eGuardian Cloud Platform
v12.0.0 - June 29th, 2022#
| Enhancements |
|---|
| Added Role-Based Access Control (RBAC) infrastructure to support fine-grain management of user authorization. This initial rollout provides a Help Desk role for managing users and performing common support tasks. Roles may be granted and revoked using the Object Management API |
| Support soft deletion of users using the Object Management API |
| Added dashboard and API support for revoking the ownership of a workstation, allowing the same workstation user and machine to be paired with a different eGuardian user |
| Enforce a minimum supported version of the It'sMe mobile app to discourage users from using out-of-date releases |
| Fixes |
|---|
| Improved random number generation for one-time passwords and verification PINs |
| Updated various container and application dependencies for the latest security fixes |
| Fixed issue where double-clicking the WebAuthn button could cause the authentication to fail |
| Corrected minor timing issues with database cleanup jobs |
| Adjusted rate limit thresholds to avoid false positives |
| Reset a user's phone confirmation status when the phone number changes |
v11.20.1 - May 20th, 2022#
| Fixes |
|---|
| Generate QR codes on the backend instead of using data URLs, to support a broader range of mail clients |
v11.20.0 - May 16th, 2022#
| Enhancements |
|---|
| Rate limits have been added to protect against abuse scenarios such as sending excessive SMS messages when confirming phone numbers, prompting users with excessive MFA requests, overly frequent API calls, and rapid re-acquisition of OAuth access tokens |
| Support JPush notifications for Android users in China |
| Fixes |
|---|
| Improve validation for secondary email addresses |
| Fix minor dashboard issue in "click-to-reveal" UI components |
| Tighten dashboard transactions involving adding organization admins |
| Improve efficiency of dashboard connectors page by suppressing polling when the page is not being displayed |
| Minor improvements to It'sMe mobile app integration with respect to pairing and enrollment |
| Self-generate QR images instead of using Google APIs, to support users in China |
v11.19.0 - March 21st, 2022#
| Enhancements |
|---|
| Support custom AD attributes as primary user identifier |
| Add language support for Korean and Chinese |
| Improve push notification reliability |
| User interface to configure per-application SAML IdP certificates |
| Fixes |
|---|
| Update dependencies to fix reported upstream vulnerabilities |
| Ensure all workstation events use the correct organization |
| Normalize time zone for audit logs |
| Improve query performance for user last login time |
v11.18.0 - February 10th, 2022#
| Enhancements |
|---|
| Add User last login attribute |
| Add new Risk Analyzer type for Oauth API integrations |
| Fixes |
|---|
| Fix code policy examples |
| Improve support for Enterprise Root CA certificates for on-premise deployments |
v11.17.0 - February 2nd, 2022#
| Enhancements |
|---|
| On-premise deployment improvements, including support for environments without access to external networks |
| Support option to disable automatic push notifications for SSO MFA |
| Add LDAP Agent Status page |
| Support per-application SAML IdP certificates |
| Fixes |
|---|
| Displayed SSO entity ID |
| Update dependencies to fix reported upstream vulnerabilities |
| Protect organization settings from inadvertent updating |
v11.16.0 - November 12th, 2021#
| Enhancements |
|---|
| Add support for different response types to Integration v2 API |
| Send continuous auth events to AIML |
| Fixes |
|---|
| Workstation condition matcher when there's no workstation assigned to the user |
| Only send notifications to confirmed phone numbers |
| Security Updates |
| Ignore rejected auth methods during continuous auth |
| SAML Download Button |
v11.15.0 - October 27th, 2021#
| Enhancements |
|---|
| Add custom user field feature. |
| Support dynamic heartbeat timeout per switchboard agent and organization. |
v11.14.0 - October 18th, 2021#
| Enhancements |
|---|
| User offboarding API. |
| Improve the DBFP integration. |
| Improve the CI/CD reliability. |
| Improve agent switchboard message handling. |
| Organization Settings for WebAuthn User Verification. |
| Idp Settings UI. |
| Security updates. |
| Fixes |
|---|
| Add ACS URL to Response Hosts. |
| Fix Sidekiq dashboard session configuration. |
| Fix WebAuthn User Verification Bug. |
v11.13.1 - September 13th, 2021#
| Fixes |
|---|
| Fix identifier for streaming Data Hub logs. |
v11.13.0 - September 8th, 2021#
| Enhancements |
|---|
| Add new object management API using OAuth. |
| Audit logs streaming to Data Hub. |
| Kerberos core authentication library. |
| Performance improvements. |
| Security updates. |
| Fixes |
|---|
| Improve user dashboard continuous authentication. |
| Audit log performance improvements. |
| Fix Mac Kerberos detection. |
v11.12.0 - August 16th, 2021#
| Enhancements |
|---|
| Support Security Key/WebAuthn as an MFA option for SSO logins. |
| Each organization and application can set custom configuration values for each risk analyzer, including weight, timeout, and whether it is enabled or not. |
| Performance improvements. |
| Additional tracking of risk analyzer contributions to the LOA score. |
| Fixes |
|---|
| Enforce application permissions for newly enrolled users. |
| No longer show the score from a risk analyzer when it is not included in the overall LOA score. |
v11.11.2 - June 15th, 2021#
| Enhancements |
|---|
| Organization admins can view event types in eGuardian audit logs (used for significant events and policies). |
| Support for mobile applications to call calculate_loa_score API and pass mobile device specific context data to the risk engine. |
| Each organization and application can now have its own custom SMTP settings for sending out of band emails for authentications and user notifications. |
| Ability for organization admins to search and update their users data (Out of band methods, workstations and devices). |
| Organization admins can now set access permissions per application based on users active directory group membership. |
| Users who are members of multiple organizations can now choose the organization that their workstation belongs to when pairing a new workstation with their It’sMe app. |
| If a customer's active directory is unreachable, eGuardian detects failures and stops from reaching out to ADAgent on every request and falls back on cache data if available, the fallback happens only for passwordless logins and group membership policies. |
| Fixes |
|---|
| Ignore authentication method risk analyzer in post-auth and continuous-auth when MFA is approved by a policy. Previously the LOA score was distorted from the policy authentication method. |
| Now the risk engine immediately trusts any data that is MFA approved which results in less friction for end-users; previously it took 24 hours for the risk engine to add the context data to the user's trusted attributes. |