The SecureAuth® Identity Platform (formerly SecureAuth IdP) version 19.07 release contains new features as described in this topic.
The Identity Platform provides the ultimate deployment freedom using the same interface and capabilities for all environments – hybrid, cloud, or on-premises. The Identity Platform includes the SecureAuth® Intelligent Identity Cloud (at no additional cost) which delivers advanced security, user experience, analytics, administration and extensibility functionality out-of-the-box without the need for cumbersome implementations and integrations with third-party services.
End user experience
A new and customizable end user theme is included in this release. To improve the login experience, you can use cascading style sheets (CSS) to change backgrounds, add logos, and modify the position of fields.
Identity Platform interface updates
The new Identity Platform interface simplifies the creation and administration of authentication login experiences with reusable templates, policies, and settings.
SecureAuth Connector and data store integration
For cloud and hybrid deployments, the Identity Platforms integrates with the local data stores in your organization for user authentication. To establish communication between the data store and the Identity Platform to check if the user has access, requires the use of the SecureAuth Connector.
The user interface provides installation and configuration instructions for the SecureAuth Connector before you add and integrate data stores.
For more information about the SecureAuth Connector, see Data Store integration overview.
Global multi-factor authentication methods
Globally define which multi-factor authentication (MFA) methods are available for users to select and use for authentication during the login workflow. Any time a change is made a globally-defined multi-factor method, it is automatically reflected in the default and custom policies.
For more information about out-of-the box settings for global multi-factor methods and each of its configurations, see Global multi-factor authentication (MFA) methods overview.
A policy is a collection of rules about how to handle login attempts to allow and block users to certain applications. The Identity Platform comes with a default policy, which cannot be deleted. Each time you add a new policy, the rules from the default policy are applied – to which you can further limit in a customized policy.
In a policy, you define the following types of rules:
- Authentication Rules
Adaptive authentication rules to skip or prompt users for authentication.
For example, prompt a user to authenticate when they are not a member of a specified directory group.
- Blocking Rules
Block users from accessing any applications.
For example, your organization does not allow a user from a certain country to access any resources in your organization.
- Multi-Factor Methods
Choose the login workflow experience and whether to use all or some of the globally-enabled multi-factor authentication methods in a policy.
For example, your organization has the global settings enabled for a notification passcode from an authentication app and the use of an email login confirmation link. But for this policy, you don't want to allow users to the ability to use an email login confirmation link.
Choose the application resources to which the policy applies.
For example, the rules set up in a policy applies to Office 365 and Salesforce application logins to assert and authenticate user logins.
For more information about policies, see How policies are used in the Identity Platform.
A new Identity Security Intelligence dashboard provides key metrics at a glance. It includes the number of logins; login by system; successful vs failed logins; MFA methods used; and more.
Biometric multi-factor authentication
Provide a secure and seamless user experience for your end users who use a mobile device; use biometric MFA as part of the authentication process. You can enable face or fingerprint biometrics for Apple and fingerprint biometrics for Android mobile devices, to ensure the user is the owner of the device.
The following issues were resolved in the Identity Platform release version 19.07.
|IDP-4233||Device / browser profile matching issue is resolved|
Require Begin Site redirect with a SAML request now works correctly.
Date values are no longer missing on the help desk page for Cert Validation Date and Mobile Validation Date.
OATH Token JSON Encryption Issue – Data is now correctly read when JSON encryption is selected as the OATH token storage method.
Help Desk “Update” User Account – Incorrect profile data is no longer automatically saved since the Update button is now properly disabled.
Data Parsing in SAML Attribute – Data is now correctly parsed when sent in a SAML attribute.
Device Fingerprint Space Issue – The Device Fingerprint cookie name now parses correctly if a space is present in the generated cookie name.
Transformation Debug Logging – Transformation Engine logging is no longer automatically enabled when Debug logging is enabled, which prevents the potential exposure of sensitive information in the logs.
CLONE - Transformation Engine debug log contains passwords
Passcode Registration Screen – When using the Default theme, the SecureAuth Passcode registration screen now works correctly.
Issue with GlobalSettings missing values is resolved.
Link to Accept SMS issue now works correctly.
Inline Password Reset Issue – Using the 2016 Light Theme, the Inline Password Reset pages now work as expected for all use cases.
Incorrect SMS MFA Option – When users select the SMS OTP option, they no longer randomly receive an incorrect Link to Accept message.
App Enrollment Maintenance – App enrollment for users made on previous versions of SecureAuth IdP work correctly after the upgrade.
*Issue resolved in a previous hotfix
The following are known issues in the Identity Platform release version 19.07. The Workaround column indicates whether there is a workaround until a fix can be applied in a later release.
Knowledge based questions and answer entries are missing from the Web.config file. This occurs when you set the Profile Connection Settings to No Data Store, saving it and then going back in and selecting a data store.
|Go to the Web Configuration Editor and add the fields back in.|
After upgrading to 9.3, the SecureAuth0 Verbiage Editor cannot update resource.dll file.
|Start and stop the SecureAuth Cloud Transport Service.|
TRX logging enabled on data realms creates redundant traffic.
|For a workaround, contact Support.|
|IDP-7043||Login counts are duplicated on the Dashboard.||No workaround. Will be fixed in a later release.|
|IDP-7045||Data store counts are not reflected on the Dashboard.||No workaround. Will be fixed in a later release.|