Breadcrumbs

Overview

VeridiumID 3.8.4 introduces significant architectural enhancements focused on Hybrid Cloud Identity, Automated Certificate Lifecycle Management, and Granular Administrative Control. This release bridges the gap between on-premises legacy systems and modern cloud environments while reducing the manual overhead for security administrators.


Key Highlights

Unified Identity: Microsoft Entra ID & Hybrid Integration

The most significant update in 3.8.4 is the transition to a Unified User Model. VeridiumID now intelligently merges identities from local Active Directory and cloud-based Entra ID into a single representation.

  • Multi-Tenant Architecture: Connect to multiple Entra tenants simultaneously with independent configurations and domain pattern matching.

  • Authoritative Merging: LDAP remains the primary source for core identity, while cloud-specific metadata is preserved in extended attributes.

  • Hybrid Binding: Users are linked via stable identifiers (objectGUID to objectId), ensuring consistent security policies regardless of origin.

Automated Certificate Management & External CA Support

VeridiumID 3.8.4 moves toward a "zero-touch" certificate model to prevent service outages caused by expired credentials.

  • Renewal Automation: New scheduling engines automatically rotate System, OPA, and Administrator certificates based on configurable Cron expressions.

  • External CA Integration: Support for external Certificate Authorities (via REST API) allows organizations to manage certificate lifecycles without local private key storage.

  • Certificate Dashboard: A new real-time monitoring view provides visibility into both Database and Zookeeper-stored certificates.

Administrative Least Privilege

To enhance security posture, administrative roles have been further modularized.

  • "Unblock Identity" Permission”: A new granular permission allows Technical Support staff to unlock accounts or resolve "Lost Mode" without granting access to global system settings.

Enhanced Self-Service & Windows Integration

  • AD Password Self-Management: Users can now reset or renew Active Directory passwords directly within the Self-Service Portal (SSP) or the Windows Credential Provider (CP).

  • Credential Provider Resilience: Version 3.8.5 introduces improved offline handling, automated device certificate renewal during lock/unlock, and support for the .NET 4.7.3 framework.


What’s New in 3.8.4

Feature

Description

Web Origins (CORS)

Dedicated configuration for OIDC applications to validate Origin headers and prevent unauthorized cross-origin requests.

Cert-Based LDAP

Support for certificate-based authentication for LDAP services, such as Google LDAP integrations.

Status Toggles

Ability to enable or disable SAML and OIDC service providers via a toggle without deleting configurations.

Mapped Attributes

A simplified UI for defining and transforming IdP attributes using value maps and regex.

Mobile Update Control

Server-side control to manage the visibility of the "new version" banner in mobile apps.

System Requirements & Technical Notes

  • WAF/Load Balancer: Highly recommended to send real client IPs via X-Forwarded-For and maintain sticky sessions for IdP.

  • SAML Configuration: When configuring SSP (Admin / Settings / Services / SSP / SAML Configuration tab) or Admin (Admin / Settings / Admin Auth / SAML AUTH tab) with an external IdP, the nameId format must now be set to NONE.

  • Windows Components: New Credential Provider versions can now be installed directly over existing versions without uninstallation.

Last updated: