Understanding Account Migration on Centrify for Mac OS X

Account Migration, or Account Mapping can be a tricky concept to understand at first, but once you get your head around the idea of home directory locations and the importance of user UIDs – the next step to comprehension is only a short hop away. First, let’s understand the original purpose of Account Migration: Imagine a user that has been logging into their Mac with a regular local account, all their documents, settings and other stuff is stored locally on the machine in their local home folder. The Mac is joined onto a domain and the user can also use…

DirectAuthorize for Windows: Video Chalktalks on Superuser Privilege Management

I’m very happy to tell you that we’ve just posted five new Video Chalktalks on Centrify’s DirectAuthorize for Windows! Rich Loose, Director of Engineering at Centrify, leads us through a technical ‘deep dive’ into the architecture of DirectAuthorize, and how it’s designed to enable users and administrators to run privileged applications and services on Windows Servers without the risk of adding more Local Administrators or Domain Admins to your IT environment.

Just Out: Centrify Suite 2013 R2 (aka 2013.2)

Today Centrify announced that it has shipped Centrify Suite 2013 Release 2 (“2013.2”), a pretty significant update to our flagship Centrify Suite that provides an integrated “Active Directory Bridge” plus Privileged User Management solution for Windows, UNIX and Linux systems (including user-level auditing), as well as additional capabilities such as server isolation and encryption of data-in-motion. Featuring advanced security configuration and ease-of-use functionality, as well as improved auditing and reporting capabilities, this new release of the Centrify Suite has been specifically designed to further enable organizations to quickly and effectively mitigate risks from internal threats, meet compliance requirements, and reduce operational costs across the broadest set of cross-platform systems deployed on-premise and in the cloud. In this blog post I will drill down a bit into some of the new functionality we introduced in Centrify Suite 2013.2.

What Is SystemCACertificates.keychain and How To Use It

Did you know that you can make your Macintosh trust most DoD Military CAC Cards easily? Many Government Employees, Uniform Military Personnel and Federal Contractors are probably completely unaware of this neat little Macintosh feature that instantly does away with the headaches and frustrations that often come when provisioning a Macintosh for CAC card access.

The Different Types of Accounts on Mac OS X

Go into the System Preferences > Users & Groups on a Mac, look on the user list on the left side and you will invariably see at least one example of the three main types of accounts on Mac OS X: So what do all those little subheadings mean? You may recall that Mac OS X accounts are essentially made up of two components; their profile index (the user record) and their home folders (the actual workspace). To stretch this concept further (and hopefully make it easier to explain…), imagine a Mac system as an office building, and each of the accounts…

Options for Federated Identity for Office 365, Part 2

Active Directory Federation Services (ADFS) and Centrify are both two good options for “federated identity” for Office 365, which, as a reminder, is where user authentication for your cloud-based Office 365 actually occurs with your on-premise Active Directory. As I discussed in prior blog posts, federated identity is one of the key identity management scenarios for Microsoft Office 365, and in my last blog post I walked readers through some of the differences between ADFS and Centrify for Office 365 specific to the on-premise infrastructure and labor required between the two solutions. In this blog post I want to highlight some of the other differences between ADFS and Centrify for Office 365.