What's New in Centrify Privileged Access Service 18.10
Better support for just-in-time access and approval
Many organizations are moving to a model of just-in-time access and approval. Centrify supports this model with new controls to prohibit permanent entitlements in the request and approval process.
Disallow approvers the option to grant permanent entitlements.
Applies to all access request and approval processes
Password checkout or SSH key retrieval
Remote management sessions
Approvers can grant only time-bound access to accounts and systems
Global switch applies to all approval processes
Simple to enact and prove to auditors
Remote sessions at scale for customer-managed installations
Distributed connector architecture and direct-to-target session brokering ensures performance at enterprise scale.
Enable the use of local SSH/RDP clients and disallow session streaming through the Web tier.
Forces remote management session data path direct from user workstation to connector to target system
Removes the Web tier from the data path
Scale management sessions by adding connectors
Global switch disallows use of browser-based SSH/RDP and brokers session out of the Web tier
Logging and auditing fully supported
System, appliance and database support for shared accounts
Continuous improvement in coverage of local account management for systems, appliances and databases, and secure remote access for systems and appliances.
Manage database account password on Oracle Database 12c multi-tenant architecture
Standalone database only
October 25, 2018
What's New in Centrify 18.9
New Centrify Privileged Access Services Features:
Manage connections and passwords for desktop apps
For organizations who require external controls on desktop application and database clients, Centrify controls the accounts and target connections the client can access.
Control the users and accounts that can access your systems and databases through thick clients such as TOAD.
Thick clients — Windows desktop applications — run on a secure proxy.
Who can log into the proxy
What thick client application they can run
What the client can connect to
What account the client uses to connect
Sessions are audited (recorded).
Users can create custom templates for apps that:
Support running in Windows Remote Desktop Services for Windows Server 2012R2 and 2016.
Allow command line parameters for account credentials and, optionally, target systems (such as databases).
Pre-defined templates are provided for:
Microsoft SQL Server Management Studio
TOAD for Oracle
VMware vSphere Client Network-based discovery of local privileged accounts
Managing local privileged accounts can be a challenge for even the best IT teams. New discovery features help you find local privileged accounts and manage their passwords.
Use Centrify to automatically find, import, and manage local privileged accounts.
Find and scan systems for local privileged accounts by network subnet
Uses the same robust architecture and features as network system discovery
Automatically import local accounts
Take local account passwords under management
New bulk selection, i.e. “multi-select”
Discovered local accounts are automatically placed into sets. Accounts that are members of a Windows built-in/Administrators group (local administrator) can optionally be added to a separate set, making it easy to discover and view Windows local accounts that have very high privilege.
System and device login using SSH keys
For organizations who use SSH keys for access to systems, Centrify supports storing and using SSH keys for login.
Control the users and accounts that can access your systems through SSH keys.
Any account can use either a password or an SSH key (exclusive)
Access request to accounts using SSH keys is fully supported
PAS supports PEM for private keys and the following key algorithms:
Time stamps were added to the log output of the diagnostic PowerShell scripts in customer-managed installations.
For customer-managed installations, a new process for obtaining the APNS certificate ensures that these customers will receive a unique CSR from Centrify, and a unique APNS certificate from Apple.
A change to the SailPoint IdentityIQ integration with PAS enables the creation of a tile on the PAS User Portal after an access request has been approved within IIQ.
New Centrify Application Services Features:
MFA Redirect Phase 1: Allows admins/users with multiple accounts potentially in different domains to ensure that he or she can use MFA from one account
CBE Improvements: We now provide extension for all 4 browsers to access apps easier
SAML script editor: The editor now includes inline hints, autocomplete, and onscreen help to make it easier for customers to write SAML scripts
DevOps applications category: This new applications category in the apps catalog enables customers to easily set up SSO for popular DevOps CI/CD apps
AWS CLI Utilities: We now offer Python and PowerShell CLI utilities for both admins and users to access Amazon Web Services (AWS) by leveraging Centrify Identity Services
Time-based workflow for mobile and desktop: Customers can now reduce risk by requesting and granting access to apps only during a given time window
New Centrify EndPoint Services Features:
Delegated Administration: Customers can now implement policy sets for endpoints and mobile devices ensuring that endpoints / mobile devices are being added to and removed from sets dynamically, based on changes to the attributes of the device.
O365 conditional access: We now provide an exchange (o365) / MDM administrators the ability to ensure that no one can get access to company mail from a mobile device unless that mobile device is enrolled in MDM with our Centrify MDM solution.
NEWS TODAY: Centrify to focus on Zero Trust Privilege, spins out IDaaS business as Idaptive
Centrify announces the spinout of its IDaaS business into a new company called Idaptive to better serve its customers and partners.
Centrify and Idaptive will operate as independent, affiliated companies beginning in January 2019. This strategy doubles down on two distinct areas of enterprise security – Privileged Access Management and IDaaS – with dedicated resources to optimize focus, efficiency and growth.
Centrify is sharpening its strategic focus on redefining the legacy approach to Privileged Access Management (PAM) with cloud-architected Zero Trust Privilege to stop the leading cause of breaches – privileged access abuse.
Idaptive will deliver Next-Gen Access to protect employees, partners and customers with its market-leading IDaaS solution, securing access everywhere with an Intelligent Access Cloud that constantly learns from and adapts to login context and risk in a way that protects companies.
We’re committed to clearly and consistently communicating this news to our customers, partners, and employees, so there are a lot of communications going out starting today: