73 posts tagged with "Release"

New bulk operation actions available (AAAS-3671)​

Administrators may now assign Entrust Soft Token (ST), Google authenticators, or passwords to a list of users simultaneously. They can also reset multiple user passwords. Multiple users can be deleted from an account by completing the bulk deletion operation.

Create custom roles (AAAS-2763)​

Administrators may create custom roles that define the level of access each user assigned that role is granted to the Authentication Cloud Service features. The administrator defines which permissions are included in each role, which collectively define the user's level of access. These roles can be modified or deleted once created.

Add Amazon AWS application​

Administrators may now configure Amazon AWS application accounts for SSO from ACS. The administrator must configure the AWS account's settings for single sign-on from ACS as well. Once configured, the administrator needs to configure resource rules that define the security constrains that must be met for access to the application to be granted.

Generic, customizable SAML applications now available (AAAS-3456) (AAAS-4207)​

Administrators may now add Generic SAML applications to their account and enable SSO to applications not already offered by ACS. The assertion fields used may be customized during configuration so that the fields employed during authentication match those available in their application of choice.

ISAPI Filter IdentityGuard Application now available (AAAS-3855) (AAAS-3935)​

Administrators may now add the Internet Server Application Programming Interface (ISAPI) filter to ACS. A gateway instance with an IdentityGuard agent must be established before configuring ISAPI so that an IdentityGuard agent is available for selection when the ISAPI filter is configured.

Desktop IdentityGuard and Custom IdentityGuard applications now available (AAAS-5645)​

With this release, administrators can configure access to the IdentityGuard Desktop and Custom IdentityGuard Integration applications. A gateway instance with an IdentityGuard agent must be configured on ACS so that it is available for selection when configuring either application.

Machine authentication now available (AAAS-3058) (AAAS-3063)​

Users may now use machine authentication to bypass second factor authentication to applications. Machine authenticators can only be assigned by users to their own account. Administrators with the appropriate role can customize the settings of the machine authenticators assigned to each user. They can customize the authentication components included in each machine authenticator according to their organization's security constraints.

Hardware token authentication now available (AAAS-3692) (AAAS-3693) (AAAS-3695) (AAAS-3698)​

Users can now use hard tokens to complete authentication challenges to ACS or protected applications. Each token generates a 6-8 digit passcode. The user must enter the passcode before it expires as a response to the challenge posed by ACS during authentication. Both administrators and end users can assign hard tokens to user accounts.

RADIUS agents now support CHAP/MSCHAP (AAAS-1478)​

Each ACS RADIUS agent now supports the PAP, CHAP, MSCHAPv1, and MSCHAPv2 authentication protocols. The OTP, TOKEN and TOKEN PUSH authenticators support all of these RADIUS authentication protocols. The RADIUS authentication protocol used is determined by the VPN server configuration and is not controlled by any settings in ACS or the RADIUS agent.

ACS password authentication (AAAS-2756) (AAAS-2758) (AAAS-2680) (AAAS-2679)​

Administrators can now create and manage passwords on ACS. They can also prompt users to update their password when the newly-assigned password is used for the first time. Administrators can customize the settings applied to each password from Password Authenticator, under Authenticator Settings. Those settings outline the rules that must be met for a password to be assigned.

By default, each user is assigned a password when their account is created manually in ACS. Administrators can modify the authenticators automatically assigned to newly-created users from the General Settings section of the Administrator portal.

Active Directory (AD) password authentication (AAAS-2552)​

Users imported into ACS with passwords from their corporate directory can now use those passwords to authenticate. The passwords can be used to authenticate to an ACS account or web applications. Any user imported into ACS through Active Directory (AD) sync cannot use an ACS password. A new gateway with a password agent must be set up to perform any AD password authentication, otherwise the AD password authentication will not be successful.

Bulk import users, groups and user-group associations (AAAS-2636) (AAAS-2637) (AAAS-2638) (AAAS-2850)​

Bulk import allows administrators to upload a set of user, group, or user-group association details in CSV format and have them imported into ACS as a background task. While the ability to add account information manually or through active directory synchronization remains available, bulk import offers a middle ground where a large set of users, groups, or user-group associations can be added without the need for an on-premise agent. A table on the bulk import page shows all of the bulk operations that have been performed. The entries in that table can be filtered to only show select operations that meet the filter criteria.

Box, CitrixOnline, Office 365 and WebEx now accessible from ACS (AAAS-742) (AAAS-3072) (AAAS-3073) (AAAS-3520)​

Administrators can now manage access to Box, CitrixOnline, Office 365 and WebEx accounts through ACS and facilitate access restrictions. Administrators may control which users can authenticate to the applications available through customizing each application's Resource Rules.

Create multiple gateway instances (AAAS-2685) (AAAS-2686) (AAAS-2687) (AAAS-2688)​

Users with the appropriate roles can add and delete multiple instances within a Gateway. Instances can only be added within gateways that are created in ACS 2.0 or later.

Edit application settings on ACS (AAAS-2899)​

Administrators can now modify the settings of applications they have configured on ACS. The settings within each application's account must be updated to match the modified application configuration settings on ACS.

Two-Factor authentication now available (AAAS-2678)​

In this release, a user is prompted to engage in two-factor authentication when they have a password. The user is presented with a password challenge, followed by an authentication challenge (OTP, token authentication, or token push authentication). Users can bypass two-factor authentication by clicking on another authentication challenge option when prompted to enter their password, and completing that challenge instead.

User interface display customization (AAAS-1003)(AAAS-1391)(AAAS-1390)(AAAS-1461)(AAAS-1117)(AAAS-1118)​

With Release 1.1, users with the necessary roles can modify the appearance of their ACS account using the Customization feature. Users can add custom logos to their ACS account, provided that the image files conform to ACS file type, image dimension, and file size restrictions. Administrators can select the colors and color scheme applied throughout their account.

Track account activity with Reports feature (AAAS-2033)(AAAS-969)​

With Release 1.1, users can view account activity and user authentication history statistics with the Reports and My Activity features.

Edit configured roles, directories, and groups (AAAS-2035)​

Those with the appropriate roles can now edit the roles, directories and groups on their account.

Metadata URL for configuring SAML applications now available through Metadata button (AAAS-2198)(AAAS-2404)​

Previously those configuring SAML applications that required the XML file of their ACS account needed to manually enter the XML URL into their Web browser to access the XML file. Now, the administrator only needs to click Metadata on ACS to access and download the file. Clicking Metadata opens the XML file in a new Web window, which can then be saved and uploaded to the SAML application as required.

Download SAML certificate​

Users configuring SAML applications that require a signing certificate from their ACS account can now automatically download the certificate from ACS. A Signing Certificate button appears after configuring an application for ACS that, when clicked on, automatically downloads the certificate to the user's computer. The user can then upload the certificate to their SAML application as required.

Gateway agent now downloadable from ACS (AAAS-1309)​

Previously the administrator configuring their Gateway for ACS needed to download the agent (.OVA) from a separate location. That agent can now be downloaded from the top of the Gateway page located on the Administrator portal.