Skip to main content
Skip table of contents

Release 3.2.4

Highlights:

  • Push with User Presence is now available. This new flow offers an additional layer of security for users against phishing attack vectors, by introducing a code confirmation in push notifications inside the mobile application.

  • Support for multiple OTP tokens for enrolment & authentication, in addition to existing proprietary VeridiumID TOTP support. This offers users various external OTP authenticators such as Software OTP (i.e Google Authenticator, Authy, Microsoft Authenticator), Hardware OTP (dedicated hardware keys), Yubico OTP (Yubi keys with OTP support, such as YubiKey 4&5 series' models )

  • Certificate and license pinning mechanisms have been updated to ensure smoother transitions and improved behavior on license & certificate changes.

  • Enrolment code length is now configurable via Settings / General / Enrolment Code Settings section, or via config parameter "codeLength"

  • The number of devices allowed per identity has now more granular controls, via Settings / General / Device Limitation Per Profile section, or via config parameters: "maxDevicesPerProfileKey" (total number of devices allowed), "maxOtpDevices" - max number of OTP keys, "maxMobilePhonesPerProfileKey" & "maxFidoKeyPerProfileKey"- self explanatory. These limits only affect enrolment, so users that already have more devices than the limit will be able to authenticate, but not enrol new ones.
    On environments updated from 3.2.3 and lower versions, the new parameters will take the falue of the initial “maxDevicesPerAccount” already present.

  • Mobile apps now hide sensitive data when out of focus. Android offers a dedicated switch to turn this feature off, for demo cases or other support scenarios where screen recording is necessary.

  • Mobile devices now have the commercial naming displayed in Veridium Manager and reports, instead of the model code (i.e. SM-G998U is now displayed as “Samsung Galaxy S21 Ultra 5G”).

  • PIN is no longer mandatory for OTP authentication methods, via configuration settings.

  • Email notification templates have been updated to avoid display of sensitive data in mobile notifications (i.e. enrolment codes). Note that for updates on existing deployments, manual notification reset is needed to see the template changes. The time-related information such as codes' expiration date is now displayed using server time to avoid confusion.

New Features and Improvements :

 V3.2.4 changes have impacted all functional areas:   

Summary

VeridiumID Server & Admin Dashboard

Improved the information displayed in the push context to be more intuitive for the user

Push authentication phishing protection implemented via User Presence Codes

Certificate and license pinning mechanisms improved to avoid service downtimes in case of changes

Device limits can now be set in more detail, with separate values for Mobile Devices, Fido Keys and total Devices per profile.

OTP improvements which add support for Yubico’s specific protocol and generic OATH OTP authenticators, both software and hardware.

Email notification templates have been updated to be more descriptive, to contain more information and to mitigate the codes' visibility issues in notifications on unattended mobile devices. The codes' validity is now displayed in server time to avoid confusion about expiration dates.

Enrolment code length is now configurable.

Mobile devices are now reported in Veridium Manager and Reports with their commercial names instead of technical names.

FreeRadius client name is now displayed in VeridiumID flows

Improved error handling and error messages to be more descriptive in various sections of Veridium Manager.

Improved the GeoLocation feature accuracy.

Improved session information mechanism to correctly collect exploiter devices' IP, resulting in better localization information displayed across the stack.

OTP authentication methods now contain a new “usePin: true/false” parameter in orchestrator to allow usage without PIN if needed.


Bug Fixes:

V3.2.4 bug fixes have impacted all functional areas:  

Summary

Veridium Server & Dashboard & SSP

Fixed bug that caused reports' downloaded data to contain a number of records limited by the maxNumRetrievedRecords parameter, instead of the calendar dates set by the user.

Fixed a bug in PIN change campaigns where the message was not received on mobile devices if PIN was not enrolled via a mobile device.

Fixed a bug that caused connectivity issues to VeridiumID if UBA was not available.

Fixed a bug that caused constant reload and shuffle of authenticators in the Identity tab in Veridium Manager. Now the authenticators will be sorted by enrolment time.

Fixed various exceptions and crashes resulted from user-oriented scenarios, in all components

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close