Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Centrify 21.8 Release Notes

3 December,21 at 10:56 PM

Updated 3 December 2021

 

New Features for Centrify Vault Suite

Prompt for justification on non-workflow based operations

With release 21.8 of Privileged Access Management, customers can now prompt for justification on non-workflow based operations, such as login or check-out. Before this release, only workflow requests would allow administrators to enter justification.

This can be set at the System-level (for all interactive login sessions on that system) or at the Account-level (for all login and check-out operations on that account). As usual, this setting is also available as a Policy setting that can be enabled for sets of Systems / sets of Accounts:

System-Level:

1.png

Account-Level:
2.png

Policy:
3.png
4.png

 

New Features for Centrify Cloud Suite

Granular Privilege Elevation for Cloud Suite (GA)

Release 21.8 of Cloud Suite enables customers to define granular Privilege Elevation commands for users so that they can elevate privileges to run only the applications and commands that they're allowed to. For convenience, application and command privileges can be grouped into Sets, and the Sets applied globally to all systems, to Sets of systems, or individual systems.

5.png

More information on this feature can be found here:
https://stage-docs.centrify.com/Content/Infrastructure/clients/privilege-elev-commands.htm

 

Linux Identity Management (GA)

This new feature will enable customers to do UID rationalization for Linux systems. Before release 21.8, PAS would assign random UIDs for users when they logged in to systems. With 21.7, customers can control which UIDs users should assume when logging in to Linux systems, as well as the home directory, username, GID, shell, etc. This is similar functionality that Server Suite provides for Active Directory accounts, but with the Cloud Platform, this can be applied to any backend directory that is being used.
 

Mobile offline password rescue for Linux and Unix systems

You can now perform offline password rescue for Linux and Unix systems from Android and iOS devices. (303106, 391884, 391886)
 

EULA display change

You can now read our end user license agreement (EULA) at https://www.centrify.com/eula. Our installers and downloadable items now point to that link directly. (351774)

Notice of Discontinuation

None.

Changes

The following list records issues resolved in this release and behavior changes.
  • Fixed how the Policy Summary tab threw an error for Generic SSH System accounts. (306872)
 
  • Fixed an issue on Linux systems where AgentAuth was re-enabled in the client after disabling it through cedit. (353740, CPSSUP-1877)
 
  • Fixed the issue where the domain account password checkout kept timing out. (365527, CPSSUP-1874)
 
  • Previously, we prevented random passwords from having 3 characters that are adjacent on a keyboard (these are called spatial sequences). We still limit spatial sequences overall but no longer prevent random passwords from having spatial sequences of more than 2 characters. (384375, CPSSUP-1899)
 
  • Fixed an issue with some bookmark gateway apps that use an external URL where you couldn't open the app after opening it the first time. (384561, CPSSUP-1888)
 
  • MFA Redirect is now supported for Radius Clients authenticating by way of the connector. (385291)
 
  • Fixed an issue with complex glob expressions for privilege elevation commands. If you have a complex expression, you can use either a glob or regular expression. (386141)
 
  • The Connectors page now shows the DNS hostname for each Connector. (386159)
 
  • Fixed an issue where in some cases, Yubi Key and OATH options for MFA would not be available when MFA redirect is enabled for a user. (390347, CPSSUP-1907)
 
  • Fixed an issue with the GetGroupMembers API so that it returns the correct home directory for the Linux user. (303093)
 

Supported Platforms

Centrify Connector

  • Windows Server 2012r2, Server 2016, Server 2019

Hyper-scalable Centrify Privileged Access Service

  • Windows Server 2016, Server 2019

Centrify Clients for Linux

Client for Red Hat 6:
  • Red Hat Enterprise Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
  • CentOS 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
  • Fedora 33, 34
  • Oracle Linux 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
  • Amazon Linux 2 Latest Version
Client for Red Hat 7 (ARM architecture):
  • 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3
Client for SUSE 12
  • SUSE 12 SP3+, 15
Client for Debian 9
  • Debian 9.0 – 9.13, 10.0 – 10.9, 11
  • Ubuntu 18.04LTS, 20.04LTS, 21.04
Client for Alpine Linux 3
  • Alpine Linux 3.13, 3.14
Note that before you uninstall the Centrify Client for Linux from an Alpine Linux system, you must unenroll the system first. The Alpine Linux package manager doesn't allow the service to verify that the client is unenrolled from Centrify PAS before uninstalling. If you uninstall the client without unenrolling first, you won't be able to log in to the system anymore.

Centrify Client for Microsoft Windows

Windows 10 LTSB/LTSC, Windows Server 2012r2, 2016, 2019 LTSC, Windows 2022

Windows PAS Remote Access Kit

Windows 10, Server 2012r2, Server 2016, Server 2019

Centrify app for Android

Android 5 (API level 21) and later

Centrify app for iOS

iOS 12 and above

(Tested systems and devices for are listed in the documentation)