Arculix Core release notes
Release notes for Arculix Core (formerly Acceptto eGuardian Cloud Platform).
September 7, 2023
Added support for AD FS token for OAuth authentication
Added ability to issue temporary access PIN (time-limited and use-limited)
Security updates
July 5, 2023
Performance improvements and bug fixes
May 25, 2023
Added TOTP endpoints to v11 API
IdP-initiated login
Various UI/UX enhancements
Various security and bug fixes
April 7, 2023
Add support for OIDC applications
Additional v11 API functionality
New configuration option to support scanning QR codes with device camera
Option to enforce an 8-digit PIN to unlock the Arculix Mobile app (instead of the default 4-digit PIN)
Support for TLS communication with Postgres, Redis, and Memcached
Performance improvements
Security updates
March 8, 2023
Audit logging when data is changed
Improved configuration options for Symbol Push
Added read-only SCIM support
Filter audit logs by event date
Ensure that pairing link is displayed for devices with wide screens in the invitation email
Overall improvements to validation and error handling
Security updates
December 20, 2022
Symbol Push support in Arculix
Symbol Push support in the Arculix Cloud IdP
Workstation endpoint optimizations
Performance improvements
Fixes for domain editing behavior
Security updates
December 10, 2022
Improved workstation revoke API
Added user profile reset feature
Support for “Create User” API to enable enrollment without a mobile device
Support for Active Directory Federation Services (AD FS)
Security updates
October 3, 2022
Support for enforcing biometric authentication for viewing TOTP codes
Performance improvements
Security updates
Improved rate limit support
August 30, 2022
Rebranded to Arculix. For more information, see Announcement for Acceptto customers.
Fix device-based rate-limit detection
v12.1.0 - August 5, 2022
Framework upgrades to support future improvements
Improved expiration support for invitation QR tokens:
If an end user tries to scan an expired QR invitation token, they will get a message that they cannot use the expired QR code.
Users can still scan the same QR code if they request it again before it expires. Otherwise, it generates a new QR code after it expires.
Updated version of User Authentication API includes the following:
Improvements to authorization of application calls
Added just-in-time (JIT) user creation and enrollment
Supports JIT user enrollment integration only with Active Directory
Security and usability improvements
Address security issues with environment variables
Improved eGuardian handling of clock skew on workstations with Device Trust installed
Fixed issue where a Help Desk user could not switch the Audit Logs view from "User" to "Organization"
Fixed dashboard session issue displaying data from the previous session for another organization (for users with help desk/admin access to multiple organizations)
v12.0.0 - June 29, 2022
Added Role-Based Access Control (RBAC) infrastructure to support fine-grain management of user authorization. This initial rollout provides a Help Desk role for managing users and performing common support tasks. Roles may be granted and revoked using the Object Management API
Support soft deletion of users using the Object Management API
Added dashboard and API support for revoking the ownership of a workstation, allowing the same workstation user and machine to be paired with a different eGuardian user
Enforce a minimum supported version of the It'sMe mobile app to discourage users from using out-of-date releases
Improved random number generation for one-time passwords and verification PINs
Updated various container and application dependencies for the latest security fixes
Fixed issue where double-clicking the WebAuthn button could cause the authentication to fail
Corrected minor timing issues with database cleanup jobs
Adjusted rate limit thresholds to avoid false positives
Reset a user's phone confirmation status when the phone number changes
v11.20.1 - May 20, 2022
Generate QR codes on the backend instead of using data URLs, to support a broader range of mail clients
v11.20.0 - May 16, 2022
Rate limits have been added to protect against abuse scenarios such as sending excessive SMS messages when confirming phone numbers, prompting users with excessive MFA requests, overly frequent API calls, and rapid re-acquisition of OAuth access tokens
Support JPush notifications for Android users in China
Improve validation for secondary email addresses
Fix minor dashboard issue in "click-to-reveal" UI components
Tighten dashboard transactions involving adding organization admins
Improve efficiency of dashboard connectors page by suppressing polling when the page is not being displayed
Minor improvements to It'sMe mobile app integration with respect to pairing and enrollment
Self-generate QR images instead of using Google APIs, to support users in China
v11.19.0 - March 21, 2022
Support custom AD attributes as primary user identifier
Add language support for Korean and Chinese
Improve push notification reliability
User interface to configure per-application SAML IdP certificates
Update dependencies to fix reported upstream vulnerabilities
Ensure all workstation events use the correct organization
Normalize time zone for audit logs
Improve query performance for user last login time
v11.18.0 - February 10, 2022
Add User last login attribute
Add new Risk Analyzer type for Oauth API integrations
Fix code policy examples
Improve support for Enterprise Root CA certificates for on-premise deployments
v11.17.0 - February 2, 2022
On-premise deployment improvements, including support for environments without access to external networks
Support option to disable automatic push notifications for SSO MFA
Add LDAP Agent Status page
Support per-application SAML IdP certificates
Displayed SSO entity ID
Update dependencies to fix reported upstream vulnerabilities
Protect organization settings from inadvertent updating
v11.16.0 - November 12, 2021
Add support for different response types to Integration v2 API
Send continuous auth events to AIML
Workstation condition matcher when there's no workstation assigned to the user
Only send notifications to confirmed phone numbers
Security Updates
Ignore rejected auth methods during continuous auth
SAML Download Button
v11.15.0 - October 27, 2021
Add custom user field feature.
Support dynamic heartbeat timeout per switchboard agent and organization.
v11.14.0 - October 18, 2021
User offboarding API.
Improve the DBFP integration.
Improve the CI/CD reliability.
Improve agent switchboard message handling.
Organization Settings for WebAuthn User Verification.
Idp Settings UI.
Security updates.
Add ACS URL to Response Hosts.
Fix Sidekiq dashboard session configuration.
Fix WebAuthn User Verification Bug.
v11.13.1 - September 13, 2021
Fix identifier for streaming Data Hub logs.
v11.13.0 - September 8, 2021
Add new object management API using OAuth.
Audit logs streaming to Data Hub.
Kerberos core authentication library.
Performance improvements.
Security updates.
Improve user dashboard continuous authentication.
Audit log performance improvements.
Fix Mac Kerberos detection.
v11.12.0 - August 16, 2021
Support Security Key/WebAuthn as an MFA option for SSO logins.
Each organization and application can set custom configuration values for each risk analyzer, including weight, timeout, and whether it is enabled or not.
Performance improvements.
Additional tracking of risk analyzer contributions to the LOA score.
Enforce application permissions for newly enrolled users.
No longer show the score from a risk analyzer when it is not included in the overall LOA score.
v11.11.2 - June 15, 2021
Organization admins can view event types in eGuardian audit logs (used for significant events and policies).
Support for mobile applications to call calculate_loa_score API and pass mobile device specific context data to the risk engine.
Each organization and application can now have its own custom SMTP settings for sending out of band emails for authentications and user notifications.
Ability for organization admins to search and update their users data (Out of band methods, workstations and devices).
Organization admins can now set access permissions per application based on users active directory group membership.
Users who are members of multiple organizations can now choose the organization that their workstation belongs to when pairing a new workstation with their It’sMe app.
If a customer's active directory is unreachable, eGuardian detects failures and stops from reaching out to ADAgent on every request and falls back on cache data if available, the fallback happens only for passwordless logins and group membership policies.
Ignore authentication method risk analyzer in post-auth and continuous-auth when MFA is approved by a policy. Previously the LOA score was distorted from the policy authentication method.
Now the risk engine immediately trusts any data that is MFA approved which results in less friction for end-users; previously it took 24 hours for the risk engine to add the context data to the user's trusted attributes.