Skip to main content
Skip table of contents

Overview

VeridiumID 3.8.4 introduces significant architectural enhancements focused on Hybrid Cloud Identity, Automated Certificate Lifecycle Management, and Granular Administrative Control. This release bridges the gap between on-premises legacy systems and modern cloud environments while reducing the manual overhead for security administrators.

Key Highlights

Unified Identity: Microsoft Entra ID & Hybrid Integration

The most significant update in 3.8.4 is the transition to a Unified User Model. VeridiumID now intelligently merges identities from local Active Directory and cloud-based Entra ID into a single representation.

  • Multi-Tenant Architecture: Connect to multiple Entra tenants simultaneously with independent configurations and domain pattern matching.

  • Authoritative Merging: LDAP remains the primary source for core identity, while cloud-specific metadata is preserved in extended attributes.

  • Hybrid Binding: Users are linked via stable identifiers (objectGUID to objectId), ensuring consistent security policies regardless of origin.

Automated Certificate Management & External CA Support

VeridiumID 3.8.4 moves toward a "zero-touch" certificate model to prevent service outages caused by expired credentials.

  • Renewal Automation: New scheduling engines automatically rotate System, OPA, and Administrator certificates based on configurable Cron expressions.

  • External CA Integration: Support for external Certificate Authorities (via REST API) allows organizations to manage certificate lifecycles without local private key storage.

  • Certificate Dashboard: A new real-time monitoring view provides visibility into both Database and Zookeeper-stored certificates.

Administrative Least Privilege

To enhance security posture, administrative roles have been further modularized.

  • "Unblock Identity" Permission”: A new granular permission allows Technical Support staff to unlock accounts or resolve "Lost Mode" without granting access to global system settings.

Enhanced Self-Service & Windows Integration

  • AD Password Self-Management: Users can now reset or renew Active Directory passwords directly within the Self-Service Portal (SSP) or the Windows Credential Provider (CP).

  • Credential Provider Resilience: Version 3.8.5 introduces improved offline handling, automated device certificate renewal during lock/unlock, and support for the .NET 4.7.3 framework.

What’s New in 3.8.4

Feature

Description

Web Origins (CORS)

Dedicated configuration for OIDC applications to validate Origin headers and prevent unauthorized cross-origin requests.

Cert-Based LDAP

Support for certificate-based authentication for LDAP services, such as Google LDAP integrations.

Status Toggles

Ability to enable or disable SAML and OIDC service providers via a toggle without deleting configurations.

Mapped Attributes

A simplified UI for defining and transforming IdP attributes using value maps and regex.

Mobile Update Control

Server-side control to manage the visibility of the "new version" banner in mobile apps.

System Requirements & Technical Notes

  • WAF/Load Balancer: Highly recommended to send real client IPs via X-Forwarded-For and maintain sticky sessions for IdP.

  • SAML Configuration: When configuring SSP (Admin / Settings / Services / SSP / SAML Configuration tab) or Admin (Admin / Settings / Admin Auth / SAML AUTH tab) with an external IdP, the nameId format must now be set to NONE.

  • Windows Components: New Credential Provider versions can now be installed directly over existing versions without uninstallation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close