Given that the PCI DSS 3.2 focuses stresses multi-factor authentication Centrify is gearing-up to help organizations that are looking to align with it this fall both with their legacy solutions (e.g. RSA SecurID) and modern methods.
Multi-factor Authentication Extended
- Centrify MFA with DirectAuthorize is now extended to HP-UX, AIX and Solaris (this completes the UNIX/Linux ecosystem).
- DirectAuthorize for Windows introduces MFA on Windows privilege elevation
- Updated whitepaper RSA SecurID MFA integration that includes now server access and privilege elevation (instead of just PAM stacking). QA'd with RSA 7.1 on AIX (5.3, 6.1, 7.1), HP-UX 11i v2/v3, RHEL (4.8, 5.8, 6.2), SUSE 11SP2, Solaris 11 & 10.
Note that this is for non-GUI login and Centrify-enhanced sudo (dzdo) - OATH OTP (e.g. Google Authenticator, Yubico Authenticator, FreeOTP, Duo, etc.) is now usable via Centrify MFA with Identity Service.
- Parameter-based MFA controls for supporting Centrify Auto Zone and Classic Zones.
- The adcdiag command line tool was introduced to provide pre-flight checks for MFA setup.
- Enhancements to PowerShell commands for provisioning of MFA fields.
 |
| OATH OTP support opens more possibilities with Google Authenticator or YubiKey |
 |
| adcdiag should provide the same value to MFA implementations as adcheck does for AD joins. |
 |
| Centrify auto zone other legacy modes get multi-factor at login and can be configured via GPOs |
Microsoft AD, Kerberos, Certificates and Smart Card
- AD Cross-forest authentication with alternate UPN is now supported
- Support for Microsoft's "Define host name-to-Kerberos host mapping" GPO
Ref: https://support.microsoft.com/en-us/kb/947706 - Certificate Management and auto-enrollment now supports Elliptic Curve Algorithms.
- Centrify Hierarchical Zones now support the sourcing of UNIX identity from pre-existing RFC2307 attributes. This can simplify provisioning for organizations that use those fields.
UNIX/Linux Client and Utilities Enhancements
- The NIS Proxy (adnisd) now has it's own watchdog process.
- Enhanced argument checking for dzdo (Centrify-enhanced sudo)
- New Events documented when MFA challenges fail or succeed
- Centrify-enhanced OpenSSH is now based on OpenSSH 7.2p2
- OpenSSL is based on 1.0.2g
- Centrify LDAP Proxy now supports TLS 1.2
- libcurl is based on 7.44.0
- PuTTY is upgraded to version 0.64
- A new command "adcdiag" has been added to troubleshoot MFA
- A new command "adobjectrefresh" has been added to only refresh specific users or groups instead of the whole cache.
- Parameter and utility enhancements to support Hortonworks Hadoop Ambari 2.1.2
 |
| adobjectrefresh will be a great addition for Centrify administrators |
- AIX 7.2
- Latest version of Amazon Linux AMI (x86, x86_64)
- CentOS 7.2 (x86_64)
- Debian Linux 7.10, 8.3, 8.4 (x86, x86_64)
- Oracle Enterprise Linux 7.2 (x86_64)
- Scientific Linux 7.2 (x86_64)
- openSUSE 42.1 (x86_64)
- SUSE 12 SP1 (x86_64)
- Scientific Linux 7.2 (x86_64)
- Ubuntu 16.04 LTS (x86, x86_64)
- Windows 10 (App and network rights)
Removed Platforms
- Debian Linux 6
- Fedora 20
- HPUX 11.11, 11.23
- Oracle Solaris 9
- Ubuntu 14.10
- OS X 10.9
Windows Client Enhancements
- MFA Challenge on Applications or Desktop launches
- Audit Trail Events for MFA Challenges
Mac Platform Enhancements
- Simplified setup
There's no need to download DirectManage components. Centrify has released a new "Mac Console" that contains the Centrify ADUC extension, GPOE and License Manager in a small (100 MB) bundle (contrast with 1.6GB for DirectManage).
No comments:
Post a Comment