such a system, both Centrify Server Suite and Centrify User Suite, Mac Edition will implicitly invoke bash as the result of invoking /bin/sh.

Customer Mitigation

Centrify strongly urges its customers to apply the appropriate patches to bash to eliminate this vulnerability as soon as possible.

Please contact your OS vendor for the appropriate patches for your systems.

For additional details and suggested workarounds to mitigate the issue, please login to the Centrify Support Portal and refer to KB-4799.

 


 

September 16, 2014

Announcing Availability of Centrify User Suite, SaaS Edition 2014.7 (14.7)

Some new capabilities:

1. Improved usability features (Quick Start Wizard and simpler flows for adding mobile apps)

With this release, when an admin logs into Cloud Manager, you will be presented with a Quick Start Wizard to quickly setup your tenant. The wizard also enables you to do the following:

  • Manage mobile apps
  • Add web apps
  • Add mobile apps
  • Add users, and
  • Invite users

2. Additional provisioning support and improved provisioning support for Office 365

We have added provisioning support for 4 more apps:

  • Amazon Web Services
  • Concur
  • EchoSign
  • Webex

In addition we have also enhanced Office 365+ Provisioning app. For more details refer to “What’s New in User Suite”

3. Enhanced integration with Active Directory.

Two new features have been added to leverage Active Directory:

  • Lost Password Support: We now have the ability to enable users to reset a lost password from the login screen
  • Password Expiration Notification: Within 14 days of password expiration, users will see notifications in the User Portal that their password needs to be changed.

For details, check out:

 


 

September 15, 2014

Announcing the launch of Centrify Community, collaboration forum for all Centrify Customers

Centrify Support is pleased to announce the launch of Centrify Community. In an effort to help our customers, advocates and champions within our customer base, Centrify Support is launching a new channel of communication and collaboration.

We care about customers’ thoughts and idea and our focus in providing world-class support is now being extended to Social Media. The Centrify Community represents a new crowdsourcing platform intended for online discussion enthusiast seeking fast, simple, precise and competent answers to all their questions from their peers across all verticals.

This platform is not limited to Centrify Customers and we have created a platform where customers, users and developers can show their personal knowledge and expertise by providing valuable content.

The Community is not only a forum but also more than a forum for questions and answers, so we included blogs, documentation, Events Calendar under the resources section.

Some of the key Community capabilities that we implemented

  • Single Sign-on Support
  • Multiple discussion board functionality
  • Blogs
  • Events
  • Access to Product Documentation
  • Incredible Search

To get started with the Community, use your current login credentials to the Centrify Support Portal and start collaborating.

 


 

August 27, 2014

Centrify for Mac 2014.1

Centrify for Mac 2014.1 includes new features for cloud-based remote management, FileVault disk encryption, Group Policy and smart card authentication.

 


 

August 27, 2014

Centrify Server Suite 2014 Update 1 (Server Suite 2014.1) adds new platform support, product enhancements for usability, and changes to Express

The Centrify Server Suite 2014.1 adds new platform support including support for Red Hat Enterprise Linux v7 and Windows Server Core 2008 R2 through 2012 R2. Product enhancements include search of audited user sessions based on date and time, which makes it easier to ensure regulatory compliance and find the root cause of trouble ticket issues. In addition, the Deployment Manager utility now provides the option of storing credentials permanently or just for the current session to align with your organization’s security policies.

Other enhancements include:
  • Smart card authentication for CentOS 5.x and 6.x.
  • Enhancements to user name mapping
  • Improved performance for new Audit Store databases
  • Support for new audit scenarios
New client platform support includes:
  • Windows 8.1
  • Windows Server 2012 R2
  • CentOS Linux 7 (64-bit)
  • Debian Linux 7.5, 7.6 (32-bit and 64-bit)
  • Linux Mint 17 (32-bit and 64-bit)
  • Linux Mint Debian Edition 201403 (32-bit and 64-bit)
  • Oracle Linux 7 (64-bit)
  • Red Hat Enterprise Linux 7 (64-bit)
  • Ubuntu Desktop 14.04 LTS (32-bit and 64-bit)
  • Ubuntu Server 14.04 LTS (32-bit and 64-bit)
Changes to Centrify Express for UNIX/Linux and Centrify Express for Mac

Centrify Express for UNIX/Linux can now be deployed on up to 200 systems for commercial and government organizations and up to 400 systems for educational institutions and non-profit organizations. (Note this does not impact users of Centrify Express for Mac.) Additionally, certain premium access control capabilities are now only available in Centrify Server Suite or Centrify User Suite, Mac Edition. For more details on these changes, please visit this Frequently Asked Questions page.

Please refer to the What’s New in Centrify Server Suite 2014.1 for a detailed description of new features and the changes to Express.

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

 


 

July 25, 2014

Announcing Availability of Centrify User Suite, SaaS Edition 2014.6 (14.6)

The latest release of Centrify User Suite, SaaS Edition 2014.6 delivers enhancements and bug fixes to all customers of Centrify User Suite.

New Features in 14.6
  • User Provisioning for: Box, Google Apps for Business, Office 365, Salesforce and Zendesk.
    • User provisioning refers to account creation and termination in the target application based on Centrify role membership. (NOTE: Hybrid Office 365 deployments are not currently supported)
  • “Getting Started” Dashboard in Cloud Manager.
    • Default home page in Cloud Manager is now a “Getting Started” Dashboard — admins can change the home page to any of the other dashboards.
  • New mobile clients with improved user interface.
  • Support for applications using NTLM and Basic authentication. (available as a Generic application in the Applications Catalog)
  • Addition of user-defined security question for multi-factor authentication.
  • Admins can now choose any of the following for MFA: Centrify Mobile Authenticator, phone call, text message, email, and/or user-defined security questions.
  • Please refer to the release notes for additional information after the update.
  • NOTE: Centrify Cloud Service version 2014.6 (14.6) will be the last version to support proxies on version 13.10 and lower. The next Cloud service version after this next update (14.7) will require installed proxies to be at least on version 13.11 or higher.

 


 

June 23, 2014

Announcing Availability of Centrify User Suite, SaaS Edition 2014.5 (14.5)

The latest release of Centrify User Suite, SaaS Edition 2014.5 delivers enhancements and bug fixes to all customers of Centrify User Suite.

New Features in 14.5
  • Mobile clients now support SSO for web apps that require the Centrify browser extension.
  • Policy to allow/restrict users from being able to add applications to the User Portal.
  • Default policy set for new tenants to enable password reset.
  • Ability to export / import an application from Cloud Manager (this enables an admin to export the application configurations from one environment to import into another).
  • Ability to clone an app to facilitate deploying similar apps requiring minor modifications to the app configuration.
  • Support for Read-Only Domain Controller (improves performance for environments where connection to Read-Write Domain Controller is slow)
  • Ability to enable/disable ODE trusted boot verification on Samsung KNOX Devices. This requires the device to pass kernel integrity verification in order to decrypt On Device Encrypted data such as the KNOX container.
  • Ability to enable/disable TIMA keystore for Samsung KNOX devices. This enables the TrustZone to act as the default device keystone and ensure that if the device does not pass kernel integrity verification that the keys in the keystone will not be accessible.
  • Policy to restrict screen captures while in KNOX.
  • Enable UMC support — This enables Samsung KNOX 2.0 devices to enroll without needing to download the MDM client manually. Users can just initiate the MDM enrollment from the Universal MDM Client already on the device. This is initiated by launching a URL on the device which can be launched via a QR code or a text of the URL to the device.
  • Support for defining VPN policies across personas for KNOX devices (both for the device and for the KNOX container).
  • Bulk MDM enrollment support for Centrify Policy Service (instead of AD).
  • Please refer to the release notes for additional information after the update.

 


 

June 2, 2014

Announcing Availability of Centrify User Suite, SaaS Edition 2014.4 (14.4)

The latest release of Centrify User Suite, SaaS Edition 2014.4 delivers enhancements and bug fixes to all customers of Centrify User Suite.

Centrify for Mobile
  • KNOX 2.0 support
    • App whitelist / blacklist;
    • Policy to allow Google Play in the KNOX 2.0 container
    • Policy to allow users to move apps into the KNOX 2.0 container)
  • Support for Android Kiosk mode (policy to run device in kiosk mode where only a specific app can run turning the device into a single-purpose device).
  • Ability to export a Device Profile for use with Apple Configurator for customers using Device Policy Management through the cloud (extension of feature in 14.3 where this was enabled for customers using AD for device policy management).
Centrify for SaaS
  • Improved support for administrators: From Cloud Manager, admins now see a “Support” item when clicking the menu drop-down next to the username. This option provides links to help and support and includes an option to grant read-only access to Centrify Support.
  • Availability of Infinite Apps: Featuring improved app capture, including ability to capture the app description.
  • Please refer to the release notes for additional information after the update.

 


 

May 23, 2014

Customer Support Portal Enhancements

Revamped Knowledge Base

The Centrify Technical Support team is proud to announce a revamped Support Portal that includes a new search engine and capability to make it easier for all Centrify customers to search for known issues and Knowledge Articles created by Centrify Support Engineers.

A few capabilities:
  • Product filters to narrow down search to relevant product
  • If Knowledge Articles don’t result in the answer you were looking for, log a case at the bottom of the search criteria
  • Access to “Most frequently searched articles”

Manage Cases / New Cases

The portal for Customers of Centrify to manage open cases has been enhanced to provide a more user-friendly interface. Apart from managing existing cases, customers can open cases from the online portal and set the right priority for Centrify Support to be able to assist you.

New Features:
  • Manage all your open cases in the new, rich Centrify Support Portal
  • Add comments to your cases and have support engineers get updates real time
  • Open new support case (preferred) and receive updates on the portal
  • Auto-suggestions during the case creation to help you solve your issue
  • Centrify Admins still have the ability to manage all cases for their organization

 


 

April 28, 2014

Announcing Availability of Centrify User Suite, SaaS Edition 2014.3 (14.3) (Centrify for SaaS)

The latest release of Centrify User Suite,SaaS Edition 2014.3 delivers enhancements and bug fixes to all customers of Centrify User Suite.

New Features in 14.3

Centrify for Mobile
  • Ability to export a Device Profile for use with Apple Configurator (NOTE: currently available for customers using Device Policy Management from Active Directory).
  • Several improvements for Samsung devices including:
    • Samsung KNOX 2.0 container management
    • Samsung KNOX SSL VPN management for F5 and Juniper
Centrify for SaaS
  • Password Reset — Administrators can now set a policy enabling cloud users to reset forgotten passwords. NOTE: This does not currently support Active Directory users.
  • Login Suffix — Use of Login Suffix has been simplified to allow admins to simply provide the domain suffixes in one easy step.
  • Device Enrollment — Improved workflow for users to enroll devices directly through a link in the User Portal, or by sending the link (via text or email) to a mobile device.
  • Please refer to the release notes for additional information after the update.

 


 

April 14, 2014

Customer Security Notice on Heartbleed Disclosure

On Tuesday, April 8th, 2014, a serious internet-wide security vulnerability was disclosed. The vulnerability, known as Heartbleed, affects the OpenSSL framework that is used by many Internet sites to provide secure communication. Centrify, along with countless other service providers, has been busy conducting a comprehensive security review.

The Centrify security team has conducted comprehensive security review and we have determined that all Centrify Products (Centrify Server Suite, Centrify User Suite and Centrify Express) are not vulnerable to the Heartbleed bug.

Given that Centrify is not affected by the Heartbleed vulnerability, no action is required from our customers. Centrify uses OpenSSL 0.9.8w (in Centrify-enabled SSH and adclient) that is not affected by this vulnerability.

If you have questions or would like additional details please contact Centrify Technical Support.

 


 

March 14, 2014

Centrify-Enabled Samba Now Supports Samba Version 3.6.22

The latest release of Centrify-Enabled Samba now includes support for the Samba 3.6.22 codebase. Centrify-enabled Samba consists of the standard Samba open source package, which has been compiled with our Kerberos libraries. We provide this Centrify-enabled Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems.

This release also includes additional bug fixes and all known security patches to date.

New Features in Centrify Samba 4.5.7

  • Samba version updated to 3.6.22
  • Fix for CVE-2012-6150 is now part of this release
  • Added support for:
    • Red Hat Enterprise Linux Server 5.10, 6.5 (32-bit and 64-bit)
    • Red Hat Enterprise Linux Desktop 5.10, 6.5 (32-bit and 64-bit)
    • CentOS 5.10, 6.5 (32-bit and 64-bit)
    • Scientific Linux 5.10, 6.5 (32-bit and 64-bit)
    • Oracle Linux 6.5 (32-bit and 64-bit)
    • Fedora 20 (32-bit and 64-bit)
    • Debian Linux 7.2, 7.3 (32-bit and 64-bit)
    • Linux Mint 16 (32-bit and 64-bit)
    • Ubuntu Desktop 13.04, 13.10 (32-bit and 64-bit)
    • Ubuntu Server 13.04, 13.10 (32-bit and 64-bit)

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

 


 

February 20, 2014

Centrify Server Suite 2014 introduces features that simplify risk management and make regulatory compliance repeatable and sustainable

The new Centrify Server Suite 2014 introduces major new features that simplify risk management and make regulatory compliance repeatable and sustainable across heterogeneous servers and applications in the datacenter and the cloud.

Enhancements to Centrify Server Suite include streamlined creation and management of administrative entitlements. This release makes it easier to implement least privilege access by delivering new pre-configured rights for Windows Server management consoles that can be used out of the box. New wizards automate the creation of new, complex rights for administrative users and reduce the process to the simple click of a button. Wizards can be used in conjunction with our powerful new match criteria that improves flexibility in building a least privilege access model by enabling privileges to be determined based on properties such as a digital signature (e.g. signed by Adobe, Inc.).

Centrify Server Suite 2014 also uniquely provides full privileged activity audit trails and video capture that ties all activity back to an individual. With this release Centrify enhances our powerful search capabilities and compliance reporting that combines access controls and the associated activity fully integrated across Windows, Linux, and UNIX platforms. Here is a summary of the updates:

Centrify Server Suite Standard Edition

  • The new match criteria feature makes it simple to define a single application right that will launch multiple versions of the same application with privilege; or, multiple different applications that share common criteria.
  • The new Application Rights Builder makes it easy to create application rights for your Windows admins. You simply select a program file, or from a list of running processes. The Builder retrieves all match criteria including file paths and command arguments, eliminating mistakes and wasted time.
  • New pre-defined application rights for eighteen Windows management consoles . These pre-defined rights make it easy to get started with privilege management for your Windows Servers; for example, you can quickly grant your admins the right to manage Windows services without having to give them local administrator accounts.
  • Automate management tasks through PowerShell. For example, you can automate the creation of Centrify zones and roles, add UNIX profiles for Active Directory user and groups to Centrify-managed computers and zones, or assign UNIX and Windows users and groups to roles, computers and computer zones.

Centrify Server Suite Enterprise Edition

  • Enhanced audit captures a complete audit trail across Windows, Linux, and UNIX, and compliance reporting shows all user activity cross-platform.

New platform support in this release includes, Red Hat Enterprise Linux Server 5.10, 6.0, 6.5; CentOS 5.10, 6.5; Oracle Linux 6.5; Scientific Linux 5.10; Fedora 20; Debian Linux 7.2, 7.3; Linux Mint 16; Ubuntu Desktop 13.10; Ubuntu Server 13.10; Windows 8; Windows Server 12

Please refer to the What’s New in Centrify Server Suite 2014 for a detailed description of new features.

 


 

October 22, 2013

Centrify Provides Day One Support for Mavericks

Centrify is pleased to continue its tradition of offering customers day one support for the latest Mac OS X operating system. An updated version of Centrify User Suite Mac Edition is available today for the newly released OS X 10.9 Mavericks operating system.

This DirectControl for Mac OS X release is a required update for anyone wanting to run Mavericks on a Centrify-managed system. It is strongly recommended to upgrade the Centrify DirectControl agent AND in Connected mode first, before migrating to Mavericks.

Before updating, please check the upgrade directions at the Mac Online Support Portal carefully, as it contains vital information for those upgrading their agents remotely.

Also consult the DirectControl for Mac OS 10.9 Release Notes for a list of changes and known issues.

In addition to bringing support for OS X 10.9, additional key updates for this release include:

  • Bugfixes for issues affecting offline logins
  • Support for remote silent installation via Apple Remote Desktop and other deployment solutions.
  • Support for DirectControl for Mac OS X 10.6 has been discontinued with this release.

 


 

October 14, 2013

Centrify Suite 2013 Update 3 (Suite 2013.3) is an optional update that adds features for discovering deviations from best practices affecting security, compliance, and operational efficiency.

Centrify Suite 2013 Update 3 delivers Centrify Identity Risk Assessor (CIRA), a new powerful feature of Deployment Manager that allows to discover deviations from best practices affecting security, compliance or operational efficiency, calculate associated risks, and generate detailed reports. The feature is available on RHEL, CentOS, Ubuntu, and Solaris.

Other enhancements include:

  • Support of in-memory Kerberos credential cache
  • Enhancements for Centrify OpenSSH and Centrify Samba to leverage in-memory Kerberos credential cache
  • Enhancements of the “dzdo” feature. Refer to release notes for additional information.
  • Support of pluggable 3rd party PKCS 11 modules through a new parameter and the corresponding Group Policy
  • Centrify-enabled OpenSSH is now based on OpenSSH 6.2p2
  • WinSCP in Deployment Manager is upgraded to version 5.1.7
  • Enhancement of Audit Analyzer in DirectAudit to support search phrases in Quick Query
  • Several bug fixes and performance related enhancements.

For a full list and detailed descriptions of enhancements and fixed bugs, please refer to the Centrify DirectControl, Centrify DirectAudit, and Centrify DirectManage release notes. Refer to the Centrify Suite Product Versions section under Policies & Product Lifecycle Info to view components changed with this release. If you have questions about the benefits of upgrading, contact Technical Support.

 


 

October 3, 2013

Centrify-Enabled Samba Now Supports Samba Version 3.6.17

The latest release of Centrify-Enabled Samba now includes support for the Samba 3.6.17 codebase. Centrify-enabled Samba consists of the standard Samba open source package, which has been compiled with our Kerberos libraries. We provide this Centrify-enabled Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems.

This release also includes additional bug fixes and all known security patches to date. Centrify Samba 4.5.6 also includes a proxy to pass identity management requests to DirectControl.

New Features in Centrify Samba 4.5.6

  • Samba version updated to 3.6.17
  • Added support for:
    • Red Hat Enterprise Linux 5.9, 6.4 (32-bit and 64-bit)
    • CentOS 5.9, 6.4 (32- and 64- bit)
    • Oracle Linux 5.9, 6.4 (32-bit and 64-bit)
    • Scientific Linux 5.9, 6.4 (32-bit and 64-bit)
    • Fedora 19 (32- and 64-bit)
    • Ubuntu Desktop 13.04 (32- and 64-bit)
    • Ubuntu Server 13.04 (32- and 64-bit)
    • Debian 7, 7.1 (32-bit and 64-bit)
    • Linux Mint 15 (32- and 64-bit)
    • Linux Mint Debian Edition 201303 (32-bit and 64-bit)
    • Solaris 11.1 (x86_64 and SPARC)

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

 


 

September 16, 2013

Centrify Announces Centrify User Suite, Mac Edition

Centrify User Suite, Mac Edition, a significant product release for Centrify, and one we're proud to offer our customers combines our Centrify for Mobile offering with new Centrify for Mac capabilities to deliver more functionality in a single, integrated solution — at no additional cost to customers!

Centrify User Suite, Mac Edition allows you to:

  • Centrally secure and manage remote and on-premise Mac OS X systems, as well as iOS and Android devices, by leveraging existing Microsoft Active Directory infrastructure, processes and skill sets, providing more functionality and value
  • Manage remote or disconnected Macs via the Centrify Cloud Service. This is an optional deployment capability — you can continue to use our software agent, use our cloud service, and/or use both deployment options
  • Manage employees' multiple devices — including Macs, iOS and Android — under a single, economical per user subscription license (up to 5 devices per user)
  • Secure and encrypt data at rest on Macs

With this change, the current "DirectControl for Mac" product SKUs will no longer be available. The new per user subscription-based pricing will be effective October 1, 2013, however, we're extending that date for existing customers — you may purchase existing DirectControl for Mac perpetual licenses through December 31, 2013.

After that date, as an existing customer of DirectControl for Mac, you will automatically convert to Centrify User Suite, Mac Edition, thus entitling you to all incremental functionality at no additional charge. You can continue to use the functionality you already have deployed, and you can optionally take advantage of the new mobile and cloud-based Mac functionality at no additional charge.

For additional information and answers to frequently asked questions, you can refer to our Centrify User Suite, Mac Edition What's New and FAQ documents and listen to a recorded webinar we recently held on the topic.

 


 

August 30, 2013

Centrify Server Suite 2013, Platinum Edition now supports Ubuntu Server

The latest release of Centrify Server Suite 2013.2, Platinum Edition now includes support for the Ubuntu Server and adds support for Red Hat Enterprise Linux. The Server Suite Platinum Edition's DirectSecure component is Centrify's policy-based software solution that secures sensitive information by dynamically isolating and protecting cross-platform systems and enabling optional end-to-end encryption of data in motion. By leveraging your existing Active Directory infrastructure and the native IPsec support built into today's operating systems, DirectSecure seamlessly blocks untrusted systems from communicating with trusted systems, and does so without the need to change your network or applications.

Additional platform support in this release includes:

  • Ubuntu Server 12.04 LTS, 12.10, 13.04 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 6.2, 6.3, 6.4 (32-bit and 64-bit)

Red Hat Fedora is no longer supported.

Please email the support team (support@centrify.com) to get the unlock code to download the bits.

 


 

July 17, 2013

Centrify Suite 2013 Update 2 enhances Windows Privilege Management, Auditing, and Compliance Reporting

Centrify Suite 2013 Update 2 enhances Windows privilege management with advanced security options, and configuration capabilities that simplify the creation, assignment, and management of privileges. In addition, this update delivers new compliance reports, auditing of administrative activity, and automation for report scripting and simple audit database management. Here is a summary of the updates:

  • DirectAuthorize for Windows
    • Enhanced security for administrative identity with the option to require administrators to enter their password prior to elevating privileges
    • Streamlined configuration via pre-defined Local Administrator application rights
    • Leverages your existing Active Directory security groups to assign privileges to an application, desktop or network right
    • Visual cues for privileged desktops through support for customized backgrounds
  • DirectAudit
    • New reports in Centrify Audit Analyzer capture audited events by role, machine or user, and new report templates provide easy to configure reports on privileged activity
    • Auditing and Reporting of Centrify Suite administration activity including Zone Administration
    • Automated report scripting and simple database management
    • Global option to disable video capture
  • DirectControl
    • Name mapping for smart cards (alternate identity smart card) on both Mac and RedHat platforms.
    • Additional UNIX and Linux platform support, including
      • Red Hat Enterprise Linux 5.9, 6.4
      • Oracle Linux 5.9, 6.4
      • CentOS 5.9, 6.4
      • Scientific Linux 5.9, 6.4
      • Fedora 18, 19
      • OpenSuSE 12.3
      • Ubuntu 13.04
      • Debian 7, 7.1
      • Mint LMDE 201303
      • Mint 15
      • Solaris 11.1 (x86_64 and SPARC)
    • Ubuntu 8.04 LTS and Microsoft Windows Vista are no longer supported
    • Additional issues have been addressed with this release. Please refer to the DirectControl release notes for detailed information.
  • DirectControl for Mac
    • A new Group Policy to control Apple’s FileVault 2
    • Support for On-Premise WiFi Profile
    • Support for Smart Card Name Mapping ( Alternate Identity Smart Card )
    • Refer to the blog posting for a short summary of these features and Centrify DirectControl for Mac Release Notes for additional details

Please refer to the Centrify Windows Agent Release Notes for detailed information. For more information on Direct Audit enhancements, please refer to the Centrify DirectAudit Release Notes. For detailed information on DirectControl enhancements, please refer to the Centrify DirectControl Release Notes.

 


 

April 1, 2013

Centrify Suite 2013 Update 1 addresses fixes to Centrify DirectAudit & DirectAuthorize for Windows

Centrify Suite 2013 Update 1 (Suite 2013.1) has updated the Centrify Windows Agent to version 3.0.1 as part of Suite 2013.1.

Issues addressed in this release:

  • An issue causing some users unable to log off if both Audit and Access features are installed has been addressed with this update.
  • Systems with Centrify Windows Agents installed for Access may lock out users from using that system when a Domain Controller is rebooted.
  • Leading and trailing white spaces in the arguments specified in the Application rights are now ignored. This will ensure that users can do "Run as Role" on the specified application.

Please refer to the Centrify Windows Agent release notes for more information. Please refer Centrify DirectAudit (3.0.1) releases notes for additional details on fixes included in Centrify DirectAudit 3.0.1

The other Centrify Suite products have not been updated from the previous Suite (2013). Refer to the table to get details for products as part of the Suite release.

 


 

January 29, 2013

Centrify Suite 2013 Include DirectAuthorize for Window, Integrated Authorization and Audit Features, and More

Centrify is pleased to announce Centrify Suite 2013, a major update to our industry-leading solution for centralized authentication, access control, privilege management, policy enforcement and compliance across Windows, UNIX and Linux systems on-premise and in the cloud. Major new features include:

  • DirectAuthorize for Windows, which provides secure delegation of privileged administration for Windows servers, plus granular authorization and enforcement of administrative functions.
  • Seamless integration between DirectAuthorize and DirectAudit, including the ability to automatically trigger high-value session recording based on user, role, system or privilege elevation.
  • Centralized UNIX/Linux authorization with simple sudo migration and sudo replacement features.
  • Enhanced user policy enforcement and administrative session audits.
  • Additional UNIX and Linux platform support, including Fedora 18; Red Hat Enterprise Linux 5.8, 5.9 and 6.3; CentOS 5.8, 5.9 and 6.3; Scientific Linux 5.8, 5.9 and 6.3; Oracle Linux 6.3; Ubuntu 12.10; Linux Mint 13 and 14; and OpenSuSE 12.2 and 12.3.
Before Downloading
How to Get It

 


 

November 13, 2012

Deployment Report Utility Now Available

The Deployment Report Utility is a standalone program that produces a report of your Centrify deployment. This report shows the types and number of Centrify-enabled machines in your environment, as well as your current license usage. The report is generated as a comma-separated-value (CSV) file that may be opened with a text editor or spreadsheet program.

Download the Deployment Report Utility

 


 

October 3, 2012

DirectControl for Applications (for Java/Web 4.4.4) is now available.

Centrify is pleased to announce the immediate availability of DirectControl for Web Application Servers version 4.4.4. This release includes many updates and enhancements as well as expanded platform support including the following:

  • Updated app server support to include: Apache HTTP 2.4, Tomcat 7, JBoss 7, Websphere 8
  • Enhanced Apache HTTP directives to optionally authenticate user by PAM and/or AD for HTTP Basic (instead of just AD)
  • Added support for Java 7
  • Full support and compatibility with the latest versions of Centrify Suite 2012
  • Various bug fixes and enhancements

 


 

September 25, 2012

Smart Card Support for Red Hat Now Available

Centrify Suite 2012, Update 4, now available. This is an optional update for smart card support on Red Hat platforms.

New DirectControl capabilities in this release:

  • The following platforms support smart card login:
    • Red Hat Enterprise Desktop 5.x and 6.x (32- and 64-bit)
  • The following smart cards are supported:
    • Gemalto SC 64k 1.2 – CAC
    • Oberthur One 5.2 – PIV
    • Oberthur 128 v5.5 DI – CAC
    • Gemalto 144 TOPDL DI – CAC
    • Oberthur ID One 5.2 Dual – CAC
    • Gemalto 72k DI - CAC
  • Smart card login is supported on GNOME only.
  • New Group Policies are added to support smart cards. Refer to the Group Policy Guide for details.

Only Red Hat packages are updated in this release. All other platforms remain unchanged.

 


 

May 10, 2012

Centrify Addresses Latest Samba Vulnerability, CVE-2012-2111

The Samba open source organization has released an update to address a vulnerability in Samba versions 3.4.x to 3.6.4. Exploitation of this vulnerability, CVE-2012-2111, may allow a remote attacker to use authenticated user accounts to modify privileges on a file server. You can find out more from NIST NVD.

Our Centrify-enabled Samba consists of the standard Samba open source package, which has been compiled with our Kerberos libraries. We provide this Centrify-enabled Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems. The current version of Centrify-enabled Samba uses Samba version 3.5.11. Because of the vulnerability in this Samba version, Centrify has released a newer version of its Centrify-enabled Samba to address the security vulnerability in CVE-2012-2111. We recommend that all users of Centrify-enabled Samba (any version) upgrade to this newer release. Please note that this vulnerability exists in the Samba open source code, not in the Centrify software.

NOTE: This release also includes the fix announced on April 12 to address an earlier Samba vulnerability, CVE-2012-1182. Installing this most recent Centrify-enabled Samba will address both vulnerabilities.

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

For detailed upgrade instructions, go to the Knowledgebase and search for article KB-2366.

 


 

April 12, 2012

New Version of Centrify-Enabled Samba Addresses CVE-2012-1182

The Samba open source organization has released an update to address a vulnerability in Samba versions 3.6.3 and all previous versions. Exploitation of this vulnerability may allow a remote attacker to use anonymous connections to execute arbitrary code with root privileges. As noted by Network World, security organizations have rated the vulnerability as moderately critical because best use practices dictate that Samba services should be accessible only over local area networks.

US-CERT encourages users and administrators to review the recent Samba Security Announcement and apply any necessary updates to help mitigate the risk.

Centrify offers a Centrify-enhanced version of Samba that takes the pain out of deploying Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems. Centrify has released a newer version of Centrify-enabled Samba to address the security vulnerability in CVE-2012-1182. We recommend that all users of Centrify-enabled Samba (any version) upgrade to this newer release. Please note that this vulnerability exists in the Samba open source code, not in the Centrify software.

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

For detailed upgrade instructions, go to the Knowledgebase and search for article KB-2366.

 


 

September 22, 2010

Centrify-Enabled Samba Release Addresses Security Alert

Centrify has released a new build of its Centrify-enabled Samba to include a security patch from the open source Samba organization. The patch fixes a buffer overrun vulnerability; for details, see security alert CVE-2010-3069. This vulnerability affects all UNIX and Linux systems running Centrify-Enabled Samba up through version 3.3.9 build 151. Because of the severity of this vulnerability, Centrify recommends customers use it to update all affected systems. This release contains no other updates.

 


 

August 24, 2010

Follow Centrify Support on Twitter

Centrify Support is now twitter-ific! Click here to follow Centrify Support and get updates on new releases, Knowledge Base articles, technical videos, training, and more.

 


 

June 23, 2010

Centrify-Enabled Samba Updated to Include Fix for Security Vulnerability

On June 16, the Samba organization released patches that address a memory corruption vulnerability (see CVE-2010-2063 for more details) that affects Samba 3.3.12 and all previous versions. Any Linux or UNIX system running Centrify-Enabled Samba 3.3.9-145 and earlier is affected. We have incorporated the Samba organization's patches into our Centrify-enabled Samba packages, and due to the nature of this vulnerability we recommend you update your systems using these packages as soon as possible. This special release of our Samba packages contains no other updates.

 


 

June 13, 2008

Samba Release Addresses CVE-2008-1105 Security Alert

Centrify has released a patched version of its DirectControl-enabled version of Samba to address the NIST security vulnerability reported in CVE-2008-1105. Centrify Samba 4.0.1b is available for download from the Centrify Download Center. This release provides no other updates or enhancements. It is built from Samba version 3.0.27a and works with Centrify DirectControl 4.0.0 or greater. Please read the Release Notes included in the Samba package, as well as the related KB-0807 article on the installation and usage of this Centrify Samba release.

 


 

March 19, 2008

Security Notice: DirectControl Unaffected by US-CERT Technical Cyber Security Alert TA08-079B

US-CERT Technical Cyber Security Alert TA08-079B covers MIT krb5 Security Advisory 2008-002, which was issued by the MIT Kerberos Development Team to address vulnerabilities in multiple versions of MIT Kerberos. More information about these vulnerabilities can be found in VU#895609 and VU#374121. Centrify engineers evaluated this report and determined that these vulnerabilities do not affect the Kerberos code that Centrify ships with DirectControl. Therefore, no remediation is required. To subscribe to further security notices, view the following Centrify Customer Forums topic regarding this alert and click the "Watch Forum" link at the top.

 


 

April 11, 2007

Kerberos Utilities Updated to Address MIT Security Advisory

MIT recently issued a critical security advisory regarding a vulnerability in its krb5 daemon (telnetd) that enables unauthorized logins. Centrify has addressed this issue with a maintenance release, available now in the Download Center, of its DirectControl-enabled version of telnetd. For more information, see Knowledge Base article KB-0477, "Centrify DirectControl - MIT telnet Security Vulnerability Alert." Centrify recommends anyone using the current version of the DirectControl-enabled telnetd replace it with the newer version. To secure your systems further, Centrify recommends using an alternative, more secure method to connect to UNIX systems, such as OpenSSH. Centrify provides a DirectControl-enabled version of OpenSSH in the Download Center as well.