19.07

SecureAuth documentation for Identity Platform release 19.07.

What's new

Latest release version: 19.07.01

The SecureAuth® Identity Platform (formerly SecureAuth IdP) product release 19.07 contains new features as described in this topic.

Cloud deployment

The Identity Platform provides the ultimate deployment freedom using the same interface and capabilities for all environments – hybrid, cloud, or on-premises. The Identity Platform includes the SecureAuth® Intelligent Identity Cloud (at no additional cost) which delivers advanced security, user experience, analytics, administration and extensibility functionality out-of-the-box without the need for cumbersome implementations and integrations with third-party services.

End user experience

A new and customizable end user theme is included in this release. To improve the login experience, you can use cascading style sheets (CSS) to change backgrounds, add logos, and modify the position of fields.

Identity Platform interface updates

The new Identity Platform interface simplifies the creation and administration of authentication login experiences with reusable templates, policies, and settings.

SecureAuth Connector and data store integration

For cloud and hybrid deployments, the Identity Platforms integrates with the local data stores in your organization for user authentication. To establish communication between the data store and the Identity Platform to check if the user has access, requires the use of the SecureAuth Connector.

The user interface provides installation and configuration instructions for the SecureAuth Connector before you add and integrate data stores.

For more information about the SecureAuth Connector, see Data store integration overview.

Note

Cloud deployments currently support AD and SQL integrations.

Global multi-factor authentication methods

Globally define which multi-factor authentication (MFA) methods are available for users to select and use for authentication during the login workflow. Any time a change is made a globally-defined multi-factor method, it is automatically reflected in the default and custom policies.

For more information about out-of-the box settings for global multi-factor methods and each of its configurations, see Global multi-factor authentication (MFA) methods overview.

Policies

A policy is a collection of rules about how to handle login attempts to allow and block users to certain applications. The Identity Platform comes with a default policy, which cannot be deleted. Each time you add a new policy, the rules from the default policy are applied – to which you can further limit in a customized policy.

In a policy, you define the following types of rules:

Authentication Rules

Adaptive authentication rules to skip or prompt users for authentication. 

For example, prompt a user to authenticate when they are not a member of a specified directory group. 

Blocking Rules

Block users from accessing any applications. 

For example, your organization does not allow a user from a certain country to access any resources in your organization. 

Multi-Factor Methods

Choose the login workflow experience and whether to use all or some of the globally-enabled multi-factor authentication methods in a policy.  

For example, your organization has the global settings enabled for a one-time passcode from an authentication app and the use of an email login confirmation link. But for this policy, you don't want to allow users to the ability to use an email login confirmation link. 

Resources

Choose the application resources to which the policy applies.

For example, the rules set up in a policy applies to Office 365 and Salesforce application logins to assert and authenticate user logins. 

For more information about policies, see How policies are used in the Identity Platform.

Dashboard

A new Identity Security Intelligence dashboard provides key metrics at a glance. It includes the number of logins; login by system; successful vs failed logins; MFA methods used; and more.

Biometric multi-factor authentication

Provide a secure and seamless user experience for your end users who use a mobile device; use biometric MFA as part of the authentication process. You can enable face or fingerprint biometrics for Apple and fingerprint biometrics for Android mobile devices, to ensure the user is the owner of the device.

Additional adaptive authentication IP threat protection layer

Another layer was added to the set of Threat Detection rules in the form of adaptive authentication IP threat protection. It provides more protection for WS-Trust and other protocols based on attack pattern recognition. This capability is part of the Prevent Package.