A new version of AuthAnvil Password Server is available!
With the latest version of AuthAnvil Password Server (version 2.6) we have made strides to align all our products together in a single stack. A key shift is that we have made some core architectural changes:
- We have moved to the Microsoft .NET 4.5 framework for all components. (We actually did this in v2.5.3, but aligned it in this release with all other AuthAnvil product)
- We have moved to SQL Server 2014 Express Edition
As part of this release, we have also:
- Applied several hotfixes since v2.5.3, mostly relating to UI defects.
- Added the Application catalog for non-federated apps
- Enhanced the AuthAnvil Workflow Editor to support new capabilities, including the ability to validate and test run workflows directly in the editor
- Sync agent has been updated to return screenshots of web workflow failure, and bubble that up in the administrative UI.
- Removed reliance on HTMLUnit and use a proper headless browser with more capabilities to significant increase the speed and reliability in changing passwords and testing them.
- We have rearchitected the password changing subsystem to properly cache and revert the transaction if it fails to help reduce change management inconsistencies on failure.
- We added the ability to automap web workflow attributes directly in the password record.
- Exports now include password notes and can handle much larger datasets
- We now expose the vault and scope ids within the management page to help aid with third party integration
Fixes and Feature Additions
Most of the defects that have been fixed has been in the UI. These include usability bugs relating to inconsistencies in layout, styles and behaviors. We have also improved the consistency for backup and restore for larger fields and have spent a great deal of time making the restore process much more streamlined.
We heard you. You want our pre-built catalog easier to access and not force you to import everything. So in this release, we have introduced the Application Catalog. One of the new things happening inside the company is we are expanding our application catalog significantly with a new team of Catalog Coordinators. In this release, we have built the plumbing to publish applications to AuthAnvil Password Server to ensure you get the latest configurations for applications that support credential injection with our SSO assistant. Below is a screenshot of what that looks like inside of the admin area within the Password Server.
The Application Catalog can easily be searched and sorted directly from the UI. And when a workflow may break in the field (such as when a website changes their login page), our team can quickly get an updated workflow pushed to your system through a set of services we have built in Azure. Very similar to how your favorite smartphone notifies you that there is an app update or have items available for review with badges, we have done the same thing in the Application Catalog. Within your Allowed Apps section, you will see the badges if updates are available.
Below is a screenshot from the help section on that page so you can understand update badging better.
We have several thousand applications that we are currently adding to the catalog, and you will start to see them right within the admin UI as they are available. Below is a list of the current categories we are supporting.
Of course, we still allow you to author your own workflows if you like. And we have centralized all that in one place.
Enhanced Workflow Editor
The AuthAnvil Workflow Editor has undergone some significant improvements. These include:
- The ability to set the workflow icon, for easy identification in the Allowed Apps. In a future version of SSO, this will automatically inherit the icon during application addition.
- Ability to set attributes to track versioning of the SAMLX file.
- Cleaned up the sequencing editor to make it easier to drag and drop elements.
- Added ability to find content by frame, and by ordinal for websites that don't follow HTML standards.
- Added a new workflow validator that allows you to test the workflow directly, and see the results of each step visually through screenshots
Below is a screenshot showing the workflow editor in action. notice how it dynamically requests the fields needed in the workflow, and then renders each step so you can see how the workflow has performed.
Sync Agent updates
We have improved our web synchronization performance significantly by moving to a chrome-based headless browser that can handle more complex web applications. At the same time, we have added the capability to take screenshots of the workflow steps and report failures back to password custodians so they can review what may have failed during a password test or change event. Below is a screenshot showing an example where a website's actual password does not match with what the Password Server currently knows.
Better change management controls
One of the architectural deficiencies we didn't consider in earlier releases was how to address conditions in which the passwords would fail to change through synchronization, but were changed in the Password Server. As an example, if a password was changed in AuthAnvil and during syncing a power outage occurred it would be possible that the passwords would be out of sync, and you could not reapply the original password back in the Password Server due to password history requirements.
We have addressed this by using a new temporary encrypted cache to manage this workflow. So until the sync agent reports back with a success, the cached password will not be applied until the sync has completed. This way, the password isn't officially changed in AuthAnvil until it was successfully changed on the target system or website.
Automapping web workflows
From the field, we heard many of you comment that it would be nice if the workflow would automatically map up to the appropriate fields within the password record. In this release, we have done just that. As long as the workflow field names use fairly defined workflow attributes (username, password, old password, confirm password etc) the system will map up the fields when you hit the automap button when managing a password, and automatically when you add a new password from either the Password Server or from within SSO.
We have upgraded the password exports to include the notes field and is now capable of exporting larger data sets. Large exports will be queued via the scheduler and you will be notified by email and through your Task List in the AuthAnvil Password Server when its ready for download.
With this release, we made clustering and fault tolerance a whole lot easier with the AuthAnvil Password Server.
AuthAnvil now includes a PowerShell script that will interrogate an existing AuthAnvil server deployment to determine what product is installed and ask you for a destination name to generate a CLU file (*.clu).
This output file will work in the installer for all three core AuthAnvil products, allowing you to add a new node to an AuthAnvil cluster in just a few clicks. You will notice the option to use a CLU file for a cluster in the base menu when the installer starts.
Ready to Go, or do you need some help?
If you are ready to move forward with this update, you can grab the latest release here. For upgrade instructions, you can go here. And if this is your first installation, make sure you head here first. Here is a direct link to the installer.
Of course, if you don't want to do this on your own, we do have a pro-services team ready and willing to help. Reach out to your account manager or email firstname.lastname@example.org for more information on our professional service offerings.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .