Centrify Express For Mac

Posted on by

Centrify Express is an Active Directory based authentication and single sign-on to cross-platform systems. It used to integrate Linux and Mac systems with Windows. Centrify Express installs a program called the DirectControl agent on a UNIX system so that computer can be a managed system and can be joined to Active Directory in the same manner as a Windows computer. When a computer is managed by DirectControl agent and connected to a domain, all users and groups defined in Active Directory for the forest automatically become valid users and groups on the UNIX machine unless configured to deny or allow specific users or groups access. These users can perform the following common tasks:

Centrify Express is a comprehensive suite of free Active Directory-based integration solutions for authentication, single sign-on, remote access, file-sharing, monitoring The #1 Choice for Active Directory Integration and cloud security for cross-platform systems. It is the quickest and most proven solution for integrating UNIX, Linux and Mac systems with Windows, and delivers more functionality and more to upgrade to when compared to other free offerings. Enabling Mac Enrollment and the new Mac Agent The new Centrify Mac agent replaces our existing web enrollment for Macs. This feature is optional and can be enabled in our cloud policy by enabling Mac enrollment. Users can be prompted to enroll their Macs whenever they visit the user portal from a Mac that is not currently enrolled. Centrify Express is an Active Directory based authentication and single sign-on to cross-platform systems. It used to integrate Linux and Mac systems with Windows. It used to integrate Linux and Mac systems with Windows. Centrify Express makes it easy to join Mac OS X systems to Active Directory so users can login using their Windows credentials. For more information on Centr.

Centrify Express For Mac
  • Log on to the UNIX shell or desktop program and use standard programs and services such as telnet, ssh, and ftp.
  • Log on to a computer that is disconnected from the network or unable to access Active Directory, if they have successfully logged on and been authenticated by Active Directory previously.
  • Manage their Active Directory passwords directly from the UNIX command line, provided they can connect to Active Directory.

Centrify Express consists of:

DirectControl Express
Joins Linux and Mac systems to Active Directory, giving users multi-platform single sign-on

DirectManage Express
Automates discovery, readiness, and deployment of Express agent for easy integration with Active Directory

Centrify-Enabled Open Source Tools
Use our free, enhanced versions of OpenSSH, PuTTY and Samba for painless integration

Installation.

DirectControl Express installation steps are simple:

  1. On the Linux computer, log on as root.
  2. If necessary, unzip the centrify-suite archive file.
  3. Run the install-express.sh command to install the Express Agent and Centrify-enabled

./install-express.sh

The installation script begins by running the adcheck program to check the operating system, disk space, DNS resolution, network connectivity, Active Directory configuration and other requirements on the computer. If you receive errors or warnings, see the DirectControl Express Administrator’s Guide for information on how to correct them.

When you run the installation script, answer the prompts as follows:

How do you want to proceed? (E|S|X|C|Q) [X]: X

Type X (the default) for Express Mode. For most of the prompts, you can accept the default value by pressing Enter.

Be certain to specify Yes when prompted to join a domain. For an Express installation, the script automatically joins a computer in unlicensed mode. If you manually join a domain after installation, you must manually turn off licensed features. This process is covered in the Centrify DirectControl Express Administrator’s Guide.

Once installed the users can enter their username in the form that they are most comfortable with, saving time and not requiring them to remember or type a domain name. All of these examples work equally well:

  • user.name
  • user name
  • user.name@domain.com
  • domain.comuser.name

One of my favorite features other than the single login, is that you can authenticate Active Directory users accessing Samba shares at add an easier way to add users, keep track of who has access.

Centrify Express supports the following Operating Systems:

Linux

CentOS Linux: 3.8, 3.9, 4.4, 4.6, 4.7, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5 (32-bit & 64-bit)
Citrix XenServer: 4, 4.1, 5 (32-bit)
Debian: 3.1, 4, 5 (32-bit & 64-bit)
Mandriva Linux One: 2008, 2009, 2009.1, 2010, 2010.1 (32-bit)
Novell SUSE Linux: Server 8, 9, 10, 11 (32-bit); Desktop 9.2, 9.3, 10, 11 (32-bit)
Novell SUSE Linux PPC: 9, 10, 11 (64-bit)
Novell SUSE Linux Itanium: 9, 10, 11 (64-bit)
OpenSUSE Linux: 10.1, 10.2, 10.3, 11, 11.1, 11.2 (32-bit)
OpenSUSE Linux: 10.1, 10.2, 10.3, 11, 11.1, 11.2 (64-bit)
Oracle Enterprise Linux: 4, 5 (32-bit & 64-bit)
Red Hat Enterprise Linux: 3, 4, 4.8, 5, 5.1, 5.2 ,5.3, 5.4, 5.5 (32-bit & 64-bit)
Red Hat Enterprise Linux Itanium: 4, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5
Red Hat Fedora: 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 (32-bit & 64-bit)
Scientific Linux: 3.0.8, 3.0.9, 4.4, 4.5, 4.6, 4.7, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5 (32-bit & 64-bit)
Ubuntu: 6.06 LTS, 7.04, 7.10, 8.04 LTS, 8.10, 9.04, 9.10, 10.04 LTS x86 (32-bit & 64-bit)
VMWare ESX Server: 3.0, 3.0.1, 3.0.2, 3.5 (32-bit)
VMWare ESX Server: 4 (64-bit)

MAC

Centrify Express For Mac Smart Card

Apple Mac OS X: 10.4.5+, 10.5.3+ on PPC, 10.4.5+, 10.5.3+ on Intel (32-bit)

Apple Mac OS X: 10.6 on Intel (32/64-bit)

There is a Centrify Suite that has more functionality but at a price. The Centrify Express is free and accomplishes exactly what I was looking for. If you want to intregrate Active Directory authentication into you Linux, Unix, or Mac machines check out Centrify Express it may be just what you are looking for. You can get more information at their website: www.centrify.com/default.asp

With IT organizations looking to connect their non-Windows® resources to Microsoft® Active Directory®, one question comes up quite often: what is Centrify®? In web searches targeted at discovering a way to extend AD, Centrify comes up quite a bit, so it’s important to understand what their product does.

What Was Centrify?

In short, Centrify was an identity bridge. We use the past tense to say that Centrify was an identity bridge because the product recently faced EOL, and Centrify split into two companies—Idaptive® and Centify. Previously, the Centrify Express product extended legacy, on-prem Microsoft Active Directory identities to non-Windows resources such as Mac® and Linux® systems as well as web applications. Centrify was essentially an add-on to on-prem Active Directory infrastructure.

What is Centrify Now?

It seems as though the current incarnation of Centrify will keep the privileged access management components (Linux and network infrastructure authentication). Idaptive, on the other hand, looks to follow the traditional first generation IDaaS path that has been paved by companies such as Okta® and OneLogin™.

What Can’t Centrify Manage?

Express

What we should really be asking when we attempt to define Centrify’s now defunct role is more of a question about the right approach to identity management in the cloud era. Do we want to continue to leverage on-prem hardware and its expenses when the industry is shifting to the cloud? No longer are IT networks based on just Microsoft Windows®. They’re an amalgamation of different types of solutions including G Suite, Office 365, AWS® and GCP, Mac® and Linux® machines, web applications such as Slack, Github, Salesforce®, cloud and physical file servers (NAS devices, Samba file servers, and Box™) and many other types of IT resources. So, with all of these IT changes, why must the directory remain on-prem and require add ons like Centrify to work with all these resources?

Resulting from the shift of IT resources in most environments (Windows-based workstations, wired networks, on-prem file servers) to what we have today in our cloud-forward environment (Macbooks®, WiFi, and cloud storage) IT organizations are struggling to extend their legacy directory service to these modern IT resources. Historically, on-prem identity bridges such as Centrify extended AD to some of these new digital tools, but not all. While it may seem like a good approach, Centrify’s scope was limited in that it still required Active Directory on-prem to fulfill its purpose.

The shift to the cloud is underway; so IT admins really have two options. One is to extend AD identities to these modern, cloud IT resources and the second is to eliminate AD altogether and find a cloud directory service.

Centrify Express For Mac Download

Both options have benefits and drawbacks and each organization’s requirements will be different. In the case of cloud forward organizations, continuing to purchase CALs, maintaining AD implementations, and spending time deploying add-ons to AD are all activities they would like to avoid. For those that are tied to their on-prem identity provider, a Centrify implementation made sense to extend AD to non-Windows resources.

Centrify Express For Mac

How Can I Move on Without Centrify?

What should IT admins do for identity and access management (IAM) in a modern IT network? The short answer is to look at replacing your identity provider (IdP), in this case AD, with something based in the cloud. For many organizations, the most effective cloud IdP is JumpCloud® Directory-as-a-Service®. JumpCloud thinks about the problem of securely connecting users to the IT resources differently. As a cloud-based source of truth for identities from the cloud, JumpCloud can connect you to more resources, more easily than you can using add-ons such as Centrify along with AD.

AD To Non-Windows Resources

But if the thought of having to get rid of all your existing on-prem Active Directory infrastructure is too much, JumpCloud has a solution there too. You can now leverage AD Integration from JumpCloud to fill the gap in your IAM solution left by Centrify’s EOL and extend AD to non-Windows IT resources.

With AD Sync (an add-on component of the AD Integration platform), you can tightly integrate your macOS® devices into Active Directory. End users can leverage their AD credentials to access their Mac systems while also accessing other on-prem Windows resources such as file servers, applications, and other IT resources. Further, with AD Sync end users can change passwords directly on their Mac systems which will automatically update to your Active Directory implementation and vice versa. For users, it means a streamlined and easy-to-use self-service password tool. For IT admins, that means a significant reduction in help desk tickets, and as a result, saved time. For both IT and end users it means that macOS systems (and non-Windows IT resources) can be leveraged for the good of the organization.

Centrify Express For Mac

In addition to macOS systems, when you integrate JumpCloud with AD, our cloud-based directory service can securely connect users to web applications, WiFi via RADIUS, authorize and authenticate to LDAP applications, enforce system security standards with Policies, provision identities via Office 365 and G Suite, and much more.

Centrify Express For Mac Smart Card

Learn More About JumpCloud

Centrify Express For Mac Smart Card

When asking yourself, “What is Centrify,” consider asking instead, “how do I want to manage my IT resources going forward?” Do you want to do it from the cloud, with minimal upkeep, or do you want to maintain your AD implementation and modernize it with a cloud-based directory tool? If you’re ready to learn more about how JumpCloud can support your IT environment, drop us a line. Or, sign up today and start managing up to 10 users free — forever.