Today at the RSA conference, Centrify is announcing that multi-factor authentication is now available throughout the entirety of their identity and access management offerings. This is just the latest in string of new MFA options that Centrify has rolled out. Let’s take a look at the highlights.
Today’s MFA expansion
Multi-factor authentication has always been available for Centrify’s cloud-based identity platform. However, more recently they’ve added MFA for more server use cases; last week they announced support for derived credentials on mobile devices; and now they’re adding support for anything that can authenticate with OAuth tokens; as well as MFA for VPNs. The main selling point is MFA can be implemented across many different resources with a single management platform controlling all of it.
Centrify’s MFA options include their mobile app (which also supports watches and fingerprint readers), voice calls, text messages, soft token one time passwords, smartcards and derived credentials, and third-party authentication services that can be integrated via OAuth. (One example of this is Centrify’s partnership with Yubico, announced yesterday.)
Centrify is also emphasizing adaptive authentication to go along with MFA. For them adaptive authentication means being able to build rule sets based on user, role, app/destination/resource, device, device management status, time, geolocation, or network.
Remember that besides their end user-facing ID and mobility management, Centrify also does ID management for servers and privileged accounts: In this case they can use adaptive authentication to do step up authentication and ask for a second factor when administrators run commands that require elevated privileges.
Last week Centrify announced support for derived credentials, which makes it possible to use smart cards with mobile devices.
Smart cards, used in conjunction with PINs, are common in the federal government, but obviously are difficult to use on mobile devices, since mobile smartcard readers and dongles haven’t really caught on. So instead, users can take their smart card and PIN and log in to a portal on a desktop or laptop, and then a derived credential will be created and pushed down to their mobile device with MDM. Centrify added smart card support for computers late last year.
In conjunction with these new capabilities, Centrify also announced a partnership with BlackBerry to provide derived credential support inside of the Good Dynamics container.
What else has Centrify been up to?
They’ve been going after more extended enterprise use cases. They exposed the Centrify platform itself as a SAML service provider, making it easy for customers to accept federated identities from business partners. They also support social logins from Facebook, LinkedIn, Google, and Microsoft accounts, and they also support OpenID Connect.
Last fall they Centrify announced support for Android for Work, Chromebooks, and deeper Google Apps integration.
All of these improvements are in the context of the increasing importance of ID management: It’s important for security, since so many large breaches can be traced to poor ID management practices. It’s important for end user computing, since companies are adopting more cloud apps, and mobile devices simultaneously need new ID tools to make them effective and can also provide value by acting as other types of new tools.