Copyright © 2016 Centrify Corporation. All Rights Reserved. 1

Centrify Identity Service: Getting Started Guide

Copyright © 2016 Centrify Corporation. All Rights Reserved. 2

Welcome to Centrify!

Congratulations! You have taken the first step to protecting your organization from the leading point of attack from data breaches, compromised user credentials, as well as enabling your end users to easily access their business applications, all in one secure step.

To help drive a successful partnership, we have put together a set of resources for you to leverage. Within this document you will find a step-by-step guide that walks you through the implementation and deployment phases as well as best practices.

If any questions arise after you have reviewed this presentation, please direct them to erica.ho@centrify.com. I will respond as quickly as I can.

Thank you for being a customer and I look forward to working with you!

Erica HoCustomer Success Manager

If you are in need of immediate support, please submit a case on our Technical Support Portal.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 3

Technical Implementation Guide

Copyright © 2016 Centrify Corporation. All Rights Reserved. 4

Technical Implementation Guide Overview

The Technical Implementation Guide provides you with an overview of the steps needed to set up Centrify Identity Service. Within this section, you will find an Implementation Outline breaking down the setup of Centrify Identity Service into easy to follow steps, a go-live roadmap as well as a list of implementation best practices compiled for you by our experts.

If any questions arise as you review these materials, please contact me at erica.ho@centrify.com, I will respond as quickly as I can. If you are

in need of immediate support, please submit a case request on the Technical Support Portal.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 5

Implementation Outline1. Cloud Tenant Set-Up

2. Cloud Connector Set-Up

3. Mobile Device Management*

a. Determine MDM Strategy if you do not already have one

4. Setting Up Integrated Windows Authentication*, O365*, MFA Policies*

5. Managing Users

6. Adding SaaS Applications

a. Application Review

I. Gather requirements around which applications to integrate

b. Configuration & Testing

*Optional

Copyright © 2016 Centrify Corporation. All Rights Reserved. 6

CUSTOMER

CENTRIFY

YOU ARE HERE

START

GO-LIVE

Access to Centrify Technical

Support

Roadmap for Go-Live with Centrify

Cloud Connector Setup

Integrated Windows Authentication

Managing Users&

Creating Roles

Cloud Tenant Setup

OPTIONALMobile

Device Management

MFA PoliciesO365

Roll Out Centrify Identity Service to Users

Add, Configure and Test SaaS Applications

Please note, all steps are hyperlinked to online resources

Copyright © 2016 Centrify Corporation. All Rights Reserved. 7

Implementation Best Practices

• Test in Sandbox environment whenever possible

• Have at minimum two cloud connectors, optimally in different data centers

• Rollout to a subset of users during the testing phase

• Cutover/migrate on a weekend

• Implement Multi-Factor Authentication for crucial apps (if applicable)

• Automate provisioning and de-provisioning

• Turn on Cloud Connector Auto-Update in your Sandbox

• If you choose to not use auto-update, never let Cloud Connector get more than one version behind

Copyright © 2016 Centrify Corporation. All Rights Reserved. 8

Centrify Resources

Copyright © 2016 Centrify Corporation. All Rights Reserved. 9

Centrify Resources OverviewTo prepare you for your journey into the next frontier of identity, Centrify has put together a comprehensive set of resources to assist you in getting the most out of your services. Within this section, you will find directions on how to access the following resources:

o Documentation• Online implementation and deployment documents, providing in-depth instructions and insights around our service offerings

o Centrify Community• Centrify’s online community allows Centrify users and industry peers to connect on business an technical challenges, discuss new features and make

requests, and get supported by our world-class support team.o Idea Exchange

o Idea Exchange is a product feedback forum which allows customers and Centrify’s product team to work together to submit product ideas, collaborate on their development and vote for the ones they like best.

o Technical Support Portal• The Technical Support Portal provides you access to support resources and downloads as well as a location for your to submit and manage your

support cases. You can also access our Centrify Trust page from here. o Centrify Cloud Status

• Sign up for notifications, which give you real time updates on the operational status of the Cloud service, upcoming maintenance, incident history as well as automatic alerts.

If any questions arise as you review these materials, please contact me at erica.ho@centrify.com, I will respond as quickly as I can. If you are in need of immediate support, please submit a case request on the Technical Support Portal.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 10

Online Product and Implementation DocumentationVisit: https://docs.centrify.com

Copyright © 2016 Centrify Corporation. All Rights Reserved. 11

Sign Up for Centrify CommunityVisit: http://community.centrify.com

Copyright © 2016 Centrify Corporation. All Rights Reserved. 12

• Idea Exchange is a product feedback forum which allows for customer collaboration with Centrify product teams.

• It features requests and product ideas as well as allows users to submit or vote for enhancements.

• The popularity of an idea (measured through votes) will help Centrify's product team understand what is important to you.

Idea ExchangeVisit: http://

community.centrify.com/t5/Centrify-Idea-Exchange/idb-p/Centrify-Idea-Exchange

Copyright © 2016 Centrify Corporation. All Rights Reserved. 13

Sign Up for Centrify Technical Support

Visit: http://www.centrify.com/support/

Customer Support Portal powered by Federated Search

Copyright © 2016 Centrify Corporation. All Rights Reserved. 14

Centrify Cloud Status• Schedule: Updates and patches typically occur every 4-

5 weeks across all regions.

• Loss of Functionality: No downtime during maintenance windows.

• Testing/QA: Full unit and functional testing of key application interfaces, testing of SOA interfaces and performance testing of the application running on the cloud services platform.• Certification of all apps in the catalog and non-certified

apps where Centrify has test account access.

• Notifications:• Centrify Cloud Status: Visit & Subscribe! http://

www.centrify.com/cloud/service-status.asp • Centrify Alerts Twitter Feed:

https://twitter.com/CentrifyAlerts

• Release Notes: http://www.centrify.com/resources/#Documentation

Copyright © 2016 Centrify Corporation. All Rights Reserved. 15

Deployment Guide

Copyright © 2016 Centrify Corporation. All Rights Reserved. 16

Deployment Guide OverviewA comprehensive deployment plan is critical to ensure that your end users successfully sign into the Centrify service and continue to adopt it as part of their regular workflow. In this section, we have included steps that will help you achieve a successful deployment, and have also provided materials that you can leverage to educate your end users and ensure company-wide adoption.

The first step to ensuring a successful deployment is designing a Marketing Plan. We have listed a framework for a marketing plan in this section.

It is also helpful to identify the criteria for success you will be measuring through your deployment. A commonly used metric is Adoption (# of Active Users / # of Enabled Users). These metrics will be should be evaluated on a regular basis, and the data to drive the analysis is available on your Centrify Dashboard.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 17

1. Marketing Plan

2. Company Notifications

3. Email Templates (for Go-Live launch announcements)

4. Rolling out Centrify Identity Service to End Users

5. Launching Applications - Centrify User Portal

6. Monitoring Usage and Adoption – Centrify Admin Dashboard

Deployment Guide, Table of Contents

Copyright © 2016 Centrify Corporation. All Rights Reserved. 18

Marketing Plan

The Marketing Plan to reach your End-Users should include the following steps:

1. Company-Wide E-Mail Campaigns

o Conduct an End-User education campaign with documents and collateral for end-users

o Best Practices Documentation and tutorials

o Available Helpdesk Support information

o A channel to receive End-User feedback about the service and suggested enhancements or app requests

2. Centrify Quick Start Guide

o Distribute to End-Users, Helpdesk staff, and Business Managers, and make available on the company intranet

3. How-To Video/Presentation

o Make available company-wide through multiple channels

Copyright © 2016 Centrify Corporation. All Rights Reserved. 19

Company Notifications

1. Post Notifications and Posters about your Centrify Single Sign-On service:

a) Around the office, specifically commonly used meeting places such as the kitchen or games areas

b) In employee newsletters, the internal company blog, or chat service like Yammer or Slack

c) On the company intranet

d) At company “All Hands” meetings

e) At team or group meetings led by Business Managers

Copyright © 2016 Centrify Corporation. All Rights Reserved. 20

Subject: Attention Employees – New Service to Access All Your Applications

We are in the process of rolling out a new service called Centrify. This service allows you to access your internal and external applications using a single username and password. You will no longer need to remember multiple logins and passwords for all your applications. We are rolling out the service with an initial set of applications, and they are <include your apps here>.

You will receive some more detailed instructions from IT over the next few weeks on how to best use the service, and also give you an opportunity to provide your suggestions and feedback.

Thank you,

<Company Name> IT Department

Email Templates: Pre-Launch Announcement

Copyright © 2016 Centrify Corporation. All Rights Reserved. 21

Email Template: Post-Launch Announcement (if applicable)Subject: Introducing Centrify for Single Sign On

All,

We are pleased to officially announce the release of Centrify Single Sign-On company-wide. Centrify is an identity management service that allows us to enable single sign-on for the applications we use in our company. This means that you will no longer have to remember multiple logins and passwords for all your business apps. Centrify provides single-click access to all the apps and services you use on a daily basis. Please review the link below to learn more.

<Insert Intranet Link>

If you have any questions, please speak with your Business Manager or contact the Helpdesk who will be able to assist you. If you have any feedback regarding the service, please do provide it through the Helpdesk.

Thank you,

<Name of Executive>

Copyright © 2016 Centrify Corporation. All Rights Reserved. 22

1. Configure Mobile Device Management and Device Policy Management

a) The first configuration tasks are to specify whether you are using the Centrify Identity Platform for single sign-on only or for mobile device management (the default) and then whether you are going to use Active Directory group policy objects or the Centrify cloud policy service to set mobile device policies.

b) Set MDM or SSO

c) Select Policy Resource

2. Create Roles for Users and Administrators

a) You use the roles to assign applications to specific set of users and permissions to administrators.

b) Managing Roles

Rolling Out Centrify Identity Service to End Users

Copyright © 2016 Centrify Corporation. All Rights Reserved. 23

3. Adding Users

a) How you add users to the Centrify Identity Platform depends upon which identity store you are using.

b) If you are using the Centrify user service see Adding Centrify user service accounts.

c) If you are using Active Directory/LDAP to authenticate users, you don’t add their Active Directory/LDAP accounts to the identity platform. Instead, you install the Centrify cloud connector and reference the accounts in Active Directory/LDAP. See the following topics for more details:

i. Referencing Accounts from Active Directory/LDAP

ii. Installing Centrify Cloud Connectors and Admin Consoles

4. Assign Applications (for Single Sign-On)

a) After you have the roles defined, you add the web applications from the Centrify App Catalog and assign them to roles.

b) Managing Applications

Rolling Out Centrify Identity Service to End Users – Adding Users

Copyright © 2016 Centrify Corporation. All Rights Reserved. 24

5. Define Mobile Device Policies

a) If you are using the Centrify Identity Platform for mobile device management, you use either Cloud Manager or Windows Group Policy Management Editor to set the policies for mobile devices.

b) Managing Device Configuration Policies

6. Customize the Centrify Identity Platform

a) Configure the remaining Centrify Identity Platform settings.

b) Configuring Identity Platform Settings

Rolling Out Centrify Identity Service to End Users – Apps

Copyright © 2016 Centrify Corporation. All Rights Reserved. 25

How to Notify and Invite Your Users

Step 1 Step 3Step 2

Copyright © 2016 Centrify Corporation. All Rights Reserved. 26

Launching Applications for End-Users – Centrify User Portal

Copyright © 2016 Centrify Corporation. All Rights Reserved. 27

Admin Dashboard

• Monitor your user activity regularly.

• Use login location to see where users are accessing your apps.

• Review your devices by OS.

• Review which apps are most popular/utilized by your users.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 28

Best Practices & FAQs

Copyright © 2016 Centrify Corporation. All Rights Reserved. 29

FAQs: Cloud Connector

1. How are domains searched when multiple connectors are in use and how does the service know what connector to use to match a user? • When there are two installed cloud connectors in different untrusted forests, our service would have two Active Directory

Service configurations (based on forest info) in the cloud. Our cloud service will try to match a user in each directory service until a matching user object is found. The service does not specify or prioritize the connector to use, the user object is searched on each connector one by one in the current release.

2. Are different connectors selected for different functions?• Currently, all connectors serve the same full functions by default.

3. Are connectors used or domains searched in a specific order?• The directory service search order is not configurable or guaranteed to always be exactly the same, but the order used

should generally remain the same per search as long as all connectors are online. 4. Why does it take several minutes to locate a user when searching in the portal to add to a role if the user has not logged in or has

been deleted from the portal (if logged in previously)?• When searching for users in the admin portal role management page, the cloud service tries to access all directory services

(connectors) and search matched users in all reachable domains and trusted forests. The search time taken could be slow if the network connection from cloud connector to trusted forests is slow or if there is high levels of network activity.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 30

1. Internet Explorer:

• Version 8 on Windows XP and Windows 7– for the Centrify user portal only

• Version 9 and 10 on Windows 7 and Windows 2008R2 server

• Version 10 on Windows 2012 server and Windows 8

• Version 11 on Windows 2008 server and Windows 2012 server, and Windows 7 and Windows 8

2. Mozilla Firefox:

• Version 33 and later

3. Google Chrome:

• Version 37 and later

4. Apple Safari: 8

• Version 5 on Mac 10.6

• Version 6 on Mac 10.7 and later

Supported Web and Device Browsers

Copyright © 2016 Centrify Corporation. All Rights Reserved. 31

Supported Mobile Devices

1. If you are using the Centrify Identity Platform for Mobile Device Management, it supports enrolling the following devices and computers:a) An Android device running Android 4.0 or laterb) Samsung KNOX Workspace devices running KNOX Enterprise SDK versions 1.x and KNOX 2.x. This

includes transparent integration with the Samsung Universal Mobile Device Management Client (UMC) and the Samsung Enterprise Gateway

c) An iOS device (for example, an iPhone, iPad, or iPod Touch) running iOS 7.0 or laterd) An Apple computer running OS X 10.8 or later

Copyright © 2016 Centrify Corporation. All Rights Reserved. 32

Best Practices: Centrify Resources Apps

You can add the Centrify Community, Centrify Download Center, Centrify Technical Support, Centrify University and Centrify.com Web Apps to your User Portal for easy SSO access to your key support resources.

Please note, you will only be able to access Centrify University (Litmos) content if it is part of your services package.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 33

Best Practices: Infinite AppsPLEASE CLICK BELOW TO PLAY THE VIDEO…

Centrify Browser Extension for Firefox: https://cloud.centrify.com/vfslow/Lib/saas/CentrifyFirefoxExtension.xpi 

For Chrome: https://cloud.centrify.com/uprest/HandleAppClick?appkey=595d39d9-49c4-47d6-9a34-29f5c2ebb246&antixss=KDFK_hgJL9ZJPbv4eSNcQQ__#

Copyright © 2016 Centrify Corporation. All Rights Reserved. 34

Best Practices: How to Escalate a Case

There may be situations where you need a new or existing case escalated to a higher tier. Below is a 4 step flow of our escalation process:

Step 1

Submit ticket throughsupport

Step 2

Escalateissue to CSMif SLA is notMet*

Step 3

CSM to track through support

Step 4

CSM to facilitate resolution

*CSM escalation can include no response from support, outages, new application assistance, roadmap overview, etc.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 35

Thank You!