Manage Your Mac with Active Directory Group Policies

Manage Your Mac with Active Directory Group Policies How to secure Mac OS X systems with your Active Directory infrastructure WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Contents Overview 3 Active Directory Policy List 4 Conclusion 16 Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation. Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Centrify, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Centrify, DirectControl and DirectAudit are registered trademarks and Centrify Suite, DirectAuthorize, DirectSecure and DirectManage are trademarks of Centrify Corporation in the United States and/or other countries. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. RightScale is a registered trademark of RightScale, Inc.; ServerTemplates and RightScripts are trademarks of RightScale, Inc. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Front cover photo: Stefano Tinti / Shutterstock.com 2 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Overview With Centrify Identity Service Mac Edition ( Centrify for Mac ), you can use Active Directory to centrally manage authentication, policy enforcement, single sign-on (SSO) and user self-service for popular endpoint devices running Mac OS X, ios and Android. By leveraging your existing identity infrastructure, processes and trained IT staff, you can reduce costs and improve operational efficiency. The following Group Policies are a representative list of what is available to manage Mac OS X systems as of the Centrify for Mac product release that came out in February 2015. Active Directory-based Group Policy enforcement of centrally defined security policies enables IT to meet compliance requirements. Policies are enforced using a combination of approaches to update plist files and standard config files, to enforce MCX settings and even to create profiles for local enforcement. Additionally, the Centrify Identity Service can enforce several security policies and configure access to company resources through delivery of profiles to remote Mac OS X and mobile devices, empowering IT to embrace bring-your-own-device initiatives. Centrify provides a complete set of policy and configuration settings to enable Windows-centric admin staff to manage all aspects of the Mac as well as mobile devices leveraging the processes and skills of a familiar infrastructure, Group Policy. 3 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Active Directory Policy List Mac On-Prem Policies Centrify Computer Policies 802.1x Settings Enable Machine Ethernet Profile Enable Machine Wi-Fi Profile Enable User Ethernet Profile Enable User Wi-Fi Profile Specify Login Window Profiles Specify System Profile Mac On-Prem Policies Centrify Computer Policies Accounts Map zone groups to local admin group Map zone groups to local group Set login window settings Mac On-Prem Policies Centrify Computer Policies App Store Settings Prohibit access to App Store Mac On-Prem Policies Centrify Computer Policies Custom Settings Enable profile custom settings Install MobileConfig Profiles Mac On-Prem Policies Centrify Computer Policies Energy Saver On AC Power Allow power button to sleep the computer Enable Power Nap while plugged into a power adapter Put the hard disk(s) to sleep when possible Restart automatically after a power failure Set computer sleep time Set display sleep time Wake for Ethernet network administrator access Wake when the modem detects a ring Mac On-Prem Policies Centrify Computer Policies Energy Saver On Battery Allow power button to sleep the computer Enable Power Nap while on battery power Put the hard disk(s) to sleep when possible Restart automatically after a power failure Set computer sleep time Set display sleep time Slightly dim the display while on battery power Wake for Ethernet network administrator access Wake when the modem detects a ring 4 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Mac On-Prem Policies Centrify Computer Policies Energy Saver Scheduled Events Set machine sleep/shutdown time Set machine startup time Mac On-Prem Policies Centrify Computer Policies Firewall Block UDP traffic Enable firewall Enable firewall logging Enable ichat Enable iphoto sharing Enable itunes music sharing Enable network time Enable stealth mode Mac On-Prem Policies Centrify Computer Policies Internet Sharing Disallow all Internet sharing Mac On-Prem Policies Centrify Computer Policies Network Adjust multicast DNS timeout for.local domain Mac On-Prem Policies Centrify Computer Policies Network Legacy Location Settings Adjust list of DNS servers Adjust list of searched domains Mac On-Prem Policies Centrify Computer Policies Network Legacy Location Settings Configure Proxies Bypass proxy settings for these hosts & domains Exclude simple hostnames Use passive FTP mode (PASV) Mac On-Prem Policies Centrify Computer Policies Network Legacy Location Settings Configure Proxies Enable Proxies Configure proxies using a PAC file Enable auto proxy discovery Enable FTP proxy Enable Gopher proxy Enable secure Web proxy (HTTPS) Enable SOCKS proxy Enable streaming proxy (RTSP) Enable Web proxy (HTTP) 5 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Mac On-Prem Policies Centrify Computer Policies Network Location 1 Adjust list of DNS servers Adjust list of searched domains Enable network location Mac On-Prem Policies Centrify Computer Policies Network Location 1 Configure Proxies Bypass proxy settings for these hosts & domains Exclude simple hostnames Use passive FTP mode (PASV) Mac On-Prem Policies Centrify Computer Policies Network Location 1 Configure Proxies Enable Proxies Configure proxies using a PAC file Enable auto proxy discovery Enable FTP proxy Enable Gopher proxy Enable secure Web proxy (HTTPS) Enable SOCKS proxy Enable streaming proxy (RTSP) Enable Web proxy (HTTP) Mac On-Prem Policies Centrify Computer Policies Network Location 2 Adjust list of DNS servers Adjust list of searched domains Enable network location Mac On-Prem Policies Centrify Computer Policies Network Location 2 Configure Proxies Bypass proxy settings for these hosts & domains Exclude simple hostnames Use passive FTP mode (PASV) Mac On-Prem Policies Centrify Computer Policies Network Location 2 Configure Proxies Enable Proxies Configure proxies using a PAC file Enable auto proxy discovery Enable FTP proxy Enable Gopher proxy Enable secure Web proxy (HTTPS) Enable SOCKS proxy Enable streaming proxy (RTSP) Enable Web proxy (HTTP) 6 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Mac On-Prem Policies Centrify Computer Policies Remote Management Enable administrator access group Mac On-Prem Policies Centrify Computer Policies Scripts (Login / Logout) Specify multiple login scripts Mac On-Prem Policies Centrify Computer Policies Security and Privacy Certificate validation method Disable automatic login Disable Location Services Enable Gatekeeper Enable smart card support Log out after number of minutes of inactivity Require password to unlock each secure system preference Require smart card login Use secure virtual memory Mac On-Prem Policies Centrify Computer Policies Security and Privacy FileVault 2 Disable automatic login Enable FileVault 2 Mac On-Prem Policies Centrify Computer Policies Security and Privacy Public Key Policies Do not allow private key to be extractable Store private and public key in Keychain only Mac On-Prem Policies Centrify Computer Policies Services Enable Apple Remote Desktop Enable FTP access Enable personal file sharing Enable personal Web sharing Enable printer sharing Enable remote Apple events Enable remote login Enable Windows sharing Enable Xgrid Mac On-Prem Policies Centrify Computer Policies Software Update Settings Automatically check for software updates Mac On-Prem Policies Centrify Computer Policies Software Update Settings SW update Server Settings Use version specific settings 7 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Mac OS X 10.5 Settings Specify software update server Mac OS X 10.6 Settings Specify software update server Mac OS X 10.7 Settings Specify software update server Mac OS X 10.8 Settings Specify software update server Mac OS X 10.9 Settings Specify software update server Mac OS X 10.10 Settings Specify software update server Centrify Mac On-Prem Policies Centrify User Policies 802.1x Settings Specify User Profiles Centrify Mac On-Prem Policies Centrify User Policies Application Access Settings Permit/prohibit access to application list: AppleScript Permit/prohibit access to application list: Applications Permit/prohibit access to application list: Server Permit/prohibit access to application list: Utilities Permit/prohibit access to applications Permit/prohibit access to the user-specific applications Centrify Mac On-Prem Policies Centrify User Policies Automount Settings Automount network shares Automount user s Windows home Create alias instead of symbolic link (for agent 5.2.2 and below) Centrify Mac On-Prem Policies Centrify User Policies Desktop Settings Set computer idle time for starting screen saver Centrify Mac On-Prem Policies Centrify User Policies Dock Settings Add other folders to Dock Adjust the Dock s icon size Adjust the Dock s magnified icon size Adjust the Dock s position on the screen Adjust the effect shown when minimizing the Dock Animate opening applications Automatically hide and show the Dock Lock the Dock Merge with user s Dock Place Applications in Dock Place Documents and Folders in Dock 8 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM WP-US-001-0814-EN

Centrify Mac On-Prem Policies Centrify User Policies Finder Settings Configure Finder commands Configure Finder preferences Configure Finder views Centrify Mac On-Prem Policies Centrify User Policies Folder Redirection Actions at Login time Delete path Delete symbolic link, and restore Delete, and create symbolic link Rename, and create symbolic link Centrify Mac On-Prem Policies Centrify User Policies Folder Redirection Actions at Logout time Delete path Delete symbolic link, and restore Delete, and create symbolic link Rename, and create symbolic link Centrify Mac On-Prem Policies Centrify User Policies Import Settings Import MCX setting plist files Import plist files Centrify Mac On-Prem Policies Centrify User Policies Login Settings Enable Login times Centrify Mac On-Prem Policies Centrify User Policies Media Access Settings Eject all removable media at logout Permit/prohibit access: CDs & CD-ROMs Permit/prohibit access: DVDs Permit/prohibit access: External Disks Permit/prohibit access: Internal Disks Permit/prohibit access: Recordable Discs Centrify Mac On-Prem Policies Centrify User Policies Custom Settings Install MobileConfig Profiles Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Use version specific settings Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Legacy Settings Enable/disable synchronization 9 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Legacy Settings Synchronization Rules: Background Sync Adjust list of items synchronized in the background Enable/disable background synchronization rules Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Legacy Settings Synchronization Rules: Background Sync Skip these items Skip items that end with Skip items that start with Skip items whose full path is Skip items whose name contains Skip items whose name is Skip items whose partial path matches Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Legacy Settings Synchronization Rules: Login & Logout Sync Adjust list of items synchronized at login and logout Enable/disable login & logout synchronization rules Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Legacy Settings Synchronization Rules: Login & Logout Sync Skip these items Skip items that end with Skip items that start with Skip items whose full path is Skip items whose name contains Skip items whose name is Skip items whose partial path matches Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Legacy Settings Synchronization Rules: Options Manually/automatically synchronize background folders Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 /6 /7 /8 or above Settings Configure mobile account creation Configure mobile account options Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 /6 /7 /8 or above Settings Account Expiry Delete mobile accounts automatically 10 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Background Sync Enable background sync rules Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Background Sync Skip items Skip items that end with Skip items that start with Skip items whose full path matches Skip items whose name contains Skip items whose name is Skip items whose partial path matches Skip items whose RegEx name is Skip items whose RegEx path is Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Background Sync Synchronize items Sync in the background Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Login & Logout Sync Enable login & logout sync rules Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Login & Logout Sync Skip items Skip items that end with Skip items that start with Skip items whose full path matches Skip items whose name contains Skip items whose name is Skip items whose partial path matches Skip items whose RegEx name is Skip items whose RegEx path is Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Login & Logout Sync Synchronize items Sync at login and logout 11 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.5 Settings Synchronization Rules Options Manually/automatically sync in the background Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 or above Settings Synchronization Rules Home Sync Enable home sync rules Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 or above Settings Synchronization Rules Home Sync Skip Items Skip items that end with Skip items that start with Skip items whose full path matches Skip items whose name contains Skip items whose name is Skip items whose partial path matches Skip items whose RegEx name is Skip items whose RegEx path is Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 or above Settings Synchronization Rules Home Sync Synchronize items Synchronize home sync items Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 or above Settings Synchronization Rules Options Manually/automatically sync in the background Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 or above Settings Synchronization Rules Preference Sync Enable preference sync rules Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 or above Settings Synchronization Rules Preference Sync Skip Items Skip items that end with Skip items that start with Skip items whose full path matches Skip items whose name contains Skip items whose name is Skip items whose partial path matches Skip items whose RegEx name is Skip items whose RegEx path is 12 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Centrify Mac On-Prem Policies Centrify User Policies Mobility Settings Mac OS X 10.6 /7 /8 /9 Settings Synchronization Rules Preference Sync Synchronize Items Synchronize preference sync items Centrify Mac On-Prem Policies Centrify User Policies Printing Settings Specify printer list Specify printer list (with Model) Centrify Mac On-Prem Policies Centrify User Policies Scripts (Login/Logout) Specify login script Specify logout script Specify multiple login scripts Centrify Mac On-Prem Policies Centrify User Policies Security & Privacy Allow DoD Encryption Wizard to use smart card Allow NSSDB based applications to use smart card Disable Dictation Lock Smart Card screen NSSDB based applications allowed to use smart card Prohibit authentication with expired password Require password to wake this computer from sleep or screen saver Centrify Mac On-Prem Policies Centrify User Policies Security & Privacy Public Key Policies Do not allow private key to be extractable Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Use version specific settings Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Legacy Settings Limit items shown in System Preferences Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Legacy Settings Enable System Preferences Pane: Hardware Enable Bluetooth Enable CDs & DVDs Enable Displays Enable Energy Saver Enable Ink Enable Keyboard & Mouse (Keyboard) Enable Mouse Enable Print & FAX Enable Sound Enable Trackpad 13 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Legacy Settings Enable System Preferences Pane: Internet & Network Enable Fibre Channel Enable MobileMe Enable Network Enable QuickTime Enable Sharing Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Legacy Settings Enable System Preferences Pane: Other Preferences Panes Enable other preferences panes Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Legacy Settings Enable System Preferences Pane: Personal Enable Appearance Enable Dashboard & Exposé Enable Desktop & Screen Saver Enable Dock Enable International (Language & Text) Enable Security Enable Spotlight Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Legacy Settings Enable System Preferences Pane: System Enable Accounts Enable Classic Enable Date & Time Enable Parental Controls Enable Software Update Enable Speech Enable Startup Disk Enable Time Machine Enable Universal Access Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Mac OS X 10.5/6/7/8/9 /10 Settings Limit items shown in System Preferences Centrify Mac On-Prem Policies Centrify User Policies System Preferences Settings Mac OS X 10.5/6/7/8/9 /10 Settings Enable System Preferences Panes Enable built-in System Preferences panes Enable other System Preferences panes 14 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Centrify Mac On-Prem Policies Centrify User Policies Adclient Settings (Mac) Auto Zone remote file service (Mac OS X) Enable Auto Zone user home directory (Mac OS X) Generate new uid/gid using Apple scheme in Auto Zone Map /home to /Users (Mac OS X) Set user s primary gid in Auto Zone Centrify Mac On-Prem Policies Centrify User Policies Computer Configuration Administrative Templates System Group Policy Turn off background refresh of Group Policy Group Policy refresh interval for computers User Group Policy loopback processing mode Centrify Mac On-Prem Policies Centrify User Policies Computer Configuration Administrative Templates System Windows Time Service Time Providers Global Configuration Settings - MaxPollinterval Enable Windows NTP Client Centrify Mac On-Prem Policies Centrify User Policies Windows Settings Security Settings Local Policies Security Options Interactive logon: Prompt user to change password before expiration Centrify Mac On-Prem Policies Centrify User Policies Windows Settings Security Settings Account Polices Password Policy Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption Centrify Mac On-Prem Policies Centrify User Policies Windows Settings Security Settings Account Polices Account Lockout Policy Account lockout duration Account lockout threshold Reset account lockout counter after Centrify Mac On-Prem Policies Centrify User Policies Windows Settings Security Settings Account Polices Kerberos Policy Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization 15 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Manage your Mac with Active Directory Group Policies Centrify Mac On-Prem Policies Centrify User Policies Windows Settings Security Settings Public Key Polices Certificate Services Client - Auto-Enrollment Settings Trusted Root Certification Authorities Centrify Mac On-Prem Policies Centrify User Policies User Configuration Administrative Template System Group Policy Group Policy refresh interval for users Centrify Mac On-Prem Policies Centrify User Policies Windows Settings Security Settings Public Key Policy Certificate Services Client - Auto-Enrollment Settings Centrify Cloud Management Settings Common Mobile Settings Wi-Fi Settings Centrify Cloud Management Settings Common Mobile Settings Passcode Settings Auto-Lock (minutes) Grace period for device lock Maximum number of failed attempts Maximum passcode age (days) Minimum number of complex characters Minimum passcode length Passcode history Permit simple value Require alphanumeric value Require passcode on device Centrify Cloud Management Settings Common Mobile Settings OS X and ios Settings Calendar Settings Contacts Settings LDAP Settings Mail Settings Security and privacy settings VPN Settings Centrify Cloud Management Settings Common Mobile Settings OS X Settings Custom settings Open application when user logs in Open authenticated network mounts when user logs in Open files, folders and items when user logs in Open network mounts when user logs in Permit shift key to skip opening items when user log in Security and privacy settings 16 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM WHP000103en-02042015

Centrify Cloud Management Settings Common Mobile Settings OS X Settings Restrictions Settings Restrict applications Restrict preferences Centrify Cloud Management Settings Common Mobile Settings OS X Settings Restrictions Settings Applications Allow folders Disallow folders Centrify Cloud Management Settings Common Mobile Settings OS X Settings Restrictions Settings Media Allow access to AirDrop Allow access to CDs & CD-ROMs Allow access to disk images Allow access to DVD-RAM Allow access to DVDs Allow access to external disks Allow access to internal disks Allow access to Recordable Discs Eject all removable media at logout Centrify Cloud Management Settings Common Mobile Settings OS X Settings Restrictions Settings Preferences Allow built-in System Preferences Allow other System Preferences 17 2015 CENTRIFY CORPORATION ALL RIGHTS RESERVED WWW.CENTRIFY.COM

Conclusion Centrify Identity Service Mac Edition, enables Active Directory-based authentication and access control for both Mac OS X systems providing the industry s most comprehensive set of policy-based controls for configuring and securing Mac systems, whether they are managed locally on-premises or remotely via the Centrify Identity Service. By leveraging your existing identity infrastructure, processes and trained IT staff, you can reduce costs and improve operational efficiency. Comprehensive Group Policy-based management automates computer and user configuration and policy enforcement. Automated certificate management provides strong authentication to wired and wireless networks. Automated FileVault 2 configuration protects data at rest through full-disk encryption supporting institution recovery. Comprehensive enterprise system configuration controls: Services Firewall Internet sharing Network configuration for DNS, proxies Login scripts Automount configuration to simplify user access to network shares Robust classroom configuration and policy enforcement Desktop lockdown with controls for Finder, storage media, preferences and applications Network home directories on AFP, SMB or NFS shares Seamless enterprise access to file servers, printers and applications Centrify Cloud Service extends management for updating of security policies as well as lock or wipe Macs and mobile devices Use familiar Windows tools such as Group Policy to centrally manage access to services and enforce security policies Mac OS X systems transparently connect to network file shares hosted on Microsoft Distributed File System (DFS) volumes Instead of configuring endpoint devices one by one, you can centrally enforce the industry s broadest set of policies across workstations, laptops and mobile devices Non-intrusive solution deploys without installing software on domain controllers or requiring any changes to the Active Directory schema Automate device configuration for remote access, including Wi-Fi and VPN access PKI auto-issuance and auto-renewal Enable authorized user accounts to unlock and access encrypted disks through Apple s FileVault 2 Full Disk Encryption Inventory devices and applications across your entire enterprise, organized by user, group or device, to easily track and enforce the status of both company-owned and user-owned devices Centrify provides unified identity management across data center, cloud and mobile environments that result in single sign-on (SSO) for users and a simplified identity infrastructure for IT. Centrify s unified identity management software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and enterprise mobility management. SANTA CLARA, CALIFORNIA +1 (669) 444-5200 EMEA +44 (0) 1344 317950 ASIA PACIFIC +61 1300 795 789 BRAZIL +55 11-3958 4876 LATIN AMERICA +1 305 900 5354 EMAIL sales@centrify.com WEB www.centrify.com 2015 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. WWW.CENTRIFY.COM +1 (669) 444-5200