We are happy to introduce Centrify for Mac 2014.1, which builds upon our best-in-class Active Directory integration to provide users with Single Sign-on (SSO) to our catalog of more than 3000 web and SaaS Apps through integration with the Centrify Cloud Service. The integration with the Centrify Cloud Service also provides IT admins with remote management of Macs as well as the user’s mobile devices. This release also provides expanded support for Smart Cards with integrations into other popular applications such as Firefox, Thunderbird and the DoD Encryption Wizard.
We built Centrify for Mac to empower Corporate IT to manage Macs and now mobile devices within the Windows centric environments these devices are being brought into. Since many of the Macs coming into the environment are laptops, we wanted to ensure that IT is in control of the laptop even when they are taken home or on business trips. The Centrify User Suite provides both Single Sign-on services (we sometimes call Zero Sign-On since the user needs to only login to the laptop to gain SSO to all the apps they are authorized to access) as well as policy enforcement and remote management tasks. Centrify’s hybrid management solution provides flexibility to enforce policies for Macs both on premises as well as remote to ensure that, for example, the local disk is encrypted and if the Mac were to be lost or stolen that IT can remotely lock or wipe the corporate data to prevent data loss.
Hybrid AD- and Cloud-based Mac Management
With this release we made it simpler for IT to join the Mac to Active Directory, and at the same time enroll for cloud-based management.
Centrify Join Assistant has been enhanced to enable IT to enroll the Mac into the Centrify Cloud Service at the time the computer is joined to Active Directory. This will ensure that the Mac adheres to corporate security policies and that IT can manage the Mac even when it is taken out of the office.
FileVault 2 disk encryption is provided by Apple to ensure that a Mac’s local storage is encrypted to prevent unauthorized access to the information stored on these laptops. Centrify can both control the policy to require FileVault as well as report on the status of the local storage encryption for compliance purposes.
MobileConfig profiles can be delivered through Group Policy to support custom profiles that that contain specific settings for an application or other aspects of the operating system. This enables IT admins to use one of several Apple tools such as Apple Configurator or Profile Manager to create a custom profile that defines settings which are not built into the Centrify Group Policy settings. Once the profile is defined, Centrify can use Group Policy to deliver the new profile containing the custom settings to the Macs that are joined to Active Directory. Support for customer MobileConfig profiles also enables Centrify to support any new OS X setting that Apple may provide on Day 1 without any additional changes.
Zero Sign-on to web apps for Mac Users
Centrify for Mac users will now get Zero Sign-On (we call it ZSO) access to the Centrify User Portal for access to our catalog of more than 3000 web and SaaS apps while in the office, as well as on the road or at home. Once the administrator enrolls the Mac for Cloud Service, Centrify auto-configures a certificate for the user so they can just click on the Centrify User Portal app icon in the Applications folder to seamlessly access the User Portal.
Once the user clicks on the Centrify User Portal, the browser will open to the Centrify Cloud Service and provide access to the user portal without requiring the user to login. (Obviously, you’d want to make sure you have the screen saver configured that requires password for wake or screen unlock.)
Expanded Smart Card Support for Other Applications
Several of our customers use Centrify for Mac Smart Card to enable end user login to Active Directory using their Smart Card to meet HSPD-12 requirements. Within these environments, we found several other applications that required integration in order to support Smart Card usage for login and encryption operations.
Firefox and Thunderbird, as well as any other NSSDB compliant application, can now use Centrify to enable access to the Smart Card PKI credentials. Centrify has a Group Policy to auto-configure support for these NSSDB applications. Just turn it on and tell us which apps you need configured.
The DoD Encryption Wizard (http://www.spi.dod.mil/ewizard.htm) is becoming a more popular way to encrypt and decrypt files and folders to ensure privacy during transit. Just turn on the Group Policy to enable this support and Centrify will auto-configure support.
We’ve also added support for a Smart Card login required exemption group so that if a user were to forget their Smart Card, IT can just add them to an AD Group to allow them to login with their username and password, which they normally can’t do based on the security policies in place. Leveraging an AD Group simplifies the process to enable the user to login and be productive without changing security policies for his workstation; plus you can delegate management of the AD Group to the security officers who need to add and remove users from this group.
Additionally, Centrify has also extended our support for Smart Card login to Active Directory to the CentOS 5.x and 6.x platforms in addition to our support for Mac and Red Hat Linux workstations.
To learn more click here https://www.centrify.com/solutions/mac-and-mobile/
Or to request a trial click here https://www.centrify.com/free-trial/