Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Centrify 21.5 Release Notes

2 October,21 at 04:33 AM

Updated August 12, 2021

New Features for Centrify Vault Suite

Force Password Check-In

With Vault Suite 21.5, users are able to force the check-in of a password that is currently checked out by another user.

This is useful when the user who originally checked out the password forgot to check it back in, making it inaccessible. This avoids having to wait until the checkout window expires or the user manually checks the password back in.

This is achieved by rotating the password on the checked-out account, which will clear the check-out flag making it available again for check-out.

Improved Report Sharing and Management

With this update, the reports feature no longer uses a folder structure to contain individual reports.  This brings consistency with the way all other objects are displayed and handled.

  • Flat list of objects (reports)

  • Built-in or custom
  • Sets of reports
  • Permissions on reports and report sets for sharing

User-added image
User-added image

CLI Commands Without Admin Rights

This new feature allows users to run CClient CLI commands such as cgetaccount and csetaccount without having to log in as "root".

User-added image
Before this version, Centrify CLI commands required root privileges to run as they would communicate with the platform using the machine credential. With 21.5, it is now possible to run CLI commands in a regular user context – which will prompt the user for credentials that will be used to authenticate against the Platform.

Other Features
  • It is now possible to set / edit a system’s VpcIdentifier. Previously the VpcIdentifier was set automatically on EC2 discovery and the VPC information was shown on the Details page, however for systems that were added manually that are in a VPC there was no way to set the VpcIdentifier. There is now a VPC Identifier field on a system’s Settings tab that can be set as needed.
  • All Cloud Suite packages (Linux and Windows) have been updated in this release to match those supplied with Centrify Server Suite release 2021.
Notice of discontinuation
  • With this release we have dropped browser extension support for Microsoft Internet Explorer version 11 due to Microsoft end-of-life-ing the product and to improve the security posture of the cloud service.
  • With this release support for TLS 1.1 has been fully deprecated from Centrify cloud products, including mobile apps. Only TLS 1.2 and above are now allowed.
  • This release includes the final release of self-hosted Privileged Access Service. Customers using self-hosted Privileged Access Service should migrate to using Hyper-scalable Privilege Access Service.  

Changes for Hot Fix 1

  • Resolved an issue where in some cases after the 21.5 back end upgrade the Reports tab was missing from the PAS Portal (301523).
  • Improved performance when a system is deleted from PAS (300292).

The following list records issues resolved in this release and behavior changes.

  • By default, strict transport security (HSTS) is now turned on in IWA Web server response in the Connector service. There are two new registry settings that control HSTS:
    1. EnableHSTS     values 0/1       default 1 (on)
    2. HstsAge            integer             default 31536000
  • The pg_restore script in self-hosted Centrify Privilege Access Service can now accept ‘[‘ in passwords (CC-78637).
  • Custom OpenID Connect apps can now be created in self-hosted Centrify Privileged Access Service and Hyper-scalable Privilege Access Service (CC-78116).
  • Performance has been improved in Hyper-scalable Privilege Access Service when there is a large number of sets defined (CC-78350).
  • Set-based permission now works when enrolling a system that was added via discovery (CC-78425).
  • A new configuration parameter is supported by cedit, agent.autoedit.disabled, to disable auto-editing of NSS and PAM configuration files. The default is false (CC-76049).
  • Selecting LDAP users in reports no longer causes bad HTTP request errors (CC-78076).
  • The Centrify Android app has been updated to correct aspect ratio issues in the mobile authenticator (CC-78724).
  • Resolved an issue with local administrative account provisioning on UNIX/Linux machines. It is again possible to select a discovered UNIX/Linux machine and select “Provision Local Administrative Account” as an action (CC-78598).
Supported Platforms

Centrify Connector
  • Windows Server 2012r2, Server 2016, Server 2019
Self-hosted Centrify Privileged Access Service
  • Windows Server 2012r2, Server 2016, Server 2019
Hyper-scalable Centrify Privileged Access Service
  • Windows Server 2016, Server 2019
Centrify Clients for Linux

Client for Red Hat 6:
  • Red Hat Enterprise Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
  • CentOS 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
  • Fedora 33, 34
  • Oracle Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
  • Amazon Linux 2 Latest Version
Client for Red Hat 7 (ARM architecture):
  • 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
Client for SUSE 12
  • SUSE 12 SP3+, 15

Client for Debian 9
  • Debian 9.0 – 9.13, 10.0 – 10.9
  • Ubuntu 18.04LTS, 20.04LTS, 21.04
Client for Alpine Linux 3
  • Alpine Linux 3.13
Client for CoreOS
  • Latest Version
Centrify Client for Microsoft Windows
  • Windows 10 LTSB/LTSC, Windows Server 2012r2, 2016, 2019 LTSC
Windows PAS Remote Access Kit
  • Windows 10, Server 2012r2, Server 2016, Server 2019
Centrify app for Android
  • Android 5 (API level 21) and later
Centrify app for iOS
  • iOS 12 and above

(Tested systems and devices for Privileged Access Service are listed in the documentation)