73 posts tagged with "Release"

Improved online help navigation (AAAS-17183)​

The IntelliTrust online help features a new layout with improved navigation.

New SAML certificates (AAAS-16382)​

This release includes a new signing certificate for SAML applications as the existing certificate is expiring on 26 August 2019. All SAML applications must be updated before then or they may be rejected by SAML service providers as they will be expired. This release also includes a new SAML Signing Certificate field on the SAML Application page that allows you to select which certificate to use. See the IntelliTrust Administrator Online Help for instructions.

Group and Role search added to the Administration API (AAAS-16132 and AAAS-16133)​

This release includes an enhancement to the Administration API that allows you to search for users by group and role. When groupId is searched, the users of that particular group are retrieved. When roleId is searched, the users with that particular role are retrieved. You can combine the search criteria with other search parameters, for example, groupId with a user state of ACTIVE will retrieve active users of a particular group.

Web application session state (AAAS-16304)​

Prior to this release, when a user closed the browser session without logging out, and then returned to the browser, they remained logged in to IntelliTrust. In this release, users are logged out of IntelliTrust when their web browser session ends (typically when they close the browser).

There is a new optional attribute enableWebSession that can be passed to both the Authentication API userAuthenticate and Administration API authenticateAdminApi methods. If this attribute is specified and set to true, then the web session feature is enabled. In particular, for users of the Administration API, when the web session feature is enabled, all subsequent calls to administration API methods must return the INTELLITRUST_SESSION_ID cookie that is returned from the authenticateAdminApi method to subsequent admin API methods.

Note that on MacOS, you must Quit the browser in order for the session to be terminated.

UI enhancements (AAAS-15277)​

Enhancements have been made to some tables to allow multiple rows to be selected at once. Tables that support this are: grids, and hardware tokens.

IdentityGuard migration(AAAS-15937)​

Entrust IdentityGuard Migration now allows administrators to migrate the following new authenticators and settings:

• Assigned Grid Cards (if the serial number already exists in IntelliTrust the card will not be imported)
• Unassigned Grid Cards (if the serial number already exists in IntelliTrust the card will not be imported)
• Location History
• Expected Location List
• RBA Settings

Support for integration with Entrust Datacard AD FS Adapter 5.0​

This release supports IntelliTrust integration with the Entrust Datacard AD FS Adapter 5.0 for Active Directory Federation Services (AD FS) 3.0, 4.0, and 5.0.

Support for sending push notifications to custom mobile applications (AAAS-15065)​

This release supports sending push notifications through Firebase Cloud Messaging (FCM) or Apple Push Notification Service (APNS) to custom mobile applications built using the Entrust Mobile Soft Token SDK.

Password strength indicator (AAAS-15751)​

A new Minimum Password Strength setting has been added to the Password settings. This setting enforces the password strength when creating or resetting a password. Factors such as common passwords, names, phrases, and character repetition determine the strength of the password.

Support for Slack SAML application (AAAS-9667)​

This release includes support for authentication to Slack through IntelliTrust.

Audit archiving (AAAS-12833)​

This release includes the ability to download archived audit logs in .CSV format. Audits are available for download for a period of six months. Archive audits are maintained for a period of three years.

My Activity UI enhancements (AAAS-16079)​

UI improvements have been made to the My Activity page.

Audit logs (AAAS-15657)​

A new radiobutton is available to toggle between Authentication and Management audit logs on the Dashboard.

Audit logs for specific users (AAAS-15657)​

A new Audits tab has been added to the User Details page to allow administrators to view audit logs for specific users.

IdentityGuard migration (AAAS-15937)​

Entrust IdentityGuard migration to IntelliTrust includes import of Entrust IdentityGuard passwords.

Support for V11Ex Auth API (AAAS-15106)​

Entrust IdentityGuard clients using V11Ex API can now be used with the IntelliTrust IdentityGuard Agent.

RADIUS agent logging (AAAS-15031)​

A new setting has been added to the RADIUS application configuration to enable or disable RADIUS message logging. When enabled, messages for the RADIUS agent are logged to the same log file as the gateway logs.

OTP voice delivery (AAAS-15740)​

A new system user attribute phone has been added for users. This attribute is used with OTP delivery. When set, a user receives a phone call with a message that provides their OTP. If a user does not have a phone number set but has a mobile number set, the mobile number is used for voice delivery, when OTP using voice is requested.

Note the following:

• OTP values are spoken individually. Therefore using VOICE over OTP with letters as the OTP values (instead of just numbers) may be harder for users to understand.
• When using transaction details with dynamic linking of transactions using OTP, transaction details are spoken as words or phrases.
• Existing directory configurations will have their directory attribute mapping updated to include an IntelliTrust phone attribute to ad telephoneNumber mapping automatically during the IntelliTrust upgrade. This applies to all gateway versions.
• The IntelliTrust phone attribute is set to optional by default. A user does not require telephoneNumber set for AD Sync to process successfully. The phone attribute will not be set in this case. The next time an AD Sync is executed after the IntelliTrust upgrade, the phone number will be synchronized.

Changes to IntelliTrust APIs​

The following have been added to the Administration APIs:

• User and UserParms - A new attribute phone has been added to User and UserParms. This attribute is a system attribute used to track a user's phone number. The phone number can be used for OTP authentication using voice delivery.
• getOTPAuthenticatorSettings and updateOTPAuthenticatorSettings - When obtaining or setting OTPAuthenticatorSettings, the attribute otpDefaultDelivery can be set to VOICE. The API for this has been updated to v2 (for example: /api/web/v2/settings/otp).

The following changes have been made to the Authentication APIs:

• userAuthenticatorQuery - The OTPDetails response from the the userAuthenticatorQuery API can now include VOICE capability. This can be used in the availableOTPDelivery list attribute value and in the otpDefaultDelivery attribute value. The API for this has been updated to v2 (for example: /api/web/v2/authentication/users).
• userChallenge - The AuthenticatedResponse returned from the userChallenge API can now include VOICE if VOICE was used for OTP delivery. This can be used in the otpdeliveryType attribute value. - The UserChallengeParameters sent in the userChallenge API can now include VOICE as the OTP delivery. This can be used in the otpDeliveryType attribute value. - The API for this has been updated to v2 (for example: /api/web/v2/authentication/users/authenticate/{authenticator}). - When a TOKEN or TOKENPUSH challenge is requested, the challenge response will include a new attribute tokenDetails. This attribute provides a list of serial numbers of the user's tokens that can be used to answer the challenge.

TLSv1.0 and TLSv1.1 no longer supported​

In accordance with security best practices, TLSv1.0 and TLSv1.1 are no longer supported.

Refreshed UI for Service Provider (AAAS-14799)​

This release includes an updated user interface for Service Providers managing their tenants and tenant entitlements (licenses).

Changes to IntelliTrust APIs​

The following have been added to the Admin APIs:

• A new attribute externalId has been added to Group. This attribute allows an application to track the external identifier of a group. A new method has been added to search for a group by its externalId.
• A new attribute groupIds has been added to ResourceRuleParms. This attribute replaces the existing group attribute, which has been deprecated. The groupIds attribute specifies a list of UUIDs of groups that are to be set for the resource rule instead of the groups attribute, which specifies a list of groups.

Password blacklist (AAAS-14876)​

A password blacklist feature has been added to the Password authenticator settings. This feature allows administrators to create a list of values that users should not be allowed to use in their password. For more information, see the IntelliTrust Admin Online Help.

Directory UI update (AAAS-14614)​

User interface improvements have been made to the Directory Configuration page. For more information, see the IntelliTrust Admin Online Help.

Export unassigned grid cards (AAAS-13771)​

The Unassigned Grid Cards page allows administrators to download unassigned grid cards. For more information, see "Viewing and exporting reports" in the IntelliTrust Admin Online Help.

Support for dynamic linking of transactions using token signatures (AAAS-14255)​

Added the ability to integrate IntelliTrust for PSD2 compliance with the European Banking Authority (EBA) Regulatory Technical Standards for strong customer authentication using token signature authentication. For more information, see the IntelliTrust Admin Online Help.

Localized SMS messages (AAAS-492)​

OTP authentication messages sent by SMS are now localized.

Change the userid of an existing user (AAAS-15119)​

The userID of an existing user can now be modified.

Enhanced admin app to support Service Provider controllers (AAAS-14595)​

Previously, an admin API application had a site role associated with it. Now, an admin API application for a Service Provider account can have a site role or a Service Provider role associated with it. The site role gives access to site admin operations, such as user management and setting management. The Service Provider role gives access to Service Provider operations, such as tenant and entitlement management.

Changes to IntelliTrust Administration APIs​

The following additions have also been added to the Administration API:

• A new optional externalId attribute has been added to track the external identity of a user, such as the AD objectGUID. A new operation, userByExternalId has been added to get the user by externalId.
• From a Service Provider account, manage tenants (including entitlements)
• Manage authentication API applications
• Manage resource rules
• Manage general, OTP and token settings
• Manage user attributes
• New methods to create/update/delete multiple users in a single request
• New option when creating or modifying users to also set the user group membership as part of the operation
• New parameters to the user list operation to optionally fetch additional attributes
• New parameters when creating a soft token to optionally disable activation or email delivery as part of activation

Optional system user attributes (AAAS-14202)​

The following system attributes can now be configured as optional or mandatory:

• First Name
• Last Name
• Email
• Mobile

Note: OTP authentication is not available if a user does not have values for both email and mobile system attributes. Note: The Gateway (Directory Sync Agent) will be updated to maintain the configured user attribute setting (mandatory or optional). All previous gateways will continue to treat user attributes based on their value when the directory was created. These settings cannot be changed dynamically for older gateways.

Display QR code (AAAS-15401)​

Users can scan a QR code to activate Entrust Soft Token, Google Authenticator, and Mobile Smart Credential from the User Portal. This is useful for users without an email address.

User Registration Period (AAAS-15429)​

A new User Registration Period setting has been added to the General Settings page. This field sets a registration period during which a user is allowed to authenticate to the User Portal using only a password. The registration period starts from the moment the user is created in IntelliTrust and expires after the configured number of days. Once a user logs in to their account, they must add a second factor authentication method in order to continue to log in to their account once the registration period expires. For more information, see the IntelliTrust Admin Online Help.

AD Sync status (AAAS-14257)​

AD sync status information can now be viewed in the IntelliTrust admin portal. This allows you to see the current progress of a synchronization including how many users have been processed. See the IntelliTrust Admin Online Help for more information.

Note: The AD sync status feature is not supported with pre-4.5 gateways.

AD Sync group optional upload (AAAS-14201)​

AD synchronization can be configured so that no groups are synchronized to IntelliTrust or that only groups matching the group filters are synchronized to IntelliTrust. See the IntelliTrust Admin Online Help for more information.

Note: The AD sync group optional feature is not supported with pre-4.5 gateways.

Support for new languages (AAAS-14203)​

This release supports the following new languages in the User Portal:

• Korean
• Italian
• Portuguese (Portugal)
• Chinese
• Polish
• Norwegian
• Russian
• Thai

Improved auditing (AAAS-13787)​

The auditing features have been improved to include additional management audit events such as changes to directory configurations, gateways, and applications.

Support for dynamic linking of transactions using OTP (AAAS-14255)​

Added the ability to integrate IntelliTrust for PSD2 compliance with European Banking Authority (EBA) Regulatory Technical Standards for strong customer authentication. See the IntelliTrust Admin Online Help for more information.

KBA redirect URL (AAAS-15476)​

A URL has been added to make it easier to for users to register a KBA authenticator on their account. By navigating to /#/register/kba a user will be automatically redirected to their authenticators and prompted to add a KBA authenticator. This feature can be used when onboarding new users and you want them to add KBA as an authenticator.

Password reset URL (AAAS-14200)​

A password reset URL is available at /#/reset/<userID> to redirect users directly to a password reset. See the IntelliTrust Admin Online Help for more information.

Note: The <userID> parameter is optional.

Support for Feitian C300 tokens (AAAS-14405)​

Added support for Entrust Datacard CR C300 tokens for OTP, unlock, and PIN processing.

IntelliTrust Authentication API Enhancements (AAAS-14056)​

The following enhancements have been made to IntelliTrust authentication APIs:

• Resource rules now support IP address related conditions.
• Authentication API applications can define whether the IP address is provided by the client or extracted from the connection to IntelliTrust.
• Resource rules now support EXTERNAL authentication to be defined as first-factor (with or without second-factor.)
• The authentication API now allows the response to be provided in CHAP, MSCHAPv1, or MSCHAPv2 formats.

IntelliTrust Administration API Enhancements (AAAS-14358)​

The following new attributes describing capabilities supported by the token are returned when querying Tokens:

• supportsChallengeResponse
• supportsResponse
• supportsSignature
• supportsUnlock
• supportsUnlockTOTP

Developer Portal now includes C# SDK (AAAS-14616)​

The IntelliTrust developer portal now includes a C# SDK for interacting with the IntelliTrust Administration and Authentication APIs. The supported SDKs are now Java, PHP, and C#.

IntelliTrust Developer documentation (AAAS-10987)​

This release includes a Developer portal that provides information on using the IntelliTrust authentication and administration SDKs, including access to the swagger files, API documentation, SDKs, and code samples in supported languages.

List pagination and searching (AAAS-12871)​

The Users, Grids, Tokens, and Audit events pages include the ability to set the number of rows on a page, toggle to different pages, and filter content visible on the page. See the IntelliTrust Admin Online Help for more information.

Support Salesforce SAML Community versions (AAAS-14537)​

The SAML application configuration has been changed so that the specified URLs can include IP addresses. Previously only DNS names were allowed.

AD Sync status (AAAS-14257)​

Logs have been enhanced to include information on the AD sync status. You must upgrade to the IntelliTrust 4.4 gateway in order to use this feature.

Specify search scope for directory sync (AAAS-13661)​

This release includes the ability to for administrators to choose whether to include subtrees when doing an Active Directory sync with IntelliTrust. You must upgrade to the IntelliTrust 4.4 gateway in order to use this feature. See the IntelliTrust Admin Online Help for more information.

Application logo (AAAS-14019)​

This release includes the ability to upload custom logos for your integrated applications. Applications are presented to end users on their application page. See the IntelliTrust Admin Online Help for more information.

Support for MemoPasscode™ (AAAS-13325)​

In addition to generating random one-time passwords, this release includes the ability to generate memoPasscode OTPs. OTPs formatted as memoPasscodes are easier for end users to remember and type than random OTPs. See the IntelliTrust Admin Online Help for more information.

Grid and Temporary Access Code character replacement (AAAS-14176)​

This release includes character replacement for similar characters such as the number 0 and the letter O. Enabling this capability will increase usability for end users. See the IntelliTrust Admin Online Help for more information.

Upgrade a gateway instance (AAAS-10547)​

In this release, a Gateway upgrade button is available to upgrade the gateway without having to reinstall, configure, and activate the gateway.

Grid Challenge Message (AAAS-14018)​

The serial number of grid cards are now included in the RADIUS authentication challenge messages. You must upgrade to the IntelliTrust 4.4 gateway in order to use this feature.

Export CVS Reports (AAAS-13771)​

Export of CVS files include the following:

• List Users: The report includes the user ID of all users loaded. - List Assigned Grids: The report includes Grid Entity information (serialNumber, UserId) and the grid content. - End-user audits: The reports includes activity such as event date, authenticator (and success/fail), IP, and message key.

Changes to IntelliTrust APIs​

When a grid challenge is returned it now includes the serial numbers of the grids a user can use to answer the challenge.

Support for user aliases (AAAS-13023)​

In this release, a user can have one or more aliases in addition to the mandatory userID. Wherever a userID is specified in administration or authentication APIs, an alias can be specified instead. The userID and aliases are mutually unique. See the IntelliTrust Admin Online Help for more information.

Support for FIDO2 authentication (AAAS-12299)​

This release supports FIDO2 tokens for authentication to SAML and OIDC applications as well as the IntelliTrust Administration and User portals. FIDO2 token authentication is available using the latest versions of Chrome, Microsoft Edge, and Firefox. See the IntelliTrust Admin Online Helpand User Help for more information.

Support for RADIUS IP attribute (AAAS-13024)​

An optional field is available in the RADIUS application to select the RADIUS IP Attribute. The attribute specifies the IP address which can be used by IntelliTrust for RBA, including determining the user location. See the IntelliTrust Admin Online Help for more information.

Support for custom Mobile app activation schemes (AAAS-14126)​

This release includes a new Scheme setting for smart credential and soft token apps to allow custom mobile applications instead of the Entrust Datacard mobile apps. See the IntelliTrust Admin Online Help for more information.

Gateway upgrade (AAAS-10547)​

For post 4.3 releases, a Gateway upgrade button will be available to upgrade the gateway without having to reinstall, configure, and activate the gateway. Upgrades for earlier releases must continue to replace their existing gateway with the new one. It is strongly recommended that you upgrade to IntelliTrust Enterprise Service Gateway 4.3 to take advantage of this feature going forward.

Rename gateway and gateway instance (AAAS-12780)​

This release supports renaming gateways and gateways instances.

Regenerate shared secret in Administration API applications (AAAS-12270)​

This release supports regenerating an Administration API application shared secret.

Changes to IntelliTrust APIs (AAAS-13501, AAAS-13688, AAAS-13689)​

• You can specify a user alias anywhere a userID is specified in the API. For example, this includes specifying a userID in any of the authentication API controllers. - In the administration API, new attributes have been added to the User and UserParms structures to specify user alias values when fetching or modifying users. - In the administration API, new controllers have been added to manage FIDO tokens for users. This includes the ability to get, delete, and update FIDO2 tokens. - In the administration API, new controllers have been added to do paged searching of audits and assigned tokens with search criteria. Additionally, a new option to search for locked users has been added to the user search criteria.

All changes are backwards compatible. A customer application written to use the APIs provided with 4.2 will continue to work without change.

Back end pagination end points (AAAS-12871)​

This release supports pagination and seaching list end points. See the Administration API Guide for more information.

User grid serial number (AAAS-13031)​

This release supports adding a user grid card with a serial number. See the Administration API Guide for more information.

Splunk SIEM integration (AAAS-12161)​

This release includes an integration with Splunk SIEM to allow users to use IntelliTrust Splunk add-on on Splunkbase to pull IntelliTrust audit events into their Splunk logs.

Mobile Transaction Verification (AAAS-12127)​

TOKENPUSH and SMARTCREDENTIALPUSH Authentication APIs support adding transaction details. Mobile Push Authentication from the portal includes details about the client performing authentication, such as Location and Web Browser. See the IntelliTrust Authentication API Guide for more information.

Note: RADIUS applications do not support request details in this release.

Theme Page (AAAS-13021)​

The Theme page has been simplified.

Logo customization (AAAS-13022)​

Logo customization includes an upload button and resize and reposition options.

Change the state of individual agents (AAAS-12842)​

The Gateway Instance Details page now includes the option to enable and disable agents.

Change the state of gateway instances (AAAS-12843)​

The Gateways page now includes the option to enable and disable gateway instances.

Barracuda Web Application Firewall VPN template (AAAS-9482)​

A Barracuda Web Application Firewall template is now available. Use this application template to quickly configure Barracuda for IntelliTrust authentication.

Azure AD Conditional Access Controls (AAAS-11032)​

IntelliTrust can now be plugged in as an authentication mechanism with Azure AD using conditional access. With this feature administrators can augment their Azure AD authentication flow with IntelliTrust second factor authenticators on a per application basis.

Grid card support for IdentityGuard applications (AAAS-9804)​

IntelliTrust now supports grid card authentication for Entrust IdentityGuard integrations. You must upgrade your gateway to version 4.1 to take advantage of this feature.

Improved Gateways User Interface (AAAS-12779)​

This release introduces a new look for the gateways list. It presents the current status of all your gateways in a single, easy to use page.

TLS 1.2 Support for Radius EAP (AAAS-8834)​

The Enterprise Service Gateway now supports the use of TLS 1.2 for Radius clients using the EAP protocol such as NetMotion.

Reset Active Directory password during authentication (AAAS-10960)​

IntelliTrust users synchronized to an Active Directory can reset Active Directory password when prompted to complete a password authentication challenge. This allows users who have forgotten their password to reset it and complete the password challenge. Password reset can also be used to create a new password for those without one. IntelliTrust account settings must be modified to enable password reset. See the IntelliTrust Administrator Help for more information.

Users can self-assign grid cards (AAAS-9804)​

Users can now self-assign grid cards assigned to them by entering the grid card serial number and responding to an authentication challenge using the grid card. See the IntelliTrust User Help for more information.

Synchronize users from all directory SearchBases (AAAS-11376)​

It is now optional to specify searchbases when configuring a directory. When left blank, IntelliTrust will search all SearchBases of the directory for users. See the IntelliTrust User Help for more information.

New report Dashboard (AAAS-18138)​

The Report page has been replaced with a Dashboard page that provides details on account entitlements and audit logs. Data can be filtered by date range or keyword search. See the IntelliTrust Administrator Help for more information.

Azure AD LDAP support (AAAS-11545)​

IntelliTrust users can connect to Azure AD using LDAP and then import users from Azure AD to allow them to password-authenticate into IntelliTrust. See the IntelliTrust Administrator Help for more information.

Message of the Day (AAAS-10234)​

Administrators can customize the log in page of IntelliTrust with information for users , such as the help desk phone number, email address, and special messages. Users see the messages when they access the IntelliTrust log on page. See the IntelliTrust Administrator Help for more information.

OIDC app login into separate tab in browser (AAAS-12276)​

In previous releases, the OIDC application would open in the current tab. By default, it now opens in a new tab.

Applications that do not have a resource rule (AAAS-12542)​

The Applications List page now shows a warning icon next to applications that do not have a Resource Rule configured. By clicking the icon the user is brought to the Add Resource Rule page with that application preselected.