This release focuses on making IdP administration more efficient, introduces the power of machine learning for behavioral risk analysis, and enables more strict authentication requirements for those users with sensitive or privileged access that attackers covet. The administration improvements enable customers to save time and increase efficiency and productivity.
The behavioral risk analysis expands IdP’s adaptive authentication capabilities by enabling customers to analyze yet another area of risk to help identify attackers and insider threats. High-risk account analysis also expands IdP’s adaptive authentication capabilities and helps organization tighten security around accounts most sought after by potential attackers.
Key New Features and Enhancements
- Behavioral Analysis Powered by Machine Learning - Analyze user behavior for suspicious activity. Boost identity protection by unmasking attackers masquerading as legitimate users and uncover hard to detect insider threats.
- High-Risk Account Analysis – Apply a higher than normal authentication standard to sensitive and privileged accounts, even identify segregation of duty violations, to improve identity security around accounts most attractive to attackers, without changing your authentication process for everyday users. This is a prime example of merging identity and security data to improve authentication and prevent identity-related breaches.
- New Cloud-based Architecture - With the move to a cloud-based architecture, your administrators can get the most up-to-date settings, features, and enhancements without undergoing time-consuming upgrades.
- Reusable Directory Integration Objects - Instead of completing directory integration work every time a new application or system is deployed, administrators can now build directory integrations once and reuse them. When changes need to be made, they are made once and propagated through the environment automatically. This enhancement saves significant administrative time and resources.
- Application Template Library - Application on-boarding has been streamlined and shortened with the creation of a library of application templates. Instead of building integrations for each application individually, administrators can now simply pick the applicable template from a pre-defined library. For templates not yet built, we can accelerate the process by auto-populating fields.
Additional IdP 9.3 Noteworthy Enhancements
- Support for Proof Key for Code Exchange (PKCE) Standard – The PKCE standard helps prevent man-in-the-middle attacks, or interception of authentication information, between users and systems.
- Inline initialization Enhancement – Users can now be redirected to a self-service page to update their profile with missing data and then continue the authentication process. This helps preserve user experience while minimizing administrator and helpdesk involvement.
- Customizable PIN Length – To increase security, administrators can now configure the length of PINs making them longer and more difficult for attackers to guess. Instead of the default 4-digit PIN, administrators can choose a 4, 6, 8, or 10-digit PIN. The longer the pin, the less likely it will be compromised.
- Inverted User Risk Score – IdP can consume 3rd party risk scores for use in evaluating authentication risk, but varying solutions present risk differently. With this release, IdP is able to change the risk score scale to accept scores that are presented in varying formats.