Table of Contents

Integration Guides and Other Resources

7.x Integration Guides

Knowledge Base Articles

This document contains specific information for SecureAuth IdP version 7.x. If using a different version of SecureAuth IdP, refer to the 8.x, 9.0.x, or 9.1 - 9.2 space accordingly.

Release Notes for 8.0+ Have Been Moved

Click 8.0.x Release Notes to view the SecureAuth IdP 8.0.x Release Notes.

Version 7.5.1

FeatureDescriptionIntegration Guide
SecureAuth OTP AppEnhanced security measure for iOS (3.2.0), Android(3.0.0), BB7 (3.2.0)
OAuth 2.0Enhance OAuth 2.0 support to support multiple claim types (Client Credential, Refresh Token, and Token Info)Contact Support to reference this internal only article: SecureAuth OAuth2
GFIPM Mapping TemplateProvide a template for auto-mapping of LDAP attributes to GFIPM attributes 
Web Admin Data Tab (GFIPM)To Fix the saving of domain name in profile connection setting and write flag in data fields
Configurable Mask of Phone NumberAllow admin to define which part of the phone number  will be masked for security reason 
Securityviolation: Max Attempts Error MessageHandle SMS, VIP Credential and Help Desk  Max Attempts Error Message 
Audit Log EnhancementUsing X-Forwarded-For to obtaining IP address in Audit Log
HousekeepingVarious bug fixes and enhancements

 Released on June 17, 2014

Version 7.5

FeatureDescriptionIntegration Guide
Hardware Token SupportProvide hardware OATH token provisioning and management functions within our IdM suite
Portal Page Header User InfoEnhance current Portal Page header to include the Logged In User ID for display purposes
Product ToggleAllow SecureAuth admin to remotely disable the functionality of applianceContact Support to reference this internal only article: Product Toggle Troubleshooting article
Web Admin Summary PageProvide new Summary Page as the default landing page when logging into Web Admin
Create/Copy Realm RelocationEnhance current Create/Copy Realm functionality, by providing more realm details and make it more accessible
Multi-Domain, v2Enhance how Multi-Domain is being configured
Events Viewer Logging OptionAdd new option to log all entries to Windows Event Viewer, in addition to Text File, SysLog, and SQL
SubmitFormPost EnhancementEnhance SubmitFormPost to support getting password from FBA token, as well as to send empty value
MSI DistributionInclude all versions of support ActiveX controls in both 32-bit and 64-bit MSI format for distribution 
Web Admin Data Tab (GFIPM)Enhance Data tab to support multiple data sources and for GFIPM support
MFAStyleSheet.cssRemove reference of MFAStyleSheet.css in the MFALoginControl 
EULA LinkProvide an EULA link at the bottom of the screen, with a configurable toggle to show/hide the link
PostAuth OTP timeoutEnhancing timeout for PostAuth OTP
SAML 2.0 SP Init API Allows attributes and userid to be sent in the request to the API along with all typical SAML parameters
Enhancements for Google AppFingerprints and Push notification for Google apps provider
Enhancements for ASPNETDBFingerprints and Push notification for ASPNETDB
Enhancements for SQL provider
Add allowed/denied group support, password expiration & configurable format (clear, encrypted, or hashed)
Enhancements for Web Service providerCase sensitive domain comparison & failover 
Enhancements for Account UpdateAdding configurable on redirect, send email, regex validation options
Enhancements for WorkflowEnable workflow with FP for realms with a custom pre-auth page 
Subject Alternative NameSupport configurable SAN injection into our certificates
WS-Trust EnhancementRefactor how endpoints and bindings are created Added configuration page to post auth.
PostAuth OTP enhancementPostAuth OTP for SecurePortal 
Arabic Language SupportSupport display in Arabic 
OATH Lockout enhancementLock use account after 10 times of using bad OTP 
OTP App Enhancement (iOS, Android, WP)Enhanced security measure
HousekeepingVarious bug fixes and enhancements

  Released on May 2, 2014  

Version 7.4.3

Integration Guide
WS-Fed Group / Role EnhancementEnhance how Role/Group assertions are being created
Cert Validity by RealmProhibit a longer term cert issued from one realm to be able to validate in another realm which requires a shorter term cert
WebAdmin Datastore - change username/passwordAllow for changing of username and password for Web Admin Data Store
HousekeepingVarious bug fixes and enhancements

  Released on February 7, 2014  

Version 7.4.2

FeatureDescriptionIntegration Guide
HousekeepingVarious bug fixes and enhancements

  Released on December 31, 2013  

Version 7.4.1

FeatureDescriptionIntegration Guide
Inbound SCEPAllow SecureAuth to be able to listen and process inbound SCEP calls, and then issue/return a certificate via our hosted facility 
HousekeepingVarious bug fixes and enhancements

  Released on December 26, 2013  

Version 7.4

FeatureDescriptionIntegration Guide
HTML5 / Chrome Extension OTP appDevelop new HTML5-based app that can be run locally on a Chrome browser to support OTP generation 
Email Notification, v2Send email notification to users with certificates about to expire
Central Authentication Service (CAS)Support CAS function calls to allow any CAS-compatible web apps to use SecureAuth as the IdP
Symantec VIPProvide integration option to the Symantec VIP product



Amazon Web ServicesProvide integration option to the AWS Control Panel
Mobile SDKProvide SDK for developer to download and integrate with our mobile authentication product. Support iOS and Android 
Native Cert FinderAdd PreAuth module that utilizes our ActiveX control to retrieve native certificate as a replacement for User ID input 
Wizard TemplatesAdd templates for Office 365, OWA 2013, Amazon Web Services, and AirWatch 
SQL Create User PageExtend Create User functionality to support SQL Server data store, using stored procedure
Post to ASAAdd configurable 2-factor user authentication to Cisco ASA SSL VPN, without the use of x.509 certificate 
WebSphere IntegrationEnhance WebSphere integration supporting with API and Post 
Post Auth TrackingEnable tracking service to provide better reporting data on usage 
Configurable BackUp Folder in UpdaterEnhance SecureAuth Updater to allow customer to specify a different back up destination folder 
Windows Server 2012Migrate appliance to be running on Windows Server 2012 
HousekeepingVarious bug fixes and enhancements

 Released on December 17, 2013

Version 7.3.1

Hardware ID checking with ActiveXRetrieve physical hard disk ID using ActiveX and associate it to the native cert, so that a cert is only valid during validation if physical hard disk ID matches 
Extended OTP Logging in AuditProvide additional logging info, like OTP and last portion of the phone number / email address, for audit tracing purposes 
SQL Provider to support PushEnhance SQL Provider to support Push Notifications 
JRE 1.7.0_45 fixCreate new Java applet to eliminate JRE 1.7.0_45 security block prompt from displaying during every authentication attempt 
Wizard TemplatesAdd new templates for configuring Juniper SAML, Cisco ASA x.509, Workday, Concur, SuccessFactors. Add ability to generate template 
Push Notification URL for WS 2.0Enhance Push Notification web service support by including a URL for WS 2.0, in addition to a URL for WSE 3.0 / WCF. This is often needed for customers behind a proxy server 
Web Service Membership Fail OverAdd support to fail over a cached connection so in an event that the existing connection goes down, it will continue to try other connections 
Domain Name support within Multi-DomainAdd ability for user to enter a domain prefix in a multi-domain configuration, so that it will go directly to the corresponding realm instead of looping through
HousekeepingVarious bug fixes and enhancements

  Released on November 1, 2013  

Version 7.3

FeatureDescription Integration Guide
Configuration WizardProvide pre-set templates for configuration of common products (Google Apps,, SuccessFactors, Workday, Concur, SSLVPN / Gateways) 
Push Notification as 2nd factorAllow users to register their mobile device and then use them to receive OTP via Push Notifications. Support iOS and Android devices
OAuth 2.0Act as OAuth 2.0 Consumer (to support Social Logins)
Windows Phone OTPExtend our OATH OTP app offering to the Windows Phone 8 platform
Mac Desktop OTPExtend our OATH OTP app offering to the Mac OSX platform
Post Auth OTPExtend our OATH OTP app offering by making it available as a Post Auth option protected by SecureAuth user authentication
Windows Desktop OTP, v2Enhance our current Desktop OTP app to provide uniform registration experience as the mobile apps
Mobile OTP Apps, v2Re-design the UI / UX aspects of all the current Mobile OTP apps (iOS, Android, BB, Windows Phone) to offer a unformed experience
Multiple Logos UploadAllow different logos to be uploaded for different purposes.  Logo for all web pages, logo for email, and logo for the Portal page
One Time Use OATH tokenEnhance OATH feature to support only 1 time use of an OATH OTP, even within the same validity time period
Multi-Factor RADIUSCombine SecureAuth configurable multi-factor authentication to integrate with any 3rd party apps that supports RADIUS
Novell SupportProvide Windows SSO-like transparent user login experience with the Novell Datastore 
Fingerprint Limit with Total WeightAdd new fingerprint feature by allowing administrator to set a global limit of how many fingerprints can a user be registered with. Also to restrict the total of weights within Web Admin to 100
SQL OATH Support, v1Provide SQL stored procedure guidance on supporting OATH with SQL user datastore. UI enhancement to be released next version
SQL Injection EnhancementProvide additional safeguards to further protect our product from SQL Injection attacks
HousekeepingVarious bug fixes and enhancements

  Released on October 18, 2013  


Version 7.2

FeatureDescription Integration Guide
WS-Fed / WS-TrustSupport both WS-Fed for Passive and WS-Trust for Active federation, which works for any Office 365 product
SAML 2.0 ECPSupport SAML 2.0 Enhance Client or Proxy Profile for Active communications like integrating Outlook with Office 365
Windows Desktop OTPExtend our OATH OTP app offering to the Windows OS desktop platform
Blackberry PINEnhance current Blackberry OTP apps by adding the PIN Lock requirement before using the app
Mobile App StoreProvide an enterprise type mobile app store that is being provided by authentication, it includes group checking and app upload capabilities
SQL FingerprintingEnhance current fingerprinting offering to support using SQL Server as the datastore
Fingerprint ExpirationEnhance fingerprint to support expiration date that can be configured by admin 
Fingerprint FinderAdd new FPFinder PreAuth page, so user can transparently log in, without entering User ID, if an existing fingerprint cookie is detected 
Full Group Path for LDAPAllow configurable option to either return just the LDAP group names or return the entire DN of the group names
Masking Web Server InfoEliminate vulnerabilities by removing certain information that identifies what type of web servers and framework are we running on
HousekeepingVarious bug fixes and enhancements

Released on August 9, 2013

Version 7.1

Integration Guide
RADIUS serverProvide support to accept RADIUS call from 3rd party apps
WS-TrustProvide support to WS-Trust protocol
WS-Fed Passive Sign-OutProvide Single Logout capability based on wsignout1.0 specification
Step-Up Auth for SecurePortalProvide configurable option to allow certain links within the SecurePortal page to require an additional authentication, and also to support SP-Init link on Portal page
SP-Init Support for SecurePortalAllow dynamic hyperlinks to be generated with the SP-Init URL instead of the SecureAuth Post Auth URL, so the Portal can support a mix of IdP-Init and SP-Init SSO links
SecurePortal UIEnhance the SecurePortal UI to allow flexibility in customization and device rendering
Mobile One Time Password Generator, BlackBerryCreate a mobile app on the BlackBerry OS 7 and OS 10 platform to support generating OATH-compliant one time passcode
PIN Lock for iOS and Android OTP GeneratorAdd additional security measure by locking the OTP app with a PIN Lock screen, so user needs to provide a 4-digit PIN before using the app

SAML 1.1 AttributesAdd SAML Attributes and namespace support in SAML 1.1
SAML 2.0 Attributes NameFormatAdd support to specify different NameFormat with SAML 2.0 attributes for GFIPM certification
Help Desk Fingerprints RevocationProvide easy access to revoke all registered fingerprints with click of a button
Associate AD groups in Create UserEnhance Create User page to allow associating new user account with a series of AD groups
Page Title SupportAdd support to break out the title of the Page and the title of the Header
HousekeepingVarious feature enhancement and bug fixing items

Released on June 28, 2013

Version 7.0.4

Integration Guide
Inline Password Change EnhancementEnhanced product behavior so that it will not prompt user to change password if the service account is set up as Read Only. Addressed certain issue since 7.0.2.

Released on June 24, 2013

Version 7.0.3

Integration Guide
Web Admin UI EnhancementAddressed an issue which can potential cause the Web Admin User Interface tab to fail to display when the realm is in Legacy theme 

Released on June 4, 2013

Version 7.0.2

Integration Guide
Fingerprint - Mobile Cookie modeEnhance cookie to include UserID + User Agent as a way to do mobile fingerprinting. This also contains a toggle in Web Admin to switch between native app and mobile cookie mode
Inline Password Change EnhancementModify product behavior so that it will not prompt user to change password if the service account is set up as Read Only
CRL Checking, v2Create a toggle in Web Admin to allow administrator to choose between a hard stop vs. going through 2-factor
Cert Finder, v2Provider better JRE detection and UI feedback to customer during certification detection cycle
UI TemplateProvide new template for product UI, along with configurable option. Each template (master page + css) is being placed in separate folders. New template folders can be put up by customer and it will become an available option in Web Admin
Email TemplateProvite new template for HTML-based OTP Email. The Email Template becomes configurable and customer may upload customized template and will become an available option in Web Admin
OATH for 3rd Party AppsProvide option to display the OATH provisioning information on screen for the user, so that such data can be manually entered into other 3rd Party OATH apps
Static Code Analysis CertificationModify various code locations to pass certification offered by Truvantis. All libraries starting with this release will be strong-named. 

Released on May 28, 2013

Version 7.0.1

FeatureDescriptionIntegration Guide
UBC EnhancementCorrect issue on private mode not installing UBC successfully 
Fingerprint - Mobile Native App Workflow enhancementEnhance workflow so mobile native app Fingerprinting mode can support Private Mode only or Public Mode only 
Default Company Name overrideChange the default Company Name override to empty so it will always attempt to read from the License 
Revoke Certificate Date RangeEnhance current Date Range drop down to provide more accurate results when selecting 30 days, 60 days, or 90 days 
Password Reset - Must Change PasswordProvide toggle to check the User Must Change Password at Next Logon check box 

Released on May 10, 2013

Version 7.0

Integration Guide
Fingerprinting for DesktopsProvide confidence level type authentication based on configurable checks on User Agent and Client Installed components (Plug-ins / Fonts)
Fingerprinting for Mobile (iOS + Android)Provide a native Mobile App in both iOS and Android, to pull the device ID and integrate with existing product to achieve mobile authentication
OATH as a Second Factor Registration MethodProvide OATH as an option to select when user is being challenged for second factor authentication
CRL Checking (Server Side)Provide configurable option to enable/disable server-side CRL checking during Java certificate validation
User Agent string in Certificate DCProvide option to override an existing DC to write in the User Agent string reported by the client computer
Certificate Web Service, v2Modify existing certificate-related web services to support PFX delivery and to support passing in Company GUID
OAuth 2.0 Architecture SupportProvide architecture design document for OAuth 2.0 implementation. Target for Mobile Native apps
SQL Audit Logging ToggleExpose SQL Logging toggle in Web Admin so administrator may enable / disable such feature
Forms Authentication Ticket ValidityProvide input box for administrator to configure how long a Forms Authentication Ticket is valid for
Generic Form Post Current Password SupportProvide additional option to post the password that the user enters, instead of forcing the user to always cache the password in the datastore
Web Admin UI UpdatesModify Update Web Config, Decrypt Web Config, and Local Admin page UI to the current theme

Released on May 1, 2013

Version 6.6.1

Integration Guide
Create Realm EnhancementRe-sort the Create Realm drop down box, and also addressed an issue that restricted realm creation in previous releaseN/A
Web Admin Data EnhancementImprove loading speed on the Web Admin Data tabN/A

Released on April 5, 2013

Version 6.6

Integration Guide
Native Certificate RevocationProvide option in Post Auth (and Web Service) to allow customer's administrator to revoke their own certificates, and also to provide option for administrator to check current status of issued certificates
Mobile One Time Password GeneratorProvide a protocol-compliant OTP Generator, for both iOS and Android (and more). Using TOTP algorithm within OATH specification
NFC Android AppProvide Android native mobile app to conduct NFC Card authentication
Google Account as DatastoreProvide a new option to select Google Account as the Datastore in Web Admin. Help Desk and User Self Service pages can support reading / writing from the Google Account Profile
Google Account Password AgingProvide feature to allow customer to enforce Password Aging requirements, something that Google default login does not support out of the box
Generic Form Post Post AuthAdd Post Auth module for a generic SSO integration that involves posting data. We are introducing Form Post in this release
Web Admin UINew UI for Web Admin Console
Password Reset Complexity CheckAdd new function to pre-validate the complexity of the new password before submitting for change

Certificate Length based on AD Password Expiration Date

Add new configurable option so that admin can set the certificate expiration date to be the same as the AD password expiration date
SSLVPN Product to support Mobile RedirectEnhance Mobile Redirect to allow SSLVPN Product to conduct Mobile Redirect to a mobile realm while passing the Gateway User ID over
Configurable Encryption / Hashing Mode for LDAP and Google Apps Profile ProviderAdd new option to toggle among Plain Text, Standard Encryption, Advance Encryption, and Standard Hash for each of the Profile property. The enhanced security measure can assure data at rest to be protected even if AD or Google Account has been compromised

Released on March 31, 2013

Version 6.5.1

Configurable Nested GroupsAdd toggle to allow administrator to select between returning just the Top Level Groups for the user, or return all Nested Groups
Mobile Drop Down SupportCorrect Web Admin Post Auth behavior to set Redirect URL to MobileAuth.aspx when Mobile Native App Launch Page is being selected from the drop down
WebAdmin Provider EnhancementEnhance WebAdmin Provider to match up its behavior like the other Providers (LDAP / SQL... etc)
WebAdmin Company Name DisplayEnhance WebAdmin Sys Info tab to display the default (or custom) Company Name
Generic Form Post Pre AuthAdd Pre Auth module for a generic SSO integration that involves posting data. Customer can post username and password (and Public/Private selection) to our PreAuth module can consume it Delegated AuthenticationAdd Web Service to support the Delegated Authentication SSO method specified by
Multiple Mobile Apps support with 1 realmAllow external Mobile Native apps to pass in its Custom URL scheme to SecureAuth, so that a single SecureAuth realm can dynamically redirect authenticated session to multiple originating native apps. Group checking based on the calling native apps
UBC Fall Back ModesAdd 2 additional Allow Fall Back Modes to support Fall Back to UBC mode or Fall Back to Cookie mode when Java applet fails to launch
Clean UBC PageAdd page to clean up the local UBC token (CleanUBC.aspx)
TimeOut DisplayChange default to disable the Display of TimeOut page
Password Reset VerbiageAdd verbiage in Web Admin and Password Reset page to warn users about Password Reset

Version 6.5

Certificate Issuing Web ServiceProvide web service interface for MDM to call and issue ceritificates by SecureAuth. AirWatch will be our first integration partner.
Transactions LoggingSend Post Auth events to the cloud database for accounting and billing purposes
Dashboard v2Provide charts to correspond to the transactions logging above.
Generic Basic Auth Post AuthAdd Post Auth module for a generic SSO integration that involves posting data. Basic Auth is being supported in this release
Mobile Authentication, Embedded BrowserProvide documentation and code snippet on how to integrate SecureAuth into existing native apps via embedded browser
Certificate Subject AttributesExpose the 2 DC within Subject Attributes of the certificate to allow administrator to control what information to be set in there
100 Extended Attributes for SAMLIncrease support to up to 100 SAML Attributes by creating Extended Attributes within our Profile Provider
SAML EncryptionAdd support to encrypt the SAML assertion, in addition to signing the SAML assertion
Office 365Provide SSO integration into Office 365 environment

Version 6.4.2

ODBC IntegrationProvide Web Admin support to configure mySQL and/or any ODBC-compliant DB for Membership and Profile Provider
SAML Debug ModeModify Debug Mode to output the SAML assertion on the screen

Version 6.4.1

WS-FedProvide Post Auth support to generate a WS-Fed assertion
OpenID 2.0 IntegrationProvide Web Admin support to configure OpenID 2.0 as both PreAuth and PostAuth
Web Service for Profile DataRetrieve profile data via web service. Save profile data via web service. Create User via web service.
Realms GroupingVisually group realms together in Web Admin. Allow management of realm groups in Web Admin.
LDAP speed enhancementProvide various LDAP connectivitiy optimization to improve LDAP read/write performance
Android Certificate with DC in SubjectProvide additional DC values in the Subject of the certificates issued via the Android app

Version 6.4

Mobile AuthenticationAllow customer's own mobile native apps to delegate user authentication to SecureAuth via system browser
OTP Account LockoutProvide configurable option so administrator can set to lock out a user account if the user has exceeded the One Time Passcode entry limit
SAML Post Auth for ADFS 2.0Provide ADFS 2.0 integration support via SAML 2.0
Reporting DashboardAdd the display of a graphical Dashboard, to give quick overview on common data
Multiple LDAP connection stringsAdd the ability to specify a list of connection strings, so when the first one fails to look up the user, it will falls through and check each of the following one until finding a match
Validate Cert + Public Mode GUI ModeAdd new mode to support checking for a valid certificate first. When absent it will fall back to Public Mode 2-factor but without delivering a certificate
Password Expiration for Username / Password on 1st PageAdd support to prompt user to change password at expiration for Username / Password on 1st Page mode
Ericom Post AuthAdd support for Ericom SSO as standard Post Auth feature
Custom FBA cookie GenerationAdd support for creating a custom FBA cookie, with a configurable User ID value in ticket.Name and multiple delimited configurable data values in ticket.UserData
FBA UserID locationConvert to save/read Authenticated User ID at ticket.Name by default, configurable to save/read at ticket.UserData
Session TimeoutEnhance session cleaning after timeout and provide message to info the user
Java cert with 2048-bit keyProvide configurable option to issue 2048-bit public key with our Java product
Nested Group support in Group CheckingAdd support to loop through all nested groups to determine whether to Allow/Deny access
Post Auth Transaction TrackingAdd web service and appliance level functions to track all Post Auth transactions (as Audit Logs)
Jira IntegrationAdd support to SSO into Jira locally-hosted service. This integration utilizes the Jira API
Confluence IntegrationAdd support to SSO into Confluence locally-hosted service. This integration utilizes the Atlassian SSO Authenticator
OWA 2010 Post AuthAdd Post Auth module for our revised OWA 2010 integration that uses pure Post Auth module, eliminating the need to instead custom DLL/ASPX on the OWA server itself
Dynamic control placementAssign CSS class name for each control to allow granular customization on every control within SecureAuth
Default AuditDB disabledChange default web.config to ship AuditDB to be disabled, and expose Web Admin UI to enable/disable such setting
Basic Auth credential consumptionAdd PreAuth module to extract Username and Password out of a Basic Auth credential
OpenPIN display inputAdd checkbox to allow user to unmask the OpenPIN field to verify input

Version 6.3.2

Additional Verbiage Customization for Phones and EmailsProvided each phone / email entry with its own label for detail customization need
Custom Redirect fixCorrected Web Admin Post Auth section to allow saving of SAML section when drop down is set to Custom Redirect
KBA Base64 Encoding fixProvided proper saving when KBA encryption level is set to Base64 (Encoding)
New UI Password View fixEliminated error on Password view when the new UI theme is selected

Version 6.3.1

Email 3 & 4Added a third and fourth Email option for end user to send an OTP to
Text Based Email OptionEmail 1 - 4 be configurable to choose between HTML-based Email or Text-based Email, allowing a SMS-style email message to be sent to it without being truncated
Geo Location RestrictionAdded function to block access to SecureAuth based on a list of countries selected by the administrator
Certificate Validation by Realm fixFixed issue on customized Company Name not saving to certificate properly. Standard Company Name works as-is.
Dynamic CSS and Logo PathAllowed external applications to pass in a file path/name of a custom CSS and a file path/name of a custom Logo. SecureAuth will dynamically load these values in instead of relying on the configured values from Web Admin

Version 6.3

Google IdP by SecureAuthHybrid solution to have Google Apps Engine to handle User Authentication and Profile Management, while SecureAuth appliance to handle the Portal and STS
ReportingUsing SQL to capture all audit data, and be able to provide default reports in console
BYODProvided native app to handle authentication and revocation in iOS and Android devices
Universal Browser CredentialExtended BYOD support to all computers by utilizing Universal Browser Credential
New User InterfaceNewly designed UI skin. Customer can toggle between old theme and new theme
Forgot UsernameAdded capability to provide a "Forgot Username" hyperlink, which user can retrieve username based on email address or other authentication mechanisms
Certificate Validation by Realm (MSP)Allowed MSP to isolate each realm to a customer so certificate from 1 realm cannot be used on another realm
SecurePortal Group CheckEnhanced our SecurePortal page so that links are dynamically filtered by Group attribute
Telephony Format v2Enhanced domestic / international telephony routing logic to support a wider range of customer input formats, including E.163 format
Telephony Language by BrowserThe spoken language in telephony call will be determined by the end user's browser's language settings, even if it is a domestic U.S. phone number
New Language supportAdded language support for Korean, Russian, and Dutch
Password Reset configurationAdded ability for administrator to toggle between "Enforce AD password rules" (Password Change mode) or "Bypass AD password rules" (Password Reset mode)
Password Complexity Description displayAllowed displaying the password complexity description during the inline password expiration change. It is the same message currently being displayed on the Password Reset page
Username + Password on 1st Page for MobileAdded support for Username + Password on the 1st Page for Mobile Cookie mode
Username + Password on 1st Page for DesktopAdded Max Attempt Lock out
FBA Cookie ManagementEnhanced management of FBA, PreAuth, and PostAuth cookies by using SetCookie at all places, as well as adding new looping routine to search for decryptable cookie
Create PFX Auto DownloadAdded Post Auth to support PFX download for Citrix Receiver (iOS)

Version 6.2.5

Enhancement to CookiesModified read and saving cookie routines

Version 6.2.4

KBQ/KBA Clean UpModified KBA save routine to only allow saving KBQ/KBA related data
Copyright ConfigurationFixed bug that caused Copyright message to be displayed despite turning it off in Web Admin


Cisco ASA Check JRE removalRemoved requirement for JRE installation since it is no longer needed Cisco ASA integration
Registration Method fixFixed bug that caused JavaScript error during registration method selection and/or additional submit buttons to be shown in Registration Method screen

Version 6.2.3

Safari 5.1.4/5.1.5 Update 2Accumulated fixes to further address the JavaScript / partial rendering issue in Safari 5.1.4 and 5.1.5

Version 6.2.2

Yubikey Integration (Phase 1)Provide Yubikey functionality so customers may use Yubikey to identify the user. This feature includes provisioning the Yubikey and validating the Yubikey afterwards
Safari 5.1.4/5.1.5 UpdateEliminate the Safari post back partial page rendering issue that only exists in Safari 5.1.4 and 5.1.5
SiteMinder v2Enhance SiteMinder integration experience for the 2nd factor only integration
Certificate Issuer URL UpdateAdd support in UpdateWebConfig to automatically update the Certificate Issuer web service URL from SAIssuer2/CertificateIssuer4 to SAIssuer3/CertificateIssuer5
Profile Missing RedirectExposed the Profile Missing Redirect URL for administrators to manage
User Profile CollisionFixed bug in LDAP Profile Provider so it can perform under heavy load / usage
Firefox / Android URL fixFixed bug for creating an incompatible URL in version 6.2.1
Company Info MissingFixed bug for Company Info not displaying properly in version 6.2.1
File Upload fixFixed bug for Image / File upload fail in Web Admin in version 6.2.1

Version 6.2.1

Get Certificate with KeyGenIssue and Install certificates via KeyGen command, eliminating the need to go through PFX creation
Using SCEP with existing CAAdded function to send CSR to customer's existing Windows 2008 CA using SCEP, certificates issued will be chained back to the customer's root
SiteMinder IntegrationBuilt-in support for SiteMinder integration. A new SiteMinder configuration section has been added into the Web Admin
Download SAML Metadata fileImproved SAML configuration by allowing customers to download our SAML Identity Provider Metadata file from Web Admin Post Auth
Configuration OTP LengthAdministrator may use Web Admin Reg Config to specify the number of digits for generation of One Time Passcode (OTP). It was fixated at 4 digits before
iOS Provisioning to Google AppsAdded function to provision Google Mail accounts to iOS devices. This function automatically puts together the username, email address, and a random password to create an iOS profile
iOS Provisioning to ExchangeAdded function to provision Exchange accounts to iOS devices. This function automatically pulls the username, email address, password, and domain and pushes down to the iOS device
Enhanced Help Desk optionEnhanced the dynamics of the list of OTP options, by automatically hide the Help Desk option if there is no Help Desk email and phone number specified in the Web Admin
Windows Auth configurationEnhanced logic to automatically disable the Forms Auth option in IIS Authentication, when administrator chooses Desktop SSO (Windows Authentication = True in Web Admin)
Telephony UpgradeOur domestic telephony provider has been upgraded to support the latest Voxeo specification
Android PFX optionExpanded Android certificate delivery by offering option to delivery as a .pfx file (for certain Android ActiveSync app to consume)
AD Denied Group supportEnhanced the existing Allowed AD Group checking, to make it able to toggle between Allowed / Denied. If set to Denied, system will deny user access if user belongs to the AD group list specified in Web Admin
Post Auth Custom RedirectBug fixed for unable to save Redirect URL if Custom Redirect is chosen in the Post Auth Redirect drop down box
Clean Cert Page withJRE 7 supportEnhanced Clean Cert Page (CleanCert.aspx) to support both JRE 6 and JRE 7
PreAuth / PostAuth cookieCreated new Cookies (PreAuth & PostAuth)
Use Expired Cert as SAML Signing CertificateModified logic to allow using an expired certificate to sign a SAML assertion. This will allow the communication between IdP (SecureAuth) and SP to work even if the certificate expires

Version 6.2

10 SAML AttributesAdded up to 10 SAML Attrbutes in Web Admin Post Auth to provide wider coverage for various SaaS products
SAML Attributes RegEx supportEnhanced the SAML Attribute by allowing administrator to write a RegEx function to all 10 SAML Attributes
Download PFX via hyperlink for ASAAdded new PFX delivery mechanism by providing a hyperlink for user to click and download. This is especially useful during an ASA deployment
Post Auth option for WebLogicAdded built-in support for WebLogic 10.3 as a drop down option
Post Auth option for F5Added built-in support for F5 BigIP / APM as a drop down option
Generic Web Service for custom web app supportAdded a new web service as a mean for support any of the web app out there that can be customized. As long as the custom web app can make a web service call and to check for a cookie, it can be customized to integrate with SecureAuth
Secure PortalAdded function to allow administrator to protect a Portal URL with SecureAuth. The Portal can also be configured by administrator to determine which SecureAuth realm(s) get displayed to the users
Enhanced Fingerprinting on JRE productAdded more machine-level attributes onto the existing JRE fingerprinting logic for both Windows and Mac systems
Enhanced ActiveX controlActiveX Version to provide support for cleaning of the certificate serial number in the IPSec profile
SecureAuthMSI and SecureAuthMSI64 distributionThe MSI folder of each realm now includes a copy of the SecureAuthMSI.msi (ActiveX for 32-bit IE) and SecureAuthMSI64.msi (ActiveX for 64-bit IE). Administrator may choose to distribute this via GPO for both 32-bit and/or 64-bit systems
LDAP BindingAdded support to bind with a Tivoli Datastore (TDS) through the use of LDAP bind. Web Admin Data menu now has option for administrator to choose between LDAP Search and LDAP Bind to different LDAP servers support
Password Reset to enforce Password HistoryEnhanced our Identity Management Password Reset page to enforce password history restriction that is set at Domain Controller
More configurable options in Password ResetAdded option so administrator can configure to check the "User Must Change Password at Next Logon" and/or the "Unlock User" after a successful password reset
Remove the word "SecureAuth" in the Password Reset emailRemoved "SecureAuth" branding from Password Reset email content to provide a cleaner template for customer branding
Proxy Server Password RetentionBug fix to correct the Proxy Server password not being displayed on screen after save via SP-init PostAdded further product integration to via Service Provider-initiated Post option. This will support deeplinking as well as mobile apps (like Chatter) from
OWA 2010Added new product integration for Microsoft Outlook Web Access (OWA) 2010
Additional data logging in CertLogThis is Phase 1 to provide self-service Native Certificate Revocation to administrators.
User Self-Service status enhancementModified various status / result messages to provide better feedback to user after save
AD attribute as GUID typeAdded support in Web Admin Data menu to specify an AD attribute as type GUID, so that the system can probably retrieve the value and to pass along in SAML assertion
OTP phone call to speak international languagesEnhanced support so the One Time Passcode (OTP) can be delivered with an international language, based on the user's browser's language setting, even if the system detects the call is sending to a domestic US phone number
Remove <DOCTYPE> in mobile config filesAdded function to automatically remove the <DOCTYPE> element in the .mobileconfig file during Web Admin Post Auth file upload

Version 6.1.6

WebLogicAdded new product integration for WebLogic 10.3 or above
Active Directory Filtered GroupsEnhanced the SAML Attribute by allowing administrator to write a RegEx function to selectively pass in the Active Directory groups
Google Apps Sync Date fixBug fix to provide proper reading and writing of data into Active Directory
Migration of KBA encryption levelAdded function to allow automatic migration of KBA from Level 1 (Base64) to Level 2 (PGP AES)

Version 6.1

Built-in Loggly ReportsAdded 4 pre-built reports for displaying syslog data from Loggly
Web Admin Realm DescriptionAdded new description field for each realm in Web Admin for administrators to easily identify the purpose of each realm. Such description is for internal display only as users will not see them
Microsoft UAGAdded new product integration for Microsoft Unified Access Gateway (UAG)
Download files from Web AdminAdded function in Web Admin to allow administrators to download customized files for further modification
Enhanced KBA encryptionAdded option to step up the KBA encryption level in Active Directory by using PGP AES
SAML 2.0 SP-init PostAdded new Post Auth option to allow receiving the SAMLRequest via HTTP Post from the Service Provider
Add Realm via Web AdminAdded function to allow administrator to add new additional SecureAuth realms through our Web Admin Sys Info menu
Verbiage Editor fixBug fix to provide proper writing of data via DLLConverter
Web Admin realm selectionModified the realm selection from Session variable to Cookie
Realm selection via HyperlinkModified the Web Admin User Interface so that administrator can toggle among realms by clicking on the realm hyperlink, instead of choosing it from a realm drop down box
More Download files optionsAdded option to download files from Root and from Images folders in the Web Admin Config Back Up menu
Firefox 5 native certificateAdded support for Firefox 5 native certificate delivery
JRE 1.7 supportAdded support for the upcoming JRE 1.7 release (1.7.0 and 1.7.0_01)
Masked Proxy Server PasswordMasked the Proxy Server password entry in Web Admin Sys Info menu
Private Mode Cert Length checkingAdded check to restrict administrator from putting a certificate validity length of 0 days in Web Admin Workflow menu
UpdateWebConfig Access RestrictionModified UpdateWebConfig so that it can only be accessed with a valid Web Admin credential
Google Apps Sync DateAdded function to keep track of when the last time the system has synchronized password from Active Directory to Google Apps

Version 6.0.7

Password Reset pageRemoved the writing into the Active Directory pwdLastSet attribute
ActiveX certificate validation fixBug fix to eliminate incorrect display of the "2" error

Version 6.0.6

Firefox 4 native certificateAdded support for Firefox 4 native certificate delivery
Mac Safari certificate validationBug fix to provide proper workflow handling for Safari on Mac
Configurable option to provide KBA cleaning in Help Desk pageAdded feature to allow Administrator to configure the Help Desk page so Help Desk personnel may wipe out the KBA values on user's request
International Client TimeEnhanced time checking logic to cover for international end users
New Verbiage Editors entries injection by UpdateWebConfigFuture new entries addition to our Verbiage Editor (.resx files) can be automatically injected via UpdateWebConfig on future upgrades
Version 5.X to 6.X upgrade via UpdateWebConfigNew web.config additions / changes can be automatically injected via UpdateWebConfig during a Version 5.X to Version 6.X migration 

Version 6.0.5

iOS No Password provisioningEnhance function to provide administrator to select NO PASSWORD as an option to deliver the profile to an iOS device
CertLog improvementBug fix to provide proper logging into the /CertLog folder
Remove Destination Checks on all Identity Management pages except Help DeskRemoved restriction to 1 Post Auth page per realm to provide flexibility on realm configuration
UpdateKBA Target fixBug fix to preserve the Target Redirect value after user goes through KBA provisioning (UpdateKBA)
Configurable Secured Cookie optionAdded option in Web Admin to toggle between Secured and Regular HttpCookie mode
Verbiage Editor to support empty valuesEnhanced Verbiage Editor to allow empty values to be entered as a way to remove verbiages off the screen

Version 6.0.3

Android Certificate TypeBug fix to address the proper Android Cert Type delivery

Version 6.0

WCF Certificate / Telephony / SMSThe secured communication between the appliance and the hosted web services have been upgraded from WSE 3.0 to WCF
Android SupportNew feature to provide support to deliver certificate onto Android devices (2.2 and above)
iOS certificate delivery and validation

Enhanced existing function to deliver certificate onto iOS devices (2.0 and above), and added function to support validating the certificate via C-SSL configuration

Certificate Serial Number savingNew feature to allow saving of the newly-issued certificate serial number back into the user datastore
Active Directory User CreationNew built-in Identity Management page to allow privileged users to create AD user accounts

Juniper SAML to accept Target from QueryString

Enhanced Juniper SAML 1.1 to allow the SAML Target URL to be passed in dynamically via QueryString (Target=URL)
Active Directory Group Check in both Membership and ProfileEnhanced Active Directory Group Checking routine to be enforced in either Membership or Profile. Certain customers have AD in Membership (user name and password) and some customers have AD in Profile (Email / Phone / KBA), so now we can check for groups in either locations to provide flexibility
Additional SAML AttributesAdded up to 10 Aux ID's and to provide option to select AD groups to be passed in as SAML Attribute
Destination Check for all Identity Management pagesAdded new feature to lock down realms so each realm can only use 1 specified Post Auth page
  • No labels