Centrify - Many solutions in one package
July 25, 2016
Centrify - Many solutions in one package
Score 10 out of 10
Overall Satisfaction with Centrify Identity Service
We first chose to use Centrify just as a federation alternative for ADFS for use with Office 365. It gives our users the same seamless SSO that they got from ADFS and it provides us with granular MFA and better security to meet the requirements of our company security policies. After implementing Centrify for federation, we found that we were able to replace several existing systems with what was already included with our Centrify subscription. We replaced BES, AirWatch, and Good with Centrify for our MDM solution; we of course replaced ADFS; we replaced SecureAuth for SAML assertions; and we are bout to replace DirSync with Centrify provisioning. This solution also became the default user portal for access to our web-based applications and hosted services, which simplified our users' access when away from our office.
- Implementation of the Centrify solution for federation with Azure/Office 365 takes about 15 minutes versus the several hours it can take to stand up other solutions.
- Mobile Device Management (MDM) has granular controls for administrators yet is very easy for our users.
- I have been in the IT field for over 20 years, and the technical support at Centrify is by far the best I have ever encountered.
- Granular Multi-factor Authentication (MFA) works perfectly and is easy to set up and maintain.
- If you ever have to re-federate with Azure/Office 365, it only takes a few minutes, which is amazingly fast in comparison to other solutions we have tried in the past.
- Establishing SAML assertions is well documented and easily accomplished. If you do run into any issues, Centrify technical support will assist you.
- Centrify is excellent about proactively sending communications regarding problems and maintenance releases.
- The Centrify Identity Service solution is constantly being updated and improved to not only bring new features/innovations, but also to make sure that everything is kept safe against the latest security threats.
- As a customer, I truly get the impression that my business is important to Centrify and they try to be a good business partner.
- Centrify listens to suggestions regarding the product development. This is true for suggestions regarding the admin/user interface as well as requests for new features.
- I wish the setup for Centrify MDM with Android for Work was more streamlined like the way they have the Office 365 federation. This may be something that Centrify can't improve since it involves Google.
- We have had a few issues with mobile devices not updating their settings as quickly as we would want.
- I would love to see a client-side application for use with FIDO devices such as YubiKey.
- It's difficult to really provide many cons for Centrify since they trend to be very proactive. At least half the time that I have a suggestion for them, it turns out that they have just released or are about to release the feature I'm requesting. Like I said in the pros section of this review, Centrify has the best support team I have encountered in over 20 years of being an IT professional.
- I would love it if Centrify were to release a hosted SSLVPN solution so that we could get away from needing a dedicated on-prem SSLVPN appliance.
- We have saved a lot of money by being able to decommission three on-prem MDM solutions as well as decommissioning the solution we were using for SAML assertions and MFA.
- We are now able to offer corporate email on all users' mobile devices at no additional cost since the MDM license is included with the user license with Centrify. With our previous solutions, we had to purchase a new license for each user. We went from having a few hundred mobile users to having over half the company using Centrify MDM for email access on their mobile devices. This makes our employees more efficient and easy to contact.
- We used to have IT employees that spent the majority of their time managing SAML, MDM, ADFS, and the infrastructure required for those systems on-prem. Now those employees are able to focus on other systems and responsibilities, making our IT department more efficient.
We started off using ADFS from Microsoft, which took most of a day to get fully functional and nearly a week to get fully optimized. The documentation was inconsistent with ADFS and there was no real support without opening a Microsoft Premier Support ticket. At the time, if you turned on Multi-Factor Authentication (MFA) for Office 365, it turned it on for everything without any granularity. Our Information Security department said that MFA was a requirement for offsite access to our email systems, but users didn't need MFA when onsite. We looked at Okta, OneLogin, and Centrify at the same time. Centrify was the only one that responded quickly and offered a free POC with support included. We tried to deploy the Okta solution on our own, but ran into issues due to some of our non-standard AD configuration. We never received a return call from OneLogin. The Centrify POC took about 15 minutes to complete for basic functionality and a couple of hours to work out the issues related to our environment. We have been very happy with the Centrify solution and went live with our POC.
Centrify is a great solution for anyone looking to start using Office 365. It is also a great solution for anyone wanting to provide their users with an SSO solution using OAUTH, Federation, or SAML for any hosted service. If you are looking to use Centrify for MDM but you aren't using a hosted/hybrid email solution such as Office 365, there are better on-premise options that should be explored.
Using Centrify Identity Service
3200 - Centrify is used for AD federation with Office 365, so every user that requires email is a user of Centrify even if they aren't aware of it. We also use Centrify as our MDM solution, so about half the company is familiar with Centrify for this function. We also use Centrify as a user portal for our external users so that they have access to al of their web-based applications from one page (with MFA)
We have one general administrator that has access to all features within Centrify. There is a backup administrator with full access to all the features within Centrify, but he is only called on in the event that the primary administrator is unavailable. We also have two administrators that handle all MDM deployments for mobile users. The general administrators have access to the MDM functions but do not normally perform this function and the MDM administrators do not have full administrative access to all the functions within Centrify.
Centrify Identity Service Support
I have been an IT professional for over 20 years, and the Centrify technical support team is the best I have encountered in those years. Since we use Centrify for federating our AD with Azure/Office 365, there are sometimes issues that are related to Microsoft's environment rather than Centrify's services; when we end up calling Centrify support regarding an issue that turns out to be a Microsoft problem, the Centrify engineers will continue to follow the problem to make sure that our issues are resolved, even though the issues aren't related to Centrify.
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
Yes - The issue was related to MDM functionality, and I was given immediate access to the highest level engineers for troubleshooting. Centrify worked on the issue continuously until the problems were resolved, and they kept me informed on their progress. The communication and troubleshooting were excellent and fast, and once they found the bug and corrected it, I was involved in confirming the issue was resolved. I felt very included and important.
Every time I have called in about anything, and I have been impressed with the service and technical expertise of the Centrify support team. The most recent time I called in was a few weeks ago on a Sunday morning when we experienced some issues with MFA not fully functioning. The problem ended up being related to a telecom provider, but I was able to reach a support engineer immediately and he kept me informed on the progress of the issue until it was resolved.