SecureAuth IdP version 9.0 includes new features and Web Admin adjustments to enable the new features and improve the user experience. 

9.0.1 Changes
Web Admin Home Page

If accessing the SecureAuth IdP appliance via RDP, then on the Home Page of the Web Admin, a new Access Control option is available

Role-based Access Control enables companies to lock down the SecureAuth IdP Web Admin and its configuration to directory user groups that have read and write or only write access to specific or all realms

Refer to Role-based access control configuration for more information

This feature appears only via RDP access

In Realm Changes

Some look and feel changes have occurred inside a realm, and some other additions and modifications

  • The left-side menu extends the length of the webpage to easily view and access more realms
  • Adaptive Authentication has been added as a new tab
  • The Registration Methods tab has been changed to Multi-Factor Methods
Data Tab Changes

The Data tab has undergone some reorganization for better user experience and a new CyberArk integration and functionality has been added

Refer to CyberArk Password Vault Server and AIM Integration for more information

Workflow Tab Changes

The Workflow tab has been reorganized to improve user experience and to separate sections based on relevance and associations

Refer to Workflow Tab Configuration (version 9.0.1+) for more information

The Social IDs section (originally located in the Registration Methods / Multi-Factor Methods tab is now located in the Workflow tab under Identity / Authentication Consumers

Adaptive Authentication New Tab

The Adaptive Authentication and IP Blocking sections have been removed from the Workflow tab and have been nested under the new Adaptive Authentication tab

Refer to Adaptive Authentication Tab Configuration for more information

What's Changed in 9.0.x
Home Page

The Web Admin begin site page has been removed. Consequently, the browser shortcut for Web Admin now opens the Web Admin Home Page.

The Update Web Config and Decrypt Web Config options, which previously appeared on the begin site page, have been moved to a new Tools dropdown at the top of the Web Admin Home Page. This dropdown contains options for updating and encrypting/decrypting the web.config files.

See SecureAuth IdP Realm Guide - Encrypting and Decrypting Realms for more information.

Update: Updates the web config files of every realm

Update Resource: Updates resource DLL files

Provides options to decrypt (and re-encrypt) individual realms or multiple realms at once.

New API Tab

A new API tab has been added to the Web Admin. This tab contains options for enabling access to SecureAuth IdP's APIs and generating the API credentials.

See API Tab Configuration for more information.

New APIs Exposed

Additional Authentication and Identity Management APIs are now available for use in user applications, including:

  • Behavioral Biometrics
  • Identity Management
    • Retrieve user profile
    • Update user profile
    • Add new user
    • Reset password
    • Change password
    • Group association (LDAP)

For more information on SecureAuth IdP APIs, see the Authentication API Guide and Identity Management API Guide.

Data Tab

New Behavior Biometrics Profile Field for use with the Behavioral Biometrics feature introduced in v9.0.

Post Authentication Tab
New Authenticated User Redirect: Multi-Factor App Enrollment - QR Code

Administrators can now configure a realm that can be used for enrolling mobile devices via QR code in connection with the SecureAuth Authenticate mobile app (or Google Authenticator).

To enroll a device, the end-user points the device's camera at the QR code displayed on the screen. If successful, the device is automatically enrolled.

For more information see Multi-Factor App Enrollment (QR Code) Realm Configuration Guide.

Relabeled Option: Multi-Factor App Enrollment - URL

Due to the addition of the QR Code option, the selection previously labeled SecureAuth App Enrollment in the Authenticated User Redirect dropdown has been renamed Multi-Factor App Enrollment - URL, to distinguish this option from the new Multi-Factor App Enrollment - QR Code option. As in the prior release, this option lets administrators configure a URL realm to be used for enrolling desktop and mobile devices via OATH OTPs and OATH Tokens.

For greater clarity, the SecureAuth App Enrollment section has been renamed Multi-Factor App Enrollment; sub-sections Time-based Passcodes (OATH) and Security Options have been respectively renamed OATH Options and SecureAuth App - Security Options, and some fields in these sub-sections have been rearranged and/or relabeled

OpenID Connect / OAuth 2.0 Additional Options

New Client Details options: JSON Web Encryption and JSON Web Key URI.

New Allowed Flows for OAuth 2.0: Token Introspection and Token Revocation

See OpenID Connect and OAuth 2.0 configuration for more information.

Password Reset Page Changes

Additional options are available on the Password Reset Web Admin page.

  • New Password Reset Mode: "Administrative Reset with History Check"
    • Enables administrative password resets that enforce password history requirements
    • Requires Active Directory over SSL (port 636)
  • New options:
    • Username Textbox
      • Enabled/Disabled
    • Allow Password Change
      • True/False
    • Unlock User Account
      • Automatically
      • Do not unlock
      • Show unlock button
    • Show Password Complexity Rules
      • True/False

For more information on configuring a Password Reset realm, see Reset Password Configuration Guide .

Logs Tab
SIEM Integration

When using the RFC3164 syslog protocol, SecureAuth IdP now supports the use of the following event formats for vendor-specific SIEM solutions:

  • LEEF (Log Event Extended Format), for use with IBM Security QRadar
  • CEF (Common Event Format), for use with HP ArcSight

Added support for a query string that launches Update Web Config.

  • String: https://localhost/SecureAuth0/localadmin.aspx?update=true
  • Can only be run from the localhost machine or while RDP'd into the session on the localhost