Skip to main content

Release updates

Release notes for product updates to SecureAuth® Identity Platform release 24.04.

Release 24.4.1

Release date: June 4, 2024

Enhancements
  • Audit log update includes new Event ID for the SecureAuth LOA score and Confidence Level for each user. See the Audit log section in the SecureAuth Level of Assurance (LOA) Provider settings topic.

  • In the authentication policy, we've added a new conditional rule, Continue to next rule. Use this rule when the Risk Engine is in its learning phase. See step 3 in Add LOA rule in authentication policy.

  • We've added two new settings to the global MFA options:

    • Authentication apps global MFA – New setting to Prevent re-use of TOTP to prevent unauthorized use of a previously generated TOTP.

    • FIDO2 WebAuthn global MFA – New push notification setting to Validate device registration with FIDO Alliance that enhances security.

Fixes
  • Resolved an issue where users had to manually clear cookies due to excessive growth from hitting multiple realms.

  • Updated installer to streamline updates to SecureAuth Identity Platform

  • Fixed an issue where saving email settings in the admin UI would clear out SMTP relay information, causing customers to stop receiving emails.

  • Fixed an issue where the Adaptive rule "Run Windows SSO" incorrectly prompted for MFA despite settings to skip MFA.

  • Resolved security issue where the IWA service account password was exposed in the data store list payload in the New Experience.

Known issue
  • In cloud deployments with SecureAuth IWA Service enabled for Windows SSO, updating any data store information might wipe out the IWA service account password.

    Workaround: Re-enter the IWA service account password.