Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Centrify 19.6 Release Notes

2 October,21 at 04:33 AM

New Features - Centrify Privileged Access Service

Automatic password reconciliation for local accounts on Windows systems
Out of sync passwords can interrupt IT operations and impact security. This new feature will extend the support of a privileged domain administrative account to reconcile passwords of Windows local accounts, without manual administrative interaction. This will guarantee that Centrify is the single source of truth for passwords used to access infrastructure. Windows systems with managed local accounts enabled for maintenance will have password updates that happen automatically when the stored credentials are incorrect. In addition, these accounts can also be enabled to be unlocked if they are in a locked state.

User-added image

Local client support for RDP and SSH on Mac
Macs are first-class citizens in the world of IT administration and require full functionality for remote system management. Centrify adds support for local RDP and SSH clients on Mac. IT admins can launch remote sessions and connect with thick clients installed on their local machine.

User-added image
Administrative Bulk Actions for Systems and Accounts
Administrators will gain the ability to do actions to systems and accounts in bulk from the PAS UI.
The following actions will be simple to do on multiple systems and accounts with a few clicks.
  • Delete systems by multi-select
  • Delete systems by manual or dynamic sets
  • Delete, Manage, and Rotate accounts by multi-select
  • Delete, Manage, and Rotate accounts manual or dynamic sets
User-added image
User-added image

Enhanced Support for LDAP
The Centrify Privileged Access Service is extending supportability for generic LDAP servers with the ability to customize LDAP attributes and schemas. LDAP user and group attribute names for non-standard and custom LDAP schemas can be added, mapped, and tested for validity.

  • Improved unique identifier support.
  • Improved support for LDAP groups
  • support for password change and resets
  • Improved site awareness using native methods.
  • Improved search capability by understanding native methods.    
  • Validated support for Radiant Logic’s federated identity service, RadiantOne Federated Identity (FID).
  • Support for other LDAP vendors to come in the future.
User-added image

FIDO2 Support for multi-factor authentication
Centrify has supported Fast IDentity Online (FIDO) for years and is a member of the FIDO alliance.  FIDO2 is an authentication standard hosted by FIDO Alliance. FIDO2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. Since FIDO cryptographic keys are unique for each internet site, they cannot be used to track users across sites. This security model eliminates the risks of phishing, forms of password theft, and replay attacks. Also, this provides better alignment with NIST 800-53 high-assurance authentication controls.
Centrify will be leveraging the WebAuthn API to enable password-less authentication to the Privileged Access Service using either on-device or external authenticators. On-device authenticators are biometric authenticators integrated into the device hardware. Popular examples are Apple Touch ID and Face ID, Windows Hello, and fingerprint scanners. External authenticators are security keys that you plug into the device's USB port; for example, a YubiKey.
User-added image

Centrify Client Auditing

Audit for the new generation Centrify Clients. This new generation of client-based auditing will be independent from Active Directory, allowing for more flexible and scalable deployments. Please look forward to some of the following benefits with this release.
  • Deploy the Audit and Monitoring agent on the Centrify Client for Windows or Linux without Active Directory (AD).
  • Secure data path over HTTPS.
  • Improves the ability to deploy Auditing in DMZs or IaaS where AD is not available.
User-added image

Offline Login on Centrify Client for Windows
The Centrify Privileged Access Service introduces a new permission called “Offline Rescue” to improve the availability controls for Windows systems. This permission allows an end-user to have the ability to use a passcode to log into a system that is offline.
  • OTP settings for Key Algorithm, number of digits, and counter period can be configured.
  • Offline passcode can be retrieved from the system properties.
  • Support for other Unix/Linux to come in the future.
User-added image


  • Resolved an issue where an administrator with Application Management or System Administrator privileges could set a malicious URL of an application, deploy that application to a higher privileged administrator, and run client side scripts as the administrator (CC-72064).
  • CVE-2019-11888 (go language) was resolved by upgrading the go language package to 1.12.6 (CC-68465).
End of Life Notification

This section contains notifications for upcoming termination of apps, features, programmatic access or device support.
  • The version 1 ServerAgent/VerifyPassword REST API will be removed from Centrify Privilege Access Service 20.1. The replacement version 2 API is serveragent/verifypasswordv2 (CC-65426).

OS Platform Support Changes

  • The Cloud Linux Agent now supports the following operating systems:
    • CoreOS version 2247.5
    • CentOS 7.7
    • CentOS 8.0
    • Fedora 30
    • Fedora 31
    • Ubuntu 19.10


The following list records issues resolved in this release and behavior changes.
  • With cagent enrolled, adding a group name containing a space (for example, “Remote Desktop Users”) in Local Group Mapping no longer generates an error (CC-69230).
  • When working with Centrify Identity Platform, Centrifydc entries are no longer removed from the PAM file after cunenroll-ing the Cloud Linux Agent (CC-67306).
  • When the native RDP attempt fails to connect to a target, the real reason the connect attempt failed is now logged in the event log rather than “Invalid Credentials” or “Unknown Error” (CC-70261).
  • Logging in via PAS remote access as a PAS-managed local user now works for user names of the form username@ipaddress. Previously the ipaddress was misinterpreted as an AD domain (CC-70822).
  • The default retention period for jobs in Job History has been increased from 7 to 30 days. This default can be changed by Centrify support on request (CC-70657).
  • Completion time is now shown in the job report for jobs that did not succeed (CC-69935).
  • Administrators can now manage DirectAudit configuration parameters using cedit (CC-70362).
Changes for Hot Fix 1.
  • Fixed a bug where a blank page was displayed after launching an application (CC-72340).
Changes for Hot Fix 2.
  • Fixed a bug where user activity could not be viewed due to long load times (CC-72357).
Changes for Hot Fix 3.
  • N/A - This release has not been released and is not included in Hot Fix 4.
Changes for Hot Fix 4.
  • Reconcilable accounts missing a password are now put under management when bulk managing accounts (CC-72447, CPSSUP-982).
  • Fixed the Linux download for Ubuntu to correctly serve the 19.6 release package instead of 19.5 (CC-72619, CPSSUP-1007).
  • Resolved an issue with OAuth2 profile caching for apps (CC-70756, CPSSUP-933).
  • Fixed a bug where user activity could not be viewed due to long load times (CC-72357).
Note: To receive release notes prior to the monthly product update, subscribe to the Centrify Cloud Highlights and Release Notes Tech Blog. This release information is posted in advance of the release date. Please check back at release time for updates.