Knowledge Base

Support Policies

What's Changed Since SecureAuth 8.0?

Summary

Detail

Link

9.0.2

Carrier network whitelisting / blacklisting

Allow end-users to control which carriers and countries can be sent SMS or TTS

More Information

Ported phone number status and control

Allow end-users to mitigate risk on ported mobile devices

More Information

Block SMS / TTS phone classes for OTP

Increase assurance to real end-users by blocking SMS or TTS delivery to risky phone types 

More Information

Second Factor Throttling

Allow end-users to protect against brute force and DOS attacks

More Information

Improve DFP scoring logic

More accurate DFP (device recognition), adapting to changes in browser technology

 

Second Factor persistence

User second factor selection is persisted

 

Enhanced Credential Provider Interface

Enhanced SOAP interface for the SecureAuth Windows Credential Provider

 

9.0.1

Role-based Access Control (RBAC)

Enables admins to provide delegated access to specific users based on LDAP directory groups.

More Information

CyberArk Password Vault Directory Integration

Provides the support of CyberArk AIM privileged account vaulting for administrative accounts used in Web Admin.

More Information

SailPoint Adaptive Authentication Engine Integration

Enables Adaptive Authentication function leveraging risk scoring mechanism from SailPoint appliances (take action based on score).

More Information

Exabeam Adaptive Authentication Engine Integration

Enables Adaptive Authentication function leveraging risk scoring mechanism from Exabeam appliances (take action based on score).

More Information

QR Code Registration OATH Seed and Token Mode Support

Enhanced support for both TOTP seed modes with QR registration.

More Information

9.0.0

Behavioral Biometrics API

Behavioral Biometrics detects and monitors keystroke dynamics and cursor movements to build a user-specific profile. Characteristics in the user profile can be used for identification when validating credentials that may have been compromised: for example, if a bad actor attempts to access an app on a valid user's unattended desktop.

More Information

Identity Management API

The new IdM API exposes the power of SecureAuth IdP IdM capabilities, providing tools for password reset, user creation, and user profile updates in an API. 

More Information

QR Code SecureAuth Authenticate Mobile App registration

QR Code lets end-users register the SecureAuth Authenticate mobile app by scanning a QR code versus entering a URL on a mobile phone and registering the embedded browser. Using QR Code simplifies the end-user onboarding process and streamlines the end-user experience. Requires SecureAuth Authenticate 4.3 for iOS and Android.

More Information

QR Code OTP support for Google Authenticator

QR Code provides a new registration method to enable customers using Google Authenticator to use Google Authenticator instead of the SecureAuth Authenticate app for time-based one-time passcodes.

More Information

OpenID Connect / OAuth 2.0 enhancements

OpenID Connect support enhancements

More Information

8.2

Push-to-Accept

SecureAuth's latest 2-Factor Authentication method, providing convenient and secure authentication using the SecureAuth Authenticate App for Android and iOS v4.6 to enable or disable access by tapping "Accept" or "Deny" to the login request made by SecureAuth IdP.

More Information

Cisco ISE pxGrid Integration

The integration with Cisco ISE pxGrid enables SecureAuth IdP to leverage credentials acquired by Cisco ISE authentication to unburden the end-user's login process by removing the need to supply the user ID during the SecureAuth IdP workflow.

More Information

Authentication API Enhancements

The Authentication API has been enhanced for SecureAuth IdP 8.2 to include additional authentication methods, the full adaptive authentication analysis suite, DFP, and more.

More Information

8.1

Authentication API

RESTFul API supporting user authentication, two factor, and adaptive authentication functions enabling customers to leverage SecureAuth IdP for strong authentication which is tightly integrated into customer applications.

More Information

Adaptive Authentication v2

Enhance the adaptive authentication engine to support configurable workflows and complex use cases based on unique customer requirements.

More Information

Windows Azure Active Directory

Add Membership, Profile, and IdM support for Microsoft Windows Azure Active Directory

More Information

Oracle Database Support

Support Oracle DB (11.2 and 12.1) as the user datastore for both Membership and Profile Provider

More Information

Password Reset, Unlock Account in Help Desk

Extend Help Desk module to support resetting user's password and unlocking user's account

More Information

SAML Attribute Mapping

When SecureAuth is functioning in a Service Provider (SP) role, SAML attributes are accepted and can be mapped to an assertion such as SAML, WS-*, and other federation protocols. 

More Information

SAML Multi-Tenant Consumer

Support consuming SAML from multiple providers in a single realm.

More Information

8.0.0 – 8.0.3

Analyze Engine

Integrate risk assessment and IP address restrictions along with Geo-Velocity and to merge in group checking to form the Analyze Engine

More Information

OpenID Connect / OAuth support

Add Post Auth module to allow SecureAuth to act as an OpenID Provider (OP), also to further expand SecureAuth OAuth support for other grant types

More Information

One-Time Use Static PIN

Add Post Auth page to support Derived Credential generation for One-Time use static PIN

More Information

 

Security Patch Highlights:

Summary

Detail

Link

Hotfix 170412

The hotfix makes the appliance more secure by strengthening the integration with the Credential Provider by validating the username, password, and Time-based Passcode (TOTP)

More Information

Hotfix 161110

There is a potential security vulnerability with the Membership Connection Settings, Web Services (Multi-Datastore) which is resolved with this hotfix

More Information

Hotfix 160505

This hotfix resolves an issue in SecureAuth IdP where certain SAML conditions were not being calculated properly, as well as handling subsequent SAML assertions that are signed SHA-256.

More Information

Hotfix 15728

This patch resolves an issue where in some configuration scenarios, unauthorized users could gain administrative access. SecureAuth recommends that SecureAuth IdP customers install this hotfix on all IdP appliances for versions 6.0 through 8.0.1 to resolve a potential security issue. Rename the file with a .exe extension after downloading.

More Information

PostAuth Cleanup Utility

In some configuration scenarios, authenticated users could access pages that they are not explicitly authorized to access. Therefore, SecureAuth recommends that SecureAuth IdP customers install this hotfix on all IdP appliances for versions 6.0 through 8.0.1 to resolve a potential security issue. Rename the file with a .exe extension after downloading.

More Information

Security Audit Enhancements

SecureAuth uses several commercial tools and services such as WhiteHat, Checkmarx and others to perform audits and scans on the IdP code base.  Numerous issues were resolved as a result of these scans and audits.

Appliance Hardening

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.