Documentation

Introduction

SecureAuth IdP version 9.1 includes new features and Web Admin adjustments to enable the new features and improve the user experience.

9.1 Changes
Overview Tab Changes
Email Settings Changes

Show passcode in subject line

By enabling this new checkbox, the One-time Passcode emailed to the end-user appears in the subject line of the message

This feature lets the end-user quickly enter the passcode in the application without needing to open the message

See OTP Email Configuration Guide

OTP Email Template

The Template field was renamed to this new name to clarify that this template is used for One-time passcode emails

The renamed field distinguishes this template from the email template used by the new SecureAuth Link-to-Accept feature

Login Request Email Template

This new field is used for selecting a template to use for an HTML email sent to end-users with a SecureAuth Link-to-Accept for the login request

  • A template can be selected from this new field
  • Customized templates can be added / edited

Help Desk Info in Login Request Emails

This new field is used for enabling / disabling the option to include help desk contact information in the footer of a Login Request email

See information about the new SecureAuth Link-to-Accept feature

Verbiage Editor Changes
Workflow Tab Changes
Browser / Mobile Profiles Changes

 

The Browser / Mobile Profiles section now only includes the Device Recognition Settings, with an option to Show Custom Component Weights

Custom Component Weights

 

The Custom Component Weights are more robust and easier to configure with Off, Low, and High buttons

Out-of-the-box, SecureAuth delivers defaults that should work effectively in most environments, but administrators can still set the weights as preferred

Device Recognition logging is also included in 9.1, enabling administrators to accurately report which components fail to match to configure more appropriately and securely

Refer to Device Recognition for additional information and configuration steps

Workflow Changes

 

Password Settings

The Inline Password Change sub-section was renamed to this new name to distinguish it from the field of the same name (Inline Password Change) in this sub-section

Password Rules and Policy Settings

The Password Settings link was renamed to this new name to better define the function of the linked page which is used for configuring password

Password Throttling

This new frame contains objects used for configuring the new Password Throttling feature, which is used to lock out an end-user from an application after reaching the maximum number of failed password attempts

Custom Identity Consumer Changes

 

YubiKey Begin Site

The new YubiKey selection appears in the Begin Site dropdown, making it easier to configure the YubiKey Pre-authentication realm

See Multi-Factor Methods Tab Changes below for more about YubiKey configuration settings

Multi-Factor Methods Tab Changes

Phone Field 1 - 4

Selections for the Phone Field 1 - Phone Field 4 dropdown have been modified to accommodate the new SecureAuth Link-to-Accept Login Request feature

  • Login Request – Selecting this new option lets the end-user receive an SMS text message containing a link to tap on the mobile device to accept a login request
  • One-Time Passcode via Phone Call and SMS – This option was renamed from Voice and SMS / Text to clarify that this selection pertains to OTPs to be delivered via telephony and SMS
  • One-Time Passcode via Phone Call Only – This option was renamed from Voice Only to clarify that this selection pertains to OTPs to be delivered via telephony only
  • One-Time Passcode via SMS Only – This option was renamed from Voice and SMS / Text to clarify that this selection pertains to OTPs to be delivered via SMS only

Email Field 1 - 4

Selections for the Email Field 1 - Email Field 4 dropdown have been modified to accommodate the new SecureAuth Link-to-Accept Login Request feature

  • Login Request via HTML Email – Selecting this new option lets the end-user receive an email in HTML format containing a link to click to accept a login request
  • Login Request via Plain Text Email – Selecting this new option lets the end-user receive an email in text format containing a link to click to accept a login request
  • One-Time Passcode via HTML Email – This option was renamed from Enabled (HTML) to clarify that this selection pertains to emails sent in HTML format that include OTPs
  • One-Time Passcode via Plain Text Email – This option was renamed from Enabled (TEXT) to clarify that this selection pertains to emails sent in plain text format that include OTPs

YubiKey Settings

This new frame include settings to configure an end-user's usage of a YubiKey device in Multi-Factor Authentication

Previously, a YubiKey device could only be used for Pre-authentication and some of these settings were configured in the Yubikey section which is removed in this release

 Yubikey section removed from Multi-Factor Methods tab...

 

Multi-Factor Method Order

The Registration Method Order sub-section was renamed to this new name to conform to the name of this tab: Multi-Factor Methods

Post Authentication Tab Changes
Self Service and Help Desk Page Changes

The YubiKey field now appears in the Self Service and Help Desk sections

This field can be selected to Show or Hide the YubiKey Device checkbox and ID that appears on the end-user Self Service and Help Desk pages if a YubiKey is provisioned for use in either Pre-authentication or Multi-Factor Authentication

 Sample end-user Self Service page showing YubiKey Device field...

 Sample end-user Help Desk page showing YubiKey Device field...

WS-Trust Request Blocking Changes

 

Use Adaptive Authentication for initial IP Blocking

By enabling this new checkbox for the WS-Trust request blocking feature, Analyze Engine will use Adaptive Authentication before checking the end-user IP address to determine how to handle the request

Refer to WS-Trust Request Blocking Configuration Guide for information about this feature

SAML Assertion / WS Federation Changes

 

SAML Signing Algorithm

SecureAuth IdP 9.1 includes he ability to assert end-users via the SHA 2 algorithm

While configuring for SAML assertions, administrators can select SHA 1 or SHA 2 from the SAML Signing Algorithm dropdown, based on the Service Provider's support

System Info Tab Changes

 

License Expires

This new field shows the date the SecureAuth IdP license expires and can be copied and pasted as needed into a form