Centrify, the ISV that makes its living leveraging Microsoft's Active Directory, has got some new cloud-based widgetry that lets organizations centrally secure and control access to their Software-as-a-Service (SaaS) deployments.

The adoption of SaaS apps combined with the Bring-Your-Own Device (BYOD) trend means that IT organizations don't own the endpoint devices or back-end application resources. (Pass the aspirin.)

Centralized management of users' digital identities across on-premise and cloud resources provides the visibility and control organizations need to achieve compliance, reduce costs and mitigate risks while enabling secure access and productivity for their user-centric mobile workforce.

Centrify's announcement of comprehensive SaaS and cloud services support - coupled with support for more than 400 operating systems, dozens of on-premise apps and rich support for mobile devices - lets its customers leverage their existing Active Directory investment across what the ISV figures is the industry's broadest range of systems, mobile devices and apps deployed both on-premise and in the cloud.

Its new Identity-as-a-Service (IDaaS) offering - Centrify DirectControl for SaaS - was unveiled and demonstrated for the first time at the Gartner Identity & Access Management Summit in Las Vegas last week.

"As organizational boundaries continue to erode under the pressure of federation and outsourcing, and as enterprise control over IT continues to weaken through increased adoption of mobile devices and cloud services, identity is more important than ever, and more problematic," Gartner research VP Ian Glazer said in a statement.

"Identity teams must strengthen federation capabilities to properly connect Software-as-a-Service to the enterprise... Identity teams should also consider an identity bridge to connect to Identity-as-a-Service (IDaaS) offerings."

Centrify DirectControl for SaaS lets users securely use their existing Active Directory credentials to get single sign-on (SSO) to their SaaS apps from a web browser running on any system, laptop or mobile device whether the endpoint is on the corporate network or not.

And because mobile devices are fast becoming the dominant endpoint, if they aren't already, Centrify is also offering so-called Zero Sign-On (ZSO) from mobile devices running iOS or Android, supporting both browser and native rich mobile apps through a secure certificate delivered to the mobile devices enrolled with the multi-tenant Centrify Cloud Service.

That cloud is built on Microsoft Azure and leverages the existing on-premise Active Directory infrastructure rather than providing a directory in the cloud, a dicey move.

Centrify DirectControl for SaaS customers can use the Active Directory-integrated and cloud-delivered MyCentrify portal, accessed through the Centrify Cloud Service, for one-click access to all their SaaS apps. Its self-service features let them locate, lock or wipe their mobile devices, and reset their AD passwords or manage their AD attributes.

Centrify's cloud-based service and seamless integration into Active Directory means IT doesn't sacrifice control of corporate identities and can leverage existing technology, skillsets and processes. Unlike other products, no intrusive firewall changes, changes to Active Directory itself or appliances in the DMZ are needed. Corporate identity information remains centralized in Active Directory under control of the IT staff and is never replicated or duplicated in the cloud.

Centrify claims IT can reduce helpdesk calls by up to 95% for SaaS account lockouts and password resets.