Service Provider portal (AAAS-2692) (AAAS-4633)​

Those with access can now use the Service Provider portal to perform managerial functions on other IntelliTrust accounts. Key uses cases include being able to unlock accounts, delete accounts that are no longer in use, and track account activity metrics for financial purposes. Those logged in to IntelliTrust as a Service Provider can also access the Administrator and User portal features made available by their assigned role.

Risk-based authentication (RBA) (AAAS-3041)​

Risk-based authentication (RBA) identifies the level of risk a user represents at each authentication attempt. A user's level of risk is used to define the authentication level required to access IntelliTrust or an application. The feature is useful for those situations where account owners want those seeking access to be immediately accepted, given an extra authentication challenge, or rejected based on their apparent level of risk. The resource rules within each account dictate which risk tests are performed on each user when they attempt to authenticate.The resource rules also dictate what authentication challenges must be performed based on the RBA test results.

Mobile smart credentials available for authentication (AAAS-3831)​

Administrators can now use Entrust Datacard's Mobile Smart Credential (MSC) application to authenticate to their IntelliTrust account. Users can use the application to authenticate to IntelliTrust through push authentication or Windows Smart Card Logon (SCLO). A MSC requires access to a configured CA and smart credential definition to be activated.

Internationalization (AAAS-2229)​

Users accessing their IntelliTrust account can now change the language of the descriptive text in their IntelliTrust account from their user portal. Account level language changes can be made from the Customization section on the administrator portal.

On-Demand directory synchronization prompt (AAAS-1689)​

Administrators can now request the immediate resynchronization of a directory from their account's Directories page. Selecting the On-Demand Sync button forces a directory re-crawl operation, updating your IntelliTrust account with the latest information located on your corporate directory.

Specify SAML assertion/response signing algorithm (AAAS-6784)​

Administrators must now select the type of signing algorithm IntelliTrust uses to sign SAML response/assertions to an application when configuring a SAML application for IntelliTrust authentication.

Download account or authentication activity reports (AAAS-7157)​

Activity reports can be downloaded from the My Activity or Reports pages. A user can download a copy of their Detailed User Authentication Activity from the My Activity page on the User portal. Users with access can download any Account Audit Event report generated for a selected date range from the Reports page on the Administrator portal. Both reports are downloaded in .CSV file format.

New bulk operation actions available (AAAS-3671)​

Administrators may now assign Entrust Soft Token (ST), Google authenticators, or passwords to a list of users simultaneously. They can also reset multiple user passwords. Multiple users can be deleted from an account by completing the bulk deletion operation.

Create custom roles (AAAS-2763)​

Administrators may create custom roles that define the level of access each user assigned that role is granted to the Authentication Cloud Service features. The administrator defines which permissions are included in each role, which collectively define the user's level of access. These roles can be modified or deleted once created.

Add Amazon AWS application​

Administrators may now configure Amazon AWS application accounts for SSO from ACS. The administrator must configure the AWS account's settings for single sign-on from ACS as well. Once configured, the administrator needs to configure resource rules that define the security constrains that must be met for access to the application to be granted.

Generic, customizable SAML applications now available (AAAS-3456) (AAAS-4207)​

Administrators may now add Generic SAML applications to their account and enable SSO to applications not already offered by ACS. The assertion fields used may be customized during configuration so that the fields employed during authentication match those available in their application of choice.

ISAPI Filter IdentityGuard Application now available (AAAS-3855) (AAAS-3935)​

Administrators may now add the Internet Server Application Programming Interface (ISAPI) filter to ACS. A gateway instance with an IdentityGuard agent must be established before configuring ISAPI so that an IdentityGuard agent is available for selection when the ISAPI filter is configured.

Desktop IdentityGuard and Custom IdentityGuard applications now available (AAAS-5645)​

With this release, administrators can configure access to the IdentityGuard Desktop and Custom IdentityGuard Integration applications. A gateway instance with an IdentityGuard agent must be configured on ACS so that it is available for selection when configuring either application.

Machine authentication now available (AAAS-3058) (AAAS-3063)​

Users may now use machine authentication to bypass second factor authentication to applications. Machine authenticators can only be assigned by users to their own account. Administrators with the appropriate role can customize the settings of the machine authenticators assigned to each user. They can customize the authentication components included in each machine authenticator according to their organization's security constraints.

Hardware token authentication now available (AAAS-3692) (AAAS-3693) (AAAS-3695) (AAAS-3698)​

Users can now use hard tokens to complete authentication challenges to ACS or protected applications. Each token generates a 6-8 digit passcode. The user must enter the passcode before it expires as a response to the challenge posed by ACS during authentication. Both administrators and end users can assign hard tokens to user accounts.

RADIUS agents now support CHAP/MSCHAP (AAAS-1478)​

Each ACS RADIUS agent now supports the PAP, CHAP, MSCHAPv1, and MSCHAPv2 authentication protocols. The OTP, TOKEN and TOKEN PUSH authenticators support all of these RADIUS authentication protocols. The RADIUS authentication protocol used is determined by the VPN server configuration and is not controlled by any settings in ACS or the RADIUS agent.

ACS password authentication (AAAS-2756) (AAAS-2758) (AAAS-2680) (AAAS-2679)​

Administrators can now create and manage passwords on ACS. They can also prompt users to update their password when the newly-assigned password is used for the first time. Administrators can customize the settings applied to each password from Password Authenticator, under Authenticator Settings. Those settings outline the rules that must be met for a password to be assigned.

By default, each user is assigned a password when their account is created manually in ACS. Administrators can modify the authenticators automatically assigned to newly-created users from the General Settings section of the Administrator portal.

Active Directory (AD) password authentication (AAAS-2552)​

Users imported into ACS with passwords from their corporate directory can now use those passwords to authenticate. The passwords can be used to authenticate to an ACS account or web applications. Any user imported into ACS through Active Directory (AD) sync cannot use an ACS password. A new gateway with a password agent must be set up to perform any AD password authentication, otherwise the AD password authentication will not be successful.

Bulk import users, groups and user-group associations (AAAS-2636) (AAAS-2637) (AAAS-2638) (AAAS-2850)​

Bulk import allows administrators to upload a set of user, group, or user-group association details in CSV format and have them imported into ACS as a background task. While the ability to add account information manually or through active directory synchronization remains available, bulk import offers a middle ground where a large set of users, groups, or user-group associations can be added without the need for an on-premise agent. A table on the bulk import page shows all of the bulk operations that have been performed. The entries in that table can be filtered to only show select operations that meet the filter criteria.

Box, CitrixOnline, Office 365 and WebEx now accessible from ACS (AAAS-742) (AAAS-3072) (AAAS-3073) (AAAS-3520)​

Administrators can now manage access to Box, CitrixOnline, Office 365 and WebEx accounts through ACS and facilitate access restrictions. Administrators may control which users can authenticate to the applications available through customizing each application's Resource Rules.

Create multiple gateway instances (AAAS-2685) (AAAS-2686) (AAAS-2687) (AAAS-2688)​

Users with the appropriate roles can add and delete multiple instances within a Gateway. Instances can only be added within gateways that are created in ACS 2.0 or later.

Edit application settings on ACS (AAAS-2899)​

Administrators can now modify the settings of applications they have configured on ACS. The settings within each application's account must be updated to match the modified application configuration settings on ACS.

Two-Factor authentication now available (AAAS-2678)​

In this release, a user is prompted to engage in two-factor authentication when they have a password. The user is presented with a password challenge, followed by an authentication challenge (OTP, token authentication, or token push authentication). Users can bypass two-factor authentication by clicking on another authentication challenge option when prompted to enter their password, and completing that challenge instead.

User interface display customization (AAAS-1003)(AAAS-1391)(AAAS-1390)(AAAS-1461)(AAAS-1117)(AAAS-1118)​

With Release 1.1, users with the necessary roles can modify the appearance of their ACS account using the Customization feature. Users can add custom logos to their ACS account, provided that the image files conform to ACS file type, image dimension, and file size restrictions. Administrators can select the colors and color scheme applied throughout their account.

Track account activity with Reports feature (AAAS-2033)(AAAS-969)​

With Release 1.1, users can view account activity and user authentication history statistics with the Reports and My Activity features.

Edit configured roles, directories, and groups (AAAS-2035)​

Those with the appropriate roles can now edit the roles, directories and groups on their account.

Metadata URL for configuring SAML applications now available through Metadata button (AAAS-2198)(AAAS-2404)​

Previously those configuring SAML applications that required the XML file of their ACS account needed to manually enter the XML URL into their Web browser to access the XML file. Now, the administrator only needs to click Metadata on ACS to access and download the file. Clicking Metadata opens the XML file in a new Web window, which can then be saved and uploaded to the SAML application as required.

Download SAML certificate​

Users configuring SAML applications that require a signing certificate from their ACS account can now automatically download the certificate from ACS. A Signing Certificate button appears after configuring an application for ACS that, when clicked on, automatically downloads the certificate to the user's computer. The user can then upload the certificate to their SAML application as required.

Gateway agent now downloadable from ACS (AAAS-1309)​

Previously the administrator configuring their Gateway for ACS needed to download the agent (.OVA) from a separate location. That agent can now be downloaded from the top of the Gateway page located on the Administrator portal.