Date July 6th, 2022
New Features
- Integration Manager - Passly has added a new left menu item "Integration Manager" for more information please see this article. This feature is the new home of Passly's integrations.
- Dark Web ID Workflow - We have added a new integration for Passly. This integration allows for Dark Web ID compromises to be blocked from the integrated Password Server. Please see this article for more information.
- Office 365 Graph API - Passly is now syncing Group membership for Microsoft 365 when federated.
Defect Fixes
Directory Manager
- Directory Manager: User not able to reset password. We found an issue with the Dark Web ID integration that was blocking some users from resetting their Passly Password. This issue is now resolved.
IT complete
- Kaseya One [Single Sign On] - User is not logged out of K1 after initially Enable login with IT Complete was done. This issue is resolved and logins are working again as expected. No Passly administrator changes are needed to allow fixes to be applied in this instance.
SSO Manager
- SSO Manager: [Microsoft 365] An issue occurred where Apps are active during provisioning process, this has been resolved. Only Active federated M365 apps will show as active.
- SSO Manager: [Microsoft 365] Group memberships aren't deleted in Azure AD after being deleted in Passly. This issue was resolved on the backend, not changes are required by Administrators to address this.
- SSO Manager: [Microsoft 365] Mail-enabled security group doesn't sync with Local group in Passly. This groups are now syncing as expected.
- SSO Manager: [Microsoft 365] User can't log in to AzureAD joined machine when Passly federation is enabled. This is now resolves and working as expected.
- SSO Manager: [Microsoft 365] Apps are still active on the Launchpad for user after re-federating an Office 365 app with another sync configuration. n issue occurred where Apps are active after de-federation, this has been resolved. Only Active federated M365 apps will show as active.
Authenticator
- iOS/Android Authenticator App: Infrastructure: We Fixed audit trimmings to resolve Push issue in production. This has increased app performance.
- U2F (Universal Second Factor) Support: We have replaced the U2F API with Web Authentication API. This was routine maintenance to improve U2F support.
- U2F Support: We have performed Infrastructure clean-up of the U2F registrations. This will help our team with further updating U2F support in the background.
-
U2F Support: We have migrated Passly to provide better U2F support. No Administrator changes will be required, this was a backend update.
According to Google chrome v.98 official notice (https://support.google.com/chrome/a/answer/7679408#disU2f ):
The U2F API is Chrome's legacy API for interacting with USB security keys. It has been superseded by the W3C Web Authentication API (WebAuthn). Chrome 98 disables the U2F API by default. With Chrome 104, the U2F API will be removed from Chrome.
Full release notes:
The U2F API is Chrome's legacy API for interacting with USB security keys. It has been superseded by the W3C Web Authentication API (WebAuthn). Chrome 98 disables the U2F API by default. With Chrome 104, the U2F API will be removed from Chrome.Sites can continue to use the U2F API beyond Chrome 98 if they enroll in an Origin Trial. Using the Origin Trial also suppresses the deprecation prompt on the enrolled pages. The Origin Trial will end on July 26, 2022, shortly before the release of Chrome 104.
Enterprises can suppress deprecation related changes, and keep the U2F enabled, by using the U2fSecurityKeyApiEnabled enterprise policy. This enterprise policy will be removed from Chrome, together with the U2F API, in Chrome 104.
If you run a website that still uses this API, please refer to the deprecation announcement and blog post for more details.
Policy Manager
- Policy Manager: [Windows Logon Agent Trust Policy] When we added a device to trusted we send a cookie and all following request should have that cookie inside. We have implemented a change to create a new mechanism to store this value on the client machine and attach to all HTTP request. This will help with trusting Windows machine logins via Passly.
-
Policy Manager: [Web Trust Policy] For identification of browser and extension we are now using npm: device-uuid and sending this as an additional header in auth request “DeviceId”. This change will assist customers in using Trust in their Authentication Policies.
Browser extension
- Browser Extension: An issue occurred where credentials are not pasted automatically after the extension/browser was first loaded. This issue has been resolved. Chrome/Firefox extensions will update via their appropriate stores.