What’s New

Complete details on recent product releases and announcements

Identity Services Platform

New cloud features for:
  • Application Services
  • Endpoint Services
  • Infrastructure Services
Learn More

Infrastructure Services

New features in Standard and Enterprise editions, plus updates on platform support

Learn More

Announcements of On-Going Interest

December 18, 2018

What's New in Centrify 18.11

New Centrify Infrastructure Services Features:

Linux and UNIX

  • The Centrify SMB stack has been upgraded to support SMBv3. This enables the agent to retrieve group policies or files from SMB shares configured with that level of encryption.
  • New mechanisms to prevent forged host ticket (aka. "silver ticket" attack).
  • New extended support for the NSS mail aliases on zone enabled AD users.
  • Enhanced the Multi-Factor Authentication performance to prefer connectors in the same subnet and then in the same Active Directory site.
  • Solaris improvements
    • Alternate password hash for Solaris disabled users are now supported.
    • MIT Kerberos commands or programs linked with MIT Kerberos library (release 1.13 or above) to inter-operate with Centrify KCM service on Solaris.
  • Improvements to Audit Trail
    • New Centrify-enhanced sudo audit trail events for dzdo command execution starts/ends.
    • New Kerberos audit trail events for KCM Kerberos credential access.
  • Improvements to CLI tooling (adinfo, adjoin, adleave).
  • Added the support in zone property pages to allow users to specify the domain prefix IDs to improve entropy for UID and GID generation.

Centrify Agent for WindowsTM

  • Justification for Privilege Elevation and ITSM Validation.
  • New capability to specify an alternative Centrify Zone user for Privilege Elevation (Run with Privilege/New Desktop).
  • YubiKey is now supported as a second factor for offline login.
  • New integration with McAfee Endpoint Drive Encryption software that enables features such as Auto Pre-boot and Password Synchronization.
  • Enhanced the Multi-Factor Authentication performance to prefer connectors in the same subnet and then in the same Active Directory site.
  • Diagnostics are now accessible diagnostics from the Centrify systray.
  • Improved tooling (dzinfo.exe, dzleave.exe).

Direct Audit

  • New system platform affinity allows for the separation of Windows or UNIX session and event data into different audit stores.
  • The default database shipped with the product has changed to Microsoft SQL Server Express 2016.

Centrify Cloud Agent for WindowsTM Preview

  • Leverage connected directories (Active Directory, LDAP, Google Directory or Centrify Directory) to provide brokered authentication to stand-alone Windows systems.
  • Multiple access methods: Direct, Gateway-based via RDP Client, Gateway-based using Web Client.
  • Password-less Web RDP access with “Use My Account” feature.
  • Multi-step/Multi-factor authentication policy.
  • Conditional Access Rules.
  • Role to Windows Group Mapping.

Utilities and Open Source Components

  • LDAP Proxy utility extended to support the critical extension flag “!” to allow for paged results.
  • Centrify Reports now can deploy pre-canned reports onto any accessible SQL Service Reporting Services.
  • Updates to Centrify OpenSSL (now based on OpenSSL 1.0.2o) and Centrify cURL (now based on cURL 7.61.1).

New Centrify Infrastructure Services Features:

  • Better support for just-in-time access with a new control to disallow permanent grant of permissions in the access request workflow
  • Update to SSH library for improved security

New Centrify Application Services Features:

  • Box de-provisioning. Option to transfer content to admin account in addition to previously supported de-provisioning options.
  • Password Complexity Settings. Adhere to NIST standard (NIST 800-63B)
  • Customized Privacy Policy and Terms of Use. Allow customer to have custom links to their privacy policy and terms of use.
  • ADFS MFA Plugin (Beta only). Centrify’s MFA plugin for ADFS 3.0,
  • SCIM server APIs. CRUD for user/group resources.
  • Custom MFA Phone Messages. Allows the customer to customize the audio messages for phone calls related to MFA
  • Mandatory Setup of MFA (require end users to set up MFA). Allows administrators to force and ensure end users have setup required MFA factors at first portal login

New Centrify Endpoint Services Features:

  • iOS - Show a custom message on Lock screen: Device lock MDM command (Lock Screen action) supports custom message (both iOS/Mac) and Phone number (iOS).

For a complete set of new features, please review the Centrify Cloud 18.11 Release Notes  and Infrastructure Services 18.11 Release Notes.

November 12, 2018

What's New in Centrify 18.10

What's New in Centrify Privileged Access Service 18.10

Better support for just-in-time access and approval

Many organizations are moving to a model of just-in-time access and approval. Centrify supports this model with new controls to prohibit permanent entitlements in the request and approval process.

Disallow approvers the option to grant permanent entitlements.

  • Applies to all access request and approval processes
    • Password checkout or SSH key retrieval
    • Remote management sessions
  • Approvers can grant only time-bound access to accounts and systems
  • Global switch applies to all approval processes
    • Simple to enact and prove to auditors

Remote sessions at scale for customer-managed installations

Distributed connector architecture and direct-to-target session brokering ensures performance at enterprise scale.

Enable the use of local SSH/RDP clients and disallow session streaming through the Web tier.

  • Forces remote management session data path direct from user workstation to connector to target system
    • Removes the Web tier from the data path
    • Scale management sessions by adding connectors
  • Global switch disallows use of browser-based SSH/RDP and brokers session out of the Web tier
  • Logging and auditing fully supported

System, appliance and database support for shared accounts

Continuous improvement in coverage of local account management for systems, appliances and databases, and secure remote access for systems and appliances.

Multi-tenant Oracle

  • Manage database account password on Oracle Database 12c multi-tenant architecture
  • Standalone database only

October 25, 2018

What's New in Centrify 18.9

New Centrify Privileged Access Services Features: 

Manage connections and passwords for desktop apps

For organizations who require external controls on desktop application and database clients, Centrify controls the accounts and target connections the client can access.

Control the users and accounts that can access your systems and databases through thick clients such as TOAD.

Thick clients — Windows desktop applications — run on a secure proxy.

You control:

  • Who can log into the proxy
  • What thick client application they can run
  • What the client can connect to
  • What account the client uses to connect

Sessions are audited (recorded).

Users can create custom templates for apps that:

  • Support running in Windows Remote Desktop Services for Windows Server 2012R2 and 2016.
  • Allow command line parameters for account credentials and, optionally, target systems (such as databases).

Pre-defined templates are provided for:

  • Microsoft SQL Server Management Studio
  • TOAD for Oracle
  • VMware vSphere Client
    Network-based discovery of local privileged accounts

Managing local privileged accounts can be a challenge for even the best IT teams. New discovery features help you find local privileged accounts and manage their passwords.

Use Centrify to automatically find, import, and manage local privileged accounts.

  • Find and scan systems for local privileged accounts by network subnet
  • Uses the same robust architecture and features as network system discovery
  • Automatically import local accounts
  • Take local account passwords under management
  • New bulk selection, i.e. “multi-select”

Discovered local accounts are automatically placed into sets.  Accounts that are members of a Windows built-in/Administrators group (local administrator) can optionally be added to a separate set, making it easy to discover and view Windows local accounts that have very high privilege.

System and device login using SSH keys

For organizations who use SSH keys for access to systems, Centrify supports storing and using SSH keys for login.

Control the users and accounts that can access your systems through SSH keys.

  • Any account can use either a password or an SSH key (exclusive)
  • Access request to accounts using SSH keys is fully supported
  • PAS supports PEM for private keys and the following key algorithms:
    • DSA
    • PEM

Additional Enhancements

Time stamps were added to the log output of the diagnostic PowerShell scripts in customer-managed installations.

For customer-managed installations, a new process for obtaining the APNS certificate ensures that these customers will receive a unique CSR from Centrify, and a unique APNS certificate from Apple.

A change to the SailPoint IdentityIQ integration with PAS enables the creation of a tile on the PAS User Portal after an access request has been approved within IIQ.

New Centrify Application Services Features:

  • MFA Redirect Phase 1: Allows admins/users  with  multiple  accounts  potentially in different domains to ensure that  he  or  she  can  use  MFA  from  one  account
  • CBE Improvements:  We  now  provide  extension  for  all  4  browsers  to  access  apps  easier
  • SAML script  editor:  The  editor  now  includes  inline  hints,  autocomplete,  and  onscreen  help  to  make  it  easier  for    customers  to  write  SAML  scripts
  • DevOps applications  category:  This  new  applications  category  in  the  apps  catalog  enables  customers  to  easily  set  up  SSO  for  popular  DevOps  CI/CD  apps
  • AWS CLI  Utilities:  We  now  offer  Python  and  PowerShell  CLI  utilities  for  both  admins  and  users  to  access  Amazon  Web  Services  (AWS)  by  leveraging  Centrify  Identity  Services
  • Time-based workflow  for  mobile  and  desktop:  Customers  can  now  reduce  risk  by  requesting  and  granting  access  to  apps  only  during  a  given  time  window

New Centrify EndPoint Services Features:

  • Delegated Administration:  Customers  can  now  implement  policy  sets  for  endpoints  and  mobile  devices  ensuring  that  endpoints  /  mobile  devices  are  being  added  to  and  removed  from  sets  dynamically,  based  on  changes  to  the  attributes  of  the device.
  • O365 conditional  access:  We  now  provide  an  exchange  (o365)  /  MDM  administrators  the  ability  to  ensure  that  no  one  can  get  access  to  company  mail from  a  mobile  device  unless  that  mobile  device  is  enrolled  in  MDM  with  our  Centrify  MDM  solution.

For details see Centrify Cloud 18.9 Release Notes.

October 9, 2018

NEWS TODAY: Centrify to focus on Zero Trust Privilege, spins out IDaaS business as Idaptive

Centrify announces the spinout of its IDaaS business into a new company called Idaptive to better serve its customers and partners.

Centrify and Idaptive will operate as independent, affiliated companies beginning in January 2019. This strategy doubles down on two distinct areas of enterprise security – Privileged Access Management and IDaaS – with dedicated resources to optimize focus, efficiency and growth.

  • Centrify is sharpening its strategic focus on redefining the legacy approach to Privileged Access Management (PAM) with cloud-architected Zero Trust Privilege to stop the leading cause of breaches – privileged access abuse.
  • Idaptive will deliver Next-Gen Access to protect employees, partners and customers with its market-leading IDaaS solution, securing access everywhere with an Intelligent Access Cloud that constantly learns from and adapts to login context and risk in a way that protects companies.

We’re committed to clearly and consistently communicating this news to our customers, partners, and employees, so there are a lot of communications going out starting today:

For details, please contact your Centrify Account representative or Centrify Technical Support at

August 27, 2018

What's New in Centrify 18.8

New Centrify Application Services Features:
  • Dome9 SAML App in the App Catalog
  • Password Complexity and History Enhancements
  • Centrify Browser Extension Enhancements
New Centrify Infrastructure Services Features:

Linux and UNIX
  • Privileged command rights for dzdo check digest (hash) of executable file
  • New cifsidmap plug-in to map Active Directory users and groups to Zone-enabled UIDs/GIDs in CIFS
  • New privilege elevation support for Microsoft Privilege Access Management for Active Directory
  • New support for caching-only DNS server environments
  • Commands linked with the MIT Kerberos library can now inter-operate with the Centrify KCM service
  • Support for 2-way forest trust relationships when the forests are firewalled
  • Pre-staged cache support for very fast machine provisioning in automatedenvironments
  • Gateway and host audit coordinate to eliminate duplicate and housekeeping session recordings
  • Performance improvements for adclient and ldapproxy
  • Updates to OpenSSH, OpenSSL and curl
New Centrify Endpoint Services Features:

  • Centrify zone-based access control for PowerShell Remoting
  • MFA at login supports 800-53/PCI guidelines
  • Endpoint enrollment no longer requires administrative rights
  • Endpoint enrollment supports Windows 7 and 8.1 (x64)
  • ZSO support for Windows 7 and 8.1

For details see Centrify Cloud 18.8 Release Notes and Infrastructure Services 18.8 Release Notes.

See More Announcements