Release 2.1
New bulk operation actions available (AAAS-3671)
Administrators may now assign Entrust Soft Token (ST), Google authenticators, or passwords to a list of users simultaneously. They can also reset multiple user passwords. Multiple users can be deleted from an account by completing the bulk deletion operation.
Create custom roles (AAAS-2763)
Administrators may create custom roles that define the level of access each user assigned that role is granted to the Authentication Cloud Service features. The administrator defines which permissions are included in each role, which collectively define the user's level of access. These roles can be modified or deleted once created.
Add Amazon AWS application
Administrators may now configure Amazon AWS application accounts for SSO from ACS. The administrator must configure the AWS account's settings for single sign-on from ACS as well. Once configured, the administrator needs to configure resource rules that define the security constrains that must be met for access to the application to be granted.
Generic, customizable SAML applications now available (AAAS-3456) (AAAS-4207)
Administrators may now add Generic SAML applications to their account and enable SSO to applications not already offered by ACS. The assertion fields used may be customized during configuration so that the fields employed during authentication match those available in their application of choice.
ISAPI Filter IdentityGuard Application now available (AAAS-3855) (AAAS-3935)
Administrators may now add the Internet Server Application Programming Interface (ISAPI) filter to ACS. A gateway instance with an IdentityGuard agent must be established before configuring ISAPI so that an IdentityGuard agent is available for selection when the ISAPI filter is configured.
Desktop IdentityGuard and Custom IdentityGuard applications now available (AAAS-5645)
With this release, administrators can configure access to the IdentityGuard Desktop and Custom IdentityGuard Integration applications. A gateway instance with an IdentityGuard agent must be configured on ACS so that it is available for selection when configuring either application.
Machine authentication now available (AAAS-3058) (AAAS-3063)
Users may now use machine authentication to bypass second factor authentication to applications. Machine authenticators can only be assigned by users to their own account. Administrators with the appropriate role can customize the settings of the machine authenticators assigned to each user. They can customize the authentication components included in each machine authenticator according to their organization's security constraints.
Hardware token authentication now available (AAAS-3692) (AAAS-3693) (AAAS-3695) (AAAS-3698)
Users can now use hard tokens to complete authentication challenges to ACS or protected applications. Each token generates a 6-8 digit passcode. The user must enter the passcode before it expires as a response to the challenge posed by ACS during authentication. Both administrators and end users can assign hard tokens to user accounts.
RADIUS agents now support CHAP/MSCHAP (AAAS-1478)
Each ACS RADIUS agent now supports the PAP, CHAP, MSCHAPv1, and MSCHAPv2 authentication protocols. The OTP, TOKEN and TOKEN PUSH authenticators support all of these RADIUS authentication protocols. The RADIUS authentication protocol used is determined by the VPN server configuration and is not controlled by any settings in ACS or the RADIUS agent.