Centrify for Mac enables you to easily implement Active Directory-based management for both connected and remote Mac OS X systems. By leveraging your existing identity infrastructure, processes and trained IT staff, you can reduce costs and improve operational efficiency.
Unified Identity Services (Identity, Access and Privileges)
Centralized Administration with Best-in-Class Active Directory Integration
- Best-in-class Active Directory integration for user authentication and user and group management.
- Robust identity management simplifies enterprise integration using auto-zone or Zone-based user identities
- Granular user access management lets you authorize access for everyone, groups of users, or a specific user.
- Offline user access controls can be managed through cached credentials (like Windows) or, for mobile users, can be auto-configured with their local home directory.
- Remote administration privilege management lets IT grant remote access permissions and local admin privileges to an Active Directory group of users (Mac admins).
- Smart card login to Active Directory provides strong authentication and SSO to enterprise services.
Integrated Software Agent & Cloud Service for Unmatched Flexibility
- Centralized authentication, authorization and administration of end-users' Macs and mobile devices within Active Directory, enabling IT to provide end-users their platform of choice without sacrificing efficiency or security
- Leverage familiar Windows-based tools, thereby reducing the cost of managing Macs and mobile devices and allowing end-users to safely use their desired systems
- Active Directory-based administration also enables separation of duties, so Mac admins within a department can be granted specific rights to perform their jobs
- Instead of configuring endpoint devices one by one, you can centrally enforce the industry's broadest set of policies across workstations, laptops and mobile devices
- Non-intrusive solution deploys without installing software on servers or requiring any changes to the Active Directory schema
World-Class Support and Expertise
- Includes a cloud-based architecture for managing remote Macs that leverages Apple's mobile device support and profile-based management
- Provides administrators and users with capabilities such as remote lock and remote wipe functions, application inventory, user self-service management, security policy enforcement, and auto configuration of network and wireless access — all designed to simplify the end-user experience
- IT staff has the flexibility to use a single solution to manage Macs using a combination of both on-premise software and cloud-based services to address the myriad of Mac use case scenarios.
- 24x7 worldwide support with deep expertise in all aspects of Mac administration and Active Directory integration
- Specialists are dedicated to ensuring a successful deployment even in the most complex environments.
- As a strategic partner with Apple, Centrify delivers product updates as Apple releases new operating systems — ensuring you and your users are always operational.
- Access to an active Centrify online community involving thousands of IT professionals provides real-world deployment advice, best practices information, and unique insights into the issues you care about most.
- Supported Platforms
- Enable Active Directory-based management and security policy enforcement for Mac, iOS and Android devices
- Centrify Cloud Service extends management for updating of security policies as well as lock or wipe Macs and mobile devices
- Use familiar Windows tools such as Group Policy to centrally manage access to services and enforce security policies
- Centrally manage Macs regardless of location: in the office or on the road
Simplified User Access and Management
- Automate device configuration for remote access, including Wi-Fi and VPN access, PKI auto-issuance and auto-renewal
- Ensure trusted security functions with FIPS-certified cryptographic services
- Implement two-factor authentication for CAC and PIV smart cards
- Enable authorized user accounts to unlock and access encrypted disks through Apple's Filevault 2 Full Disk Encryption
- Automated certificate enrollment secures access to Exchange, VPN and Wi-Fi connections, ensuring only assigned users can access sensitive corporate information
- Broad support for all popular device platforms and OS release levels ensures compatibility across all Mac and mobile devices
- Inventory devices and applications across your entire enterprise, organized by user, group or device, to easily track and enforce the status of both company-owned and user-owned devices
- Detect rooted and jail-broken devices to improve security and minimize vulnerabilities within your environment
- Mac OS X systems transparently connect to network file shares hosted on Microsoft Distributed File System (DFS) volumes
- Simplify access to Wi-Fi and VPN networks through strong certificate-based authentication
- Provide users with Zero Sign-On to authorized web applications
- Self-service user portal enables end-user management of Macs and Mobile devices
Configuration and Security Policy Enforcement
Centrify provides the industry's most comprehensive set of policy-based controls for configuring and securing Mac systems, whether they are managed locally on-premise or remotely via the Centrify Cloud Service.
- Comprehensive Group Policy-based management automates computer and user configuration and policy enforcement.
- Hybrid on-premise and cloud-based management for local and remote Macs includes Remote Lock or Wipe feature.
- Automated certificate management provides strong authentication to wired and wireless networks.
- Automated FileVault 2 configuration protects data at rest through full-disk encryption supporting institution recovery.
- Comprehensive enterprise system configuration controls:
- Internet sharing
- Network configuration for DNS, proxies
- Login scripts
- Automount configuration to simplify user access to network shares
- Robust classroom configuration and policy enforcement
- Desktop lockdown with controls for Finder, storage media, preferences and applications
- Network home directories on AFP, SMB or DFS shares
- Seamless enterprise access to file servers, printers and applications
- Comprehensive Group Policy-Based Management
Group Policy enforcement of centrally defined security policies enables IT to meet compliance requirements. Group Policies are enforced using a combination of approaches to update plist files and standard config files, to enforce MCX settings and even to create profiles for local enforcement. Additionally, the Centrify Cloud Service can enforce several security policies and configure access to company resources through delivery of profiles and certificates to remote Mac and mobile devices, empowering IT to embrace "bring-your-own-device" initiatives. Centrify provides a complete set of policy and configuration settings to enable Windows-centric admin staff to manage all aspects of the Mac as well as mobile devices leveraging the processes and skills of a familiar infrastructure, Group Policy.Comprehensive Group Policy-Based Management
Robust, Integrated Support for Smart Cards on Mac OS X
Centrify User Suite Mac Edition supports CAC, CAC NG, PIV and PIV-I smart card-based login to Active Directory in the same fashion as Windows systems, ensuring strong authentication and single sign-on to other applications and services for Active Directory users. Smart card login combined with Centrify's ability to enforce security policies
required in high security environments helps to ensure compliance with corporate and federal policies, enabling further adoption of Mac OS X systems in these environments.
Centrify's support for the DoD's Common Access Card (CAC) standard is certified by the Joint Interoperability Test Command (JITC)
, bringing Mac OS X (and Red Hat Linux systems) into compliance with Homeland Security Presidential Directive 12 (HSPD-12).
Need CAC/PIV Support for U.S. Federal Resources?
If you're a U.S. federal, military or contract employee, you can use our free Mac Smart Card Support for CAC and PIV cards to access protected websites, VPNs and secured email:Download Now