Centrify has signed its biggest contract ever.

Samsung has OEM'd Centrify's Active Directory-based security and cloud identity technology intending to put the widgetry on millions of its notoriously insecure Android-based smartphones and tablets to out BlackBerry.

BlackBerry is generally acknowledged to have the most secure mobile devices and, having made its bones in the consumer space, where it's now far and away the leader, Samsung is out to woo the enterprise customer helped along by the problems besetting BlackBerry and spooking its users.

A story in the Wall Street Journal Friday figured Samsung saw BlackBerry as a "wounded animal" with market share ripe for the plucking despite the new BlackBerry 10 operating system about to hit the US next month in a touchscreen phone that's being widely evaluated by security-conscious enterprises and government agencies. BlackBerry also has a new phone with a real keyboard beloved by multitudes.

The Centrify widgetry appears first on a next-generation Android-based platform called KNOX that Samsung is supposed to announce on Monday. KNOX is meant to enhance security at all levels of the Android platform.

It was reportedly designed from the ground up with security in mind to address advanced security requirements for the Android platform. It retains compatibility with Android and the Google ecosystem while engineering fundamental security and management enhancements.

Centrify, which has been working for six-eight months with Samsung on the technology under the deal, wouldn't say how much it will make off the arrangement, which plays to the current enterprise BYOD and cloud craze.

It's delivering an integrated SaaS solution that provides mobile application management and "Zero Sign-on" for devices owned by either the user or the organization.

The Centrify technology Samsung is embedding into its platform will also be generally available as part of Centrify's latest cloud services release, Centrify for Mobile 2013, due to be announced Monday and publicly demonstrated for the first time at a show this week.

It's supposed to make it easier for the organization to get the control and security they need, and for the employee to get the privacy and productivity they want.

Samsung is making a big investment in "corporatizing" its devices including quietly hiring a fresh crop of technology experts and lobbyists, executives from rival firms like RIM and salespeople with suits and polished shoes. It's also funding small security houses with interesting friends and tweaking its ad campaign to address the enterprise.

Centrify is the first palpable sign of this switch in direction. Its security integrates with the containerization Samsung has added as an extension to Android.

The widgetry will let users virtualize and split the device between personal use and company use so if the user leaves the organization his personal pictures and applications will be left intact after the company wipes its data off the widget by deleting its container.

The containers will be managed by Active Directory under a license from Centrify.

The separate environment for enterprise apps includes FIPS-certified security and enhanced multi-layer security. Data reportedly won't leak between containers. Pin numbers will unlock the container. IT can apply group-policy based management. And users can connect securely to SharePoint and their other apps. They gain true multi-application zero sign-on. Amusingly, Microsoft's newfangled ARM-based Surface RT tablet can't join Active Directory.

Centrify and Samsung also expect an enterprise app ecosystem to develop around Single Sign-on (SSO) with developers integrating their mobile applications using an SDK to deliver SSO.

The Centrify and Samsung partnership includes re-sale of Centrify premium mobile and SaaS Single Sign-on offerings via Samsung partners as well as joint marketing to Samsung customers and partners.

Samsung has licensed Centrify's Mobile Authentication Services (MAS) SDK and imported it into the Samsung for Enterprise (SAFE) SDK Framework. Any Android app developer can use the SAFE mobile client SDK to enable Zero Sign-On from Samsung's new devices to their cloud-based applications.

This Zero Sign-On is supposed to go beyond traditional SSO for devices enrolled in the Centrify Cloud Service by allowing users a one-click sign-on to enterprise apps without having to enter a username and password.

ISVs such as Box - which is reportedly used by 92% of the Fortune 500 - and Onvelop are part of a growing list of ecosystem partners in various stages of enhancing their apps using the MAS SDK to support Zero Sign-On inside Samsung's KNOX containers.

Samsung is expected to ship multiple offerings using Centrify technology other than its Mobile Authentication Services (MAS) like MAM (Mobile Application Management), MDM (Mobile Device Management) and MCM (Mobile Container Management).

Separately, Samsung is understood to be adding encryption to its new platform for security-concerned government and corporate accounts.

Centrify CEO Tom Kemp expects to be able to upsell enterprises on protecting their non-Samsung devices such as PCs and Macs with Active Directory on the basis of consistency and the fact that it fits into their existing infrastructure. Centrify will be able to track who's using its technology because it's a SaaS solution and folks have to register to use it.

See www.centrify.com/mobile/mobile-authentication-services.asp.