Security Your Way – With Centrify Identity Service

Model TI’m sure you’ve all heard Henry Ford’s famous quote (in reference to the Model T): “Any customer can have a car painted any color he wants so long as it’s black.” Of course, Ford’s intention in only offering one color was not to disappoint the customer; it was to optimize the efficiency in which the company could mass-produce their cars.

Well, we’ve come a long way from that paradigm as we’ve seen with the mass-customization available for products from major brands today.  Unless you’ve been living under a rock, you are undoubtedly aware that Apple is launching their watch in a couple of weeks. At launch, the Apple Watch will be available inKyrie 1-Centrify ID 38 different styles (sizes and band colors), and will be further customizable with the interchangeable bands that will come after launch. Similarly, Nike and Adidas have allowed customers the option to create custom shoes from their website for years (like the Centrify Kyrie 1’s pictured here).

At Centrify, we think having things your way shouldn’t be limited to consumer products. We believe that the best software and security products also give customers the power to customize to meet their unique needs.   Enterprise software products must be built to work in harmony with solutions and infrastructure already in place in the customer’s environment.  This has been a driving principle in how we’ve architected Centrify Identity Service.

From the start, we’ve included a full Enterprise Mobility Management solution in the product. However, if the customer already has another vendor’s EMM solution in place, no problem, they can continue to use that right alongside our solution.  When we added our cloud-based policy engine to the product, we gave our customers choice in where they want to manage policies for mobile devices: in our cloud or in Active Directory.

You’ve also heard us talk about a hybrid directory approach whereby user identities can be stored in the Centrify Cloud Directory, on-premises (in Active Directory or LDAP), or a combination.  This hybrid solution is really about giving customers the freedom to choose how they use our service.  Providing choice in deployment options serves two purposes:

  1. It allows the customer to leverage their existing investments in their infrastructure;
  2. It enables a wide variety of use cases.

Let me expand on point 2 above.  Let’s say a customer wants to provide single sign-on, and mobile device management to four sets of users:

  1. Employees (with identities in AD)
  2. Employees of a subsidiary (with identities in AD, but in an independent forest)
  3. Customers (with identities in LDAP)
  4. Partners (with identities in the Cloud)

Centrify Identity Service enables this deployment scenario by giving our customers the choice of which directories to integrate into their SSO and mobile solutions, while maintaining the security and simplicity they have already built in to their environments.  When adding a directory to our service, the customer simply installs our Cloud Connector on their network to securely proxy authentication requests.  We don’t replicate those on-prem directories to our cloud — there’s no need to (they are always current and secure where they are), and the Cloud Connector allows us to leverage what the customer already has in place.

LDAP-choice Diagram

At Centrify, we believe in choice, and Centrify Identity Service was built for our customers to have it their way.