20.06
SecureAuth documentation for Identity Platform release 20.06.
What's new
Read on to learn more about the new features in the SecureAuth® Identity Platform product release 20.06.
FIDO2 WebAuthn support
The Identity Platform supports the use of FIDO2-enabled devices with the WebAuthn protocol for strong authentication. Using FIDO2-enabled devices with a passwordless login workflow gives end users a better user experience.
End users can use many FIDO2-enabled devices, that include bound / platform and roaming authenticators. A bound / platform authenticator is an operating system (OS) that supports the WebAuthn protocol. The authenticator includes mobile, laptop, and desktop devices using passwords, PINs and biometrics. Roaming authenticators like USB, Bluetooth, and NFC can be attached to multiple devices.
When you configure and save the global settings for FIDO2, it automatically generates a FIDO2 registration and management page. Once end users register their FIDO2 device on that page, it becomes available as a login option to assert their access to resources. You can set up the Account Management (Help Desk) page to revoke FIDO2 devices.
The FIDO2 registration and management page is localized and translated based on the user's browser language settings.
Enabling FIDO2 authenticators in login workflows requires the Prevent licensing package.
More data store options
The Identity Platform New Experience has more data store options. The following table lists the available data stores for both cloud and hybrid deployments.
Cloud deployment | Hybrid deployment |
---|---|
Active Directory (AD) * | Active Directory (AD) |
Azure AD | Generic LDAP |
Generic LDAP * | NetIQ eDirectory |
SQL Server * | SQL Server |
Oracle DB * |
* Denotes that the SecureAuth Connector is required to communicate with data store.
Dynamic IP Blocking
Enable Dynamic IP Blocking in your policies for any workflow to protect your resources against password spraying and other online password attacks. After various failed logins against different usernames, SecureAuth blocks the IP address from logging into the system for a specified amount of time.
SecureAuth Connector improvements
Improvements include the display of the SecureAuth Connector GUID and last check time in minutes, days, and months. For example, instead of displaying the last check as 216 hours ago, it shows 9 days ago.
After uninstalling the Connector from your local data store machine, you can remove it from the list of Connectors.
New UI look and feel
The Identity Platform gets a new look and feel with a cleaner and more modern user interface (UI).