With release 22.1 of Vault Suite, running the Connector and HSPAS components (such as Web Node, Background Node, Relay Node, etc.) is now supported on Windows 2022 systems.
New Features for Centrify Cloud Suite
Map Vault Suite Role to a Local Group on Enrolled Systems
With this new feature, administrators can map Vault Suite cloud roles to local Linux groups on enrolled systems by enabling control over the GID that is used to "merge" the groups on the systems. This enables customers to maintain consistency of GID and local group membership across all systems.
Push Configuration Files to Enrolled Systems
This new feature allows administrators to push configuration files in a centralized way. This is particularly useful when there is a need to change the users.ignore or group.ignore file on target systems. Administrators can easily do so via the Resources/Systems view in Vault Suite:
For example: before pushing the configuration file below, note the date of the last change of the user.ignore file and its contents (no users are ignored):
After pushing the configuration file, note the timestamp of the recently pushed configuration file has been updated, the presence of a backup file, and the updated contents of the pushed file:
Centrify Client Automatic Update Activity
When the Centrify Client attempts to do an automatic update, it will send the auto-update results to the target system's Activity tab. This will be available when the current version of the client (22.1) is automatically updated to a newer version.
Notice of Discontinuation
None.
Changes in Hot Fix 1
Fixed a potential iOS mobile app notification.
Changes in Hot Fix 2
Fixed an issue that alleviated system resources from exceeding optimal levels; the fix involved adding an index to the database table.
Changes in Hot Fix 3
Fixed an SSH session heartbeat interval configuration issue.
An issue came about when a user who added the necessary permissions to a Secret Server vaulted account was not able to logon to any server resource due to a permission error. The reason this happened was because we did not elevate to search for the entity tied to the account (domain, database, etc.). The workaround was to add the view permissions to the entity tied to the account, but after the fix, it is no longer needed. We have fixed the way we view the Secret Server vaulted account, so that the workaround is not needed.
Improved performance related to checking user account permissions.
Changes
Here are the resolved issues and behavior changes in this release:
Fixed an issue where in some cases the connector would not automatically restart after automatically upgrading to a new version. (390371)
Fixed the issue where if you tried to elevate privileges for a user whose account name has 16 or more characters in it, privilege elevation failed with an error. (396541)
Fixed an issue that might cause heavy database CPU usage intermittently. (400246, CPSSUP-1949)
Fixed an issue where a user was prompted for user credentials twice when logging in to a system remotely using the "Enter Account" action. (385161, CPSSUP-1900)
Fixed an issue that caused inconsistent Dark Mode behavior. (365972, CPSSUP-1894)
Fixed an issue where running the report “User MFA Challenge Setup Status” might result in query error. (394552, CPSSUP-1921)
Fixed an issue where “Bulk Delete” might not delete some service accounts. (395548, CPSSUP-1922)
Fixed an issue where the service didn't send Radius configuration information on connector startup. (399121, CPSSUP-1944)
There are new reports related to privilege elevation activities; you can find these reports in the Resource Reports group. (296886)
Supported Platforms
Centrify Connector
Windows Server 2012r2, Server 2016, Server 2019, Server 2022
Hyper-scalable Centrify Privileged Access Service
Windows Server 2016, Server 2019, Server 2022
Centrify Clients for Linux
Client for Red Hat 6:
Red Hat Enterprise Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
Note that before you uninstall the Centrify Client for Linux from an Alpine Linux system, you must unenroll the system first. The Alpine Linux package manager doesn't allow the service to verify that the client is unenrolled from Centrify PAS before uninstalling. If you uninstall the client without unenrolling first, you won't be able to log in to the system anymore.
Centrify Client for Microsoft Windows
Windows 10 LTSB/LTSC, Windows Server 2012r2, 2016, 2019 LTSC, Windows 2022
Windows PAS Remote Access Kit
Windows 10, Server 2012r2, Server 2016, Server 2019
