Release 19.4 adds support for Ultimate Software’s UltiPro solution, event-based LDAP sync, endpoint authentication, offline OTP for Macs, and more.
With release 19.4, Idaptive now supports the following features:
Users can now seamlessly import identities from Ultimate Software’s UltiPro HCM solution and provision them to Active Directory. This enables users to have an HR-driven primary system of record for user data across all applications. For example, you can synchronize user information from the UltiPro environment across your corporate systems, including Active Directory, and unify provisioning and HR workflows. To learn more about this integration, please see our documentation.
Client-Specific RADIUS Authentication Policies
With 19.4, custom authentication profiles specific to individual RADIUS clients can be created to secure remote access, on-network, or on-premises resources. This allows users to have multiple RADIUS authentication profiles that work with specific connections in the same organization. For example, you can enable connection to your on-premise network through a Cisco VPN that leverages email as a secondary authentication method and configure a separate profile for a Palo Alto Networks VPN that uses SMS messages as a secondary authentication method to connect to your developer environments. Learn more about this here.
Block Access From Specific IP Ranges
Users can now have greater control over the traffic accessing applications by blocking access requests from specific IP addresses or range of addresses. For example, a range of IP addresses that consistently generate high numbers of failed logins can be blocked, or all IP addresses not belonging to the organization can be blocked to ensure that access to your applications is only allowed from corporate offices. Learn more about blocking IP ranges here.
Users can now log in to endpoints by authenticating against any cloud directory service without VPN or direct connectivity to Active Directory. Previously, the device had to be connected to VPN or bridged to Active Directory to allow one to log in with enterprise credentials. Now, corporate credentials can be used to log in to Mac or Windows devices without VPN connection regardless of the directory used (Idaptive Directory, AD, LDAP or 3rd party cloud directory). Please note that endpoint authentication is currently in Beta.
Multi-factor Authentication for MacOS and Windows
Multi-factor authentication can be enabled for MacOS and Windows endpoints enrolled with Idaptive. Mac and Windows users can be required to pass additional authentication challenges during the process of logging in to their devices. To learn more about MFA for Mac, please go here. To learn more about MFA for Windows, go here. Please note that multi-factor authentication for Windows and MacOs is currently in Beta.
Offline OTP for Mac and Windows
Mac and Windows users can now be allowed to create an offline one-time password (OTP) passcode. With an offline OTP passcode, users can sign in to their devices protected by multi-factor authentication even when not connected to the internet. Learn more about the offline OTP feature here.
Additional features and improvements in the 19.4 release
With 19.4, users can now:
- Require the passing of secondary authentication challenge when switching between User Portal and Admin Portal;
- Trigger user information sync to the source LDAP directory based on pre-determined events, such as user login or token refresh;
- Select the preferred target directory for account mapping if there multiple local directories;
- View the last used MFA method automatically selected in the MFA dropdown list for each device;
- Run a report to identify instances in which the MFA requirement was temporarily bypassed to allow users access to the Idaptive Portal. This provides visibility into administrative actions that do not conform to IT security policy or best practices.
- Adjust risk levels, thresholds and risk factor weights in the Analytics Portal. This gives greater control over the acceptable risk levels before secondary authentication is required to access applications and data.
- Download the Idaptive Browser Extension (IBE) for Safari, IE and Firefox from the Downloads section in the Admin Portal. End-users will now see a banner in their User Portal prompting them to install the IBE add-on if there is an app which requires the Browser Extension to work.
For more information on 19.4 release, please visit release notes.
*** This is a Security Bloggers Network syndicated blog from Articles authored by Stas Neyman. Read the original post at: https://www.idaptive.com/articles/idaptive-release-194-now-available/