Skip to main content
Skip table of contents

Release 3.3.0


  • This version introduces a deprovisioning mechanism which is an addition to the Identity section. This mechanism syncs identities and their status between VeridiumID and Active Directory services and if the user is no longer valid in Active Directory, it will also be disabled in Veridium Server. System allows configuration of deprovisioning reasons, supports manual operation or via cron scheduler, together with a notification.

  • Statistics now support ElasticSearch to increase data operation efficiency and stability. For this version usage for either Kafka+Cassandra, or ElasticSearch can be used via configuration parameter for full backwards compatibility.
    This release is preparing the grounds for moving away from a streaming data approach (Kafka & Statistics microservices) and a high-pressure point (Cassandra) to an Elastic Search approach.
    In the future versions, this will allow more complex dashboard graphic support, with improvement in performance (faster delivery times for statistics dashboard, pagination improvements, search capability improvements), granularity and improved system resilience for authentication scenarios.

Upgrade will maintain the previous behaviour of storing audit data in Cassandra and compute statistics through Kafka processors. Adding ElasticSearch is subject of a separate procedure next to upgrade.

  • Email notifications have a new implementation in the VeridiumID server decoupled from Kafka. It is subject of configuration (feature enable)

By default this is enabled after upgrade.

  • Location coordinate precision can now be configured via location.json for mobile devices. The new parameter defines the number of digits required for mobile location send to server. For example "locationCoordinatesPrecision": 3 translates into location of latitude x.123,longitute y.123 form. The parameter is supported in server version before 3.3, if set in mobileSettings.json. Upon updating to version 3.3, the parameter will be moved automatically to location.json, maintaining environment behavior.

  • Applications now support friendly names besides their default initial ones, with display support across the stack

  • A new mechanism has been introduced to allow configuration of second factor trigger based on time or number of sessions. For example, a user is asked both factors for first login, then the system will only ask for the first factor until the defined time-window or the number of authentications defined has passed.

  • vFace liveness setting can now be applied at a granular permission for groups of users, applications etc, instead of a global setting. The setting can be controlled in Orchestrator - Commands - cmd_vface_mobile and cmd_vface_browser via parameters "enableLiveness" and "livenessFactor".

  • Security improvements and hardening to match the latest field standards. These include log cleanup for sensitive information, mitigation of potential authentication hijacking via mobile apps, update for outdated third-party libraries, automatic logout for Self Service Provider page after 5 minutes of user idle , Control Flow Guard enabled for Windows components

  • Veridium Admin users can now be connected to Active Directory permissions, offering support for central point user configurations in terms of access

  • LDAP connection setup screen improvements: more descriptive errors, better connection testing using parallel requests, draft connections are no longer included in the connection test with all active connections.

  • Mobile apps have been updated to support all the new server features, but they maintain backwards compatibility with server versions already deployed in production. They also contain bug fixes for user flow issues reported from production.

New Features and Improvements : 


VeridiumID Server & Admin Dashboard & SSP

Counter added for number of sessions without PIN and trigger PIN challenge according to the setting

vFace liveness setting can now be applied for groups of users, applications according to Orchestrator conditions

Improved location map display in all areas to show relevant geographical area (City)

Automated Mechanism to delete the identities which are not longer valid in Directory Service (deprovisioning service)

Added UBA Context score explanation support for positive cases

Fido Authenticator Attestations details can now be accessed in a separate view

Parameter “locationCoordinatesPrecision” added in location.json and Admin to control the accuracy of mobile location reported to the server

Application names can now be customized, with display support across the stack

Disclaimer is no longer mandatory in Directory Service integrations - Enrollment configurations

All sessions fields are now exported in the CSV report

GeoIP location database has now an automatic update mechanism and can also be controlled via Admin

Improved the commercial name translation mechanism for mobile devices and introduced a manual trigger for update in “Load Device” Admin section

IPv6 support for reverse geoip in session and UBA contexts

Veridium Admin groups permissions can now be linked on Active Directory groups

Improved search function on Certificate Pinning section

Introduced a new warning pop-up in admin for licenses in grace period or expired states

FIDO authenticators are now traced and displayed correctly with their custom names, instead of “DEVIDE_INDEPENDENT”

Improved search function in Admin to include invitation codes and correctly search FIDO authenticators

FIDO full authenticator list can be imported as a file from Admin GUI, without needing external network access to Fido Alliance servers

LDAP connection setup screen improvements: more descriptive errors, better connection testing using parallel requests, draft connections are no longer included in the connection test with all active connections.

Bug Fixes:


Veridium Server & Dashboard & SSP

Fixed a bug that caused authentication devices to be displayed as “N/A” for users that failed user-presence authentication step

Fixed a bug that caused an error when users scanned a login QR with a mobile app that didn’t have the authenticators enrolled required by the journey

Fixed a bug that caused incorrect authentication data display in session graphics in Dashboard

Fixed a bug where authenticating with Push caused the location to be displayed from IP, instead of mobile in Admin and SSP

Fixed some UI browser console errors in Admin

Fixed a but that caused a non-descriptive error in Admin, when using a metadata URL that times out in SAML applications

Fixed a bug that caused a schema validation fail error when adding a rule for UBA notifications

Fixed horizontal scroll bar appearing in some Admin views without being needed

The application name is now correctly reported for SPNEGO authentications

Fixed a bug that caused Yubico OTP codes to not work on occasion.

Push User Presence code failure is not counted correctly against authenticationMaxRetries parameter

Fixed a bug that allowed bypass of Device Limitation settings if user enrolled mobile device via the Admin / Quick Actions / QR step

Improved Self Service Portal FIDO name keys display after a browser refresh actions

Fixed a bug that prevented new users to scroll down the license agreement on first Admin access without zooming out the page in browser

Fixed a bug that affected the code validation receiver fallback mechanism if the user did not have the first (preferred) option available in Active Directory



Veridium Server, GUI, Mobile, Windows components

Cookies are no longer written in page response’s body, preventing accessing their values

Windows Control Flow Guard is now enabled for Credential Provider

Self Service Provider automatically logs out after 5 minutes of user idle

Third-Party Libraries used have been updated to latest versions

Mobile apps logs and other exposed areas have been scrubbed for any potentially harmful or private information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.