Skip to main content
Skip table of contents

Overview

This version introduces a lot of new features and mechanism that improve functionality and security, besides the usual bugfixes and improvements.

Highlights

New features & improvements:

  • Added support for client certificate authentication in Shibboleth. Certificate Based Authentication is now available as an alternative for SPNEGO/Kerberos, and it is integrated in Veridium Orchestrator. This will increase the flexibility of the authentication workflows.

  • Added support for OIDC in Shibboleth, together with Shibboleth update to v4.

  • The mechanism for re-enrolment of devices with expired certificates has been refactored and now works also for devices that are used as TOTP-only authentications

  • Last Authentication value is now updated for FIDO devices in DB and is available for reporting and deprovisioning purposes.

  • Introduced dormant device deprovisioning, covering inactive mobile devices and FIDO keys.

  • Added a more flexible mechanism for Mobile OS and Mobile App upgrade campaigns. This can be configured from Admin and will be available on mobile side once the latest mobile apps are launched in their respective App stores.

  • The statistics page has been revamped with new graphs and more relevant information, together with new sorting capabilities.

  • Introduced a new and more detailed mechanism to enforce Device OS Version and Application Version, including a grace period.

  • Extended the User Segregation feature by adding custom organizational unit attribute logic.

  • Added the option in Lost Mode to automatically reactivate the lost device after the time validity expires.

  • Created a new Admin permission that allows administrators to reset PINs.

  • Introduced a new alert for number of registered identities and devices when approaching the license limit. It will be displayed in yellow in the right bottom corner.

  • Introduced a new email notification triggered when “Delete all” deprovision action is executed.

  • Added SSO (SAML) applications in SSP - Application section as entry points.

  • Introduced a new configuration option in Veridium Manager / Services / SSP - “Hide the remove option for authenticators and identity” to allow (or not) the users to delete their own devices and identity.

  • License validity based on time is now enforced for other types of authentication also (web authentication, Radius, FIDO), not only for mobile authentication.

  • Introduced a new parameter to enable/disable collection of motion data from mobile devices, in UBA Settings in Admin and in mobileSettings.json - “is-uba-enabled” true/false.

  • Improved the location accuracy parameter in the mobile apps by allowing it to be activated via Settings / Geolocation or location.json, not only from local mobile app settings.

  • Improved the data visualization for the existing Admins in the Veridium Manager / Administrators section.

  • Uploading a signing keystore certificate is now supported in the Veridium Manager UI.

  • All authentication methods can now be used without PIN also.

  • The message received by the Line Manager when an employee asks for an enrolment code now contains the username that triggered the message.

  • Cron expressions' fields now have basic validation to help the user understand if the input data is wrong.

  • The Orchestrator Journey editor has received some UI improvements

  • Introduced “Password Last Set” and “Password Expiration Time” as optional attributes in the LDAP definition, to increase AD implementation coverage.

  • Removed EOL SafetyNet settings from mobileSettings.json and Settings/ Mobile/Client UI in Veridium Manager.

  • Improved support for HEX format of HOTP secrets for devices during enrolment.

  • Improved the admin permission mechanism to update without the need for a logout - login.

  • Extended the Friendly Name feature for all types of Applications, not just SAML.

  • Uba Verified/Rejected messages can now be customized and translated in i18n.json.

  • vFace library updated to v 4.1.5

Bug fixes:

  • In Device Details the fields “Device UUID” and “Device Fingerprint” have been renamed to the correct values “Certificate UUID” and “Certificate Fingerprint”

  • Fixed a bug where enrolment codes created via invitations could not be revoked from Admin

  • Fixed a corner case that caused an error in UI when accessing old identities

  • Fixed a bug that prevented the save of Mobile GUI - Enrollment Step Action Name field value in integration configuration

  • Fixed a bug where the CSV parser was not accepting HOTP files

  • Fixed a bug in Deprovisioning that caused the scheduler information to reset each time a config changed

  • Fixed some issues affecting the search index for the Veridium Manager

  • Fixed a bug that prevented expired friend certificates (custom service certs) to be marked as such in UI list

  • Fixed a UI bug that allowed display of the Proxy Password from Settings / Messaging / Email / Email Proxy in clear text

  • Fixed a bug in LDAP Connections UI that prevented connection validation if certain symbols were used in the LDAP Connection name

  • Fixed a bug that prevented correct update of an identity’s email during authentication

  • Fixed a bug in Audit / Action Logs that froze the page if Administrator column was sorted

  • Restored the “Delete” button in the Certificates Validity Dashboard

  • Fixed a corner case scenario where the yellow warnings were triggered if Veridium Manager was opened multiple times in the same browser session

  • Fixed a bug in User Segregation that allowed an admin to view all identities if the admin certificate was created with no domain

  • Fixed a bug that prevented saving the LDAP connection without extended attributes

Infrastructure components updates:

  • Updated JAVA 8 to JAVA 11

  • Updated Cassandra from 4.0.9 to 4.1.4

  • Updated tomcat from 9.0.70 to 9.0.87

  • Updated zookeeper from 3.8.1 to 3.8.3

  • Updated Shibboleth from 3.4 to 4

Version 3.6 introduces a lot of new features and mechanism that improve functionality and security, besides the usual bugfixes and improvements.

Highlights

New features & improvements:

  • Added support for client certificate authentication in Shibboleth. Certificate Based Authentication is now available as an alternative for SPNEGO/Kerberos, and it is integrated in Veridium Orchestrator. This will increase the flexibility of the authentication workflows.

  • Added support for OIDC in Shibboleth, together with Shibboleth update to v4.

  • The mechanism for re-enrolment of devices with expired certificates has been refactored and now works also for devices that are used as TOTP-only authentications

  • Last Authentication value is now updated for FIDO devices in DB and is available for reporting and deprovisioning purposes.

  • Introduced dormant device deprovisioning, covering inactive mobile devices and FIDO keys.

  • Added a more flexible mechanism for Mobile OS and Mobile App upgrade campaigns. This can be configured from Admin and will be available on mobile side once the latest mobile apps are launched in their respective App stores.

  • Introduced new capability to add FIDO device as a backup device.

  • Introduced a new and more detailed mechanism to enforce Device OS Version and Application Version, including a grace period.

  • Extended the User Segregation feature by adding custom organizational unit attribute logic.

  • Added the option in Lost Mode to automatically reactivate the lost device after the time validity expires.

  • Created a new Admin permission that allows administrators to reset PINs.

  • Introduced a new alert for number of registered identities and devices when approaching the license limit. It will be displayed in yellow in the right bottom corner.

  • Introduced a new email notification triggered when “Delete all” deprovision action is executed.

  • Added SSO (SAML) applications in SSP - Application section as entry points.

  • Introduced a new configuration option in Veridium Manager / Services / SSP - “Hide the remove option for authenticators and identity” to allow (or not) the users to delete their own devices and identity.

  • License validity based on time is now enforced for other types of authentication also (web authentication, Radius, FIDO), not only for mobile authentication.

  • Introduced a new parameter to enable/disable collection of motion data from mobile devices, in UBA Settings in Admin and in mobileSettings.json - “is-uba-enabled” true/false.

  • Improved the location accuracy parameter in the mobile apps by allowing it to be activated via Settings / Geolocation or location.json, not only from local mobile app settings.

  • Improved the data visualization for the existing Admins in the Veridium Manager / Administrators section.

  • Uploading a signing keystore certificate is now supported in the Veridium Manager UI.

  • All authentication methods can now be used without PIN also.

  • The message received by the Line Manager when an employee asks for an enrolment code now contains the username that triggered the message.

  • Cron expressions' fields now have basic validation to help the user understand if the input data is wrong.

  • The Orchestrator Journey editor has received some UI improvements

  • Introduced “Password Last Set” and “Password Expiration Time” as optional attributes in the LDAP definition, to increase AD implementation coverage.

  • Removed EOL SafetyNet settings from mobileSettings.json and Settings/ Mobile/Client UI in Veridium Manager.

  • Improved support for HEX format of HOTP secrets for devices during enrolment.

  • Improved the admin permission mechanism to update without the need for a logout - login.

  • Extended the Friendly Name feature for all types of Applications, not just SAML.

  • Uba Verified/Rejected messages can now be customized and translated in i18n.json.

Bug fixes:

  • In Device Details the fields “Device UUID” and “Device Fingerprint” have been renamed to the correct values “Certificate UUID” and “Certificate Fingerprint”

  • Fixed a bug where enrolment codes created via invitations could not be revoked from Admin

  • Fixed a corner case that caused an error in UI when accessing old identities

  • Fixed a bug that prevented the save of Mobile GUI - Enrollment Step Action Name field value in integration configuration

  • Fixed a bug where the CSV parser was not accepting HOTP files

  • Fixed a bug in Deprovisioning that caused the scheduler information to reset each time a config changed

  • Fixed some issues affecting the search index for the Veridium Manager

  • Fixed a bug that prevented expired friend certificates (custom service certs) to be marked as such in UI list

  • Fixed a UI bug that allowed display of the Proxy Password from Settings / Messaging / Email / Email Proxy in clear text

  • Fixed a bug in LDAP Connections UI that prevented connection validation if certain symbols were used in the LDAP Connection name

  • Fixed a bug that prevented correct update of an identity’s email during authentication

  • Fixed a bug in Audit / Action Logs that froze the page if Administrator column was sorted

  • Restored the “Delete” button in the Certificates Validity Dashboard

  • Fixed a corner case scenario where the yellow warnings were triggered if Veridium Manager was opened multiple times in the same browser session

  • Fixed a bug in User Segregation that allowed an admin to view all identities if the admin certificate was created with no domain

  • Fixed a bug that prevented saving the LDAP connection without extended attributes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close