Updated 2 November 2021
New Features for Centrify Vault Suite
Expanding on our MFA everywhere best practice, this new release supports MFA redirection for additional authentication factors, allowing users to perform MFA on behalf of another user. An example use case is for system administrators with multiple accounts – a main low-privilege account for routine tasks such as email and web surfing, and additional “dash-a” or “alternate admin” accounts used for privileged tasks. Second factors need only be configured on the main account but will be applied when using any alternate admin accounts and an MFA policy is triggered.
This feature is a huge step up in convenience and security, reducing 2nd-factor maintenance for admins. This capability also applied to apps using application accounts that require additional proof of legitimacy from a human, adding an extra layer of MFA assurance.
ServiceNow MID Server Plugin update
In addition, with this release, we continue to enhance our support for the popular enterprise platform, ServiceNow. Our MID Server integration now supports multiple credential types.
Notice of discontinuation
- Self-hosted Privileged Access Service has been deprecated and is no longer updated with each release, the last release being 21.5. Customers using self-hosted Privileged Access Service should migrate to using Hyper-scalable Privilege Access Service.
- As a performance improvement, the 'Rights' column from the Server and VaultAccount tables in reports will be eliminated in a future release. This column is expensive to calculate and not needed in most use cases of these tables. If you have existing custom reports that reference the 'Rights' column in the VaultAccount or Server tables, they will need to be updated to remove the column reference. If not updated, custom reports that use this column will cease to function when the 'Rights’ columns are removed (CC-78591).
Changes in Hot Fix 1
- Resolved an issue where performing step up authentication challenges with a user that had MFA redirect enabled would cause the challenge to fall into an infinite challenge loop (355167).
- Fixed an issue where setting a redirected user and then changing to another user would occasionally revert to the original user.
The following list records issues resolved in this release and behavior changes.
- Commas in DBPassword are now supported and no longer cause errors in sub scripts (CC-76357).
- The license key is now checked on new installations in Hyper-scale Privileged Access Service (CC-78834).
- Periodic updates to Connectors now only update the connector if something has actually changed (CC-78845).
- It is now possible to retrieve an SSH key from a report (CC-77169).
- When launching apps via the Gateway, an app will fail to launch with an unauthorized exception when blocked by policy (CC-78463).
- Enabled native RDP and SSH services are now shown on a system’s Connector page for tenants on AWS pods (CC-78726).
- Maps are now shown in appropriate v2 reports (CC-78808).
- Sorting now works for v2 reports on AWS pods (CC-78809).
- Resolved an issue where in some cases after the 21.5 back end upgrade the Reports tab was missing from the Portal (301523).
- Improved performance when a system is deleted from the Privileged Access Service (300292).
- Windows Server 2012r2, Server 2016, Server 2019
Hyper-scalable Centrify Privileged Access Service
- Windows Server 2016, Server 2019
Centrify Clients for Linux
Client for Red Hat 6:
Client for Red Hat 7 (ARM architecture):
- Red Hat Enterprise Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
- CentOS 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
- Fedora 33, 34
- Oracle Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
- Amazon Linux 2 Latest Version
Client for SUSE 12
Client for Debian 9
- 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
Client for Alpine Linux 3
Client for CoreOS
- Debian 9.0 – 9.13, 10.0 – 10.9
- Ubuntu 18.04LTS, 20.04LTS, 21.04
Centrify Client for Microsoft Windows
- Windows 10 LTSB/LTSC, Windows Server 2012r2, 2016, 2019 LTSC
Windows PAS Remote Access Kit
- Windows 10, Server 2012r2, Server 2016, Server 2019
Centrify app for Android
- Android 5 (API level 21) and later
Centrify app for iOS
(Tested systems and devices for Privileged Access Service are listed in the documentation)