Entrust

Release 3.7

Migrate user authenticators from Entrust IdentityGuard to IntelliTrust (AAAS-8847)

Authenticators configured in an Entrust IdentityGuard account can be moved to, and reused on, an IntelliTrust account. This allows those migrating from Entrust IdentityGuard to IntelliTrust to avoid paying for new authenticators. Entrust Datacard supports migrating knowledge-based authenticators (including question and answer (Q&A) pairs), assigned hardware and software tokens, and unassigned hardware tokens. Entrust IdentityGuard passwords, Token Push authenticators, Smart Credentials, Grid Cards, location history, and registered machine fingerprints cannot be migrated.

Integrate applications using IntelliTrust Authentication APIs (AAAS-10461)

Administrators can integrate IntelliTrust authentication into their application by using the IntelliTrust Authentication REST APIs. Using the IntelliTrust API allows end users a seamless authentication experience without being redirected from the application they are trying to access. For details on integrating using the API, refer to the Developer Guide available from the help menu in IntelliTrust.

Log in using Temporary Access Codes (AAAS-10884)

Temporary Access Codes allow users to log in when they cannot access their primary authenticators. For example, users who forget their mobile device at home can log in with a Temporary Access Code instead of using SMS OTP or Mobile Soft Token. Temporary Access Codes can be used to logon to the IntelliTrust portal, SAML applications, OpenID Connect applications and Radius integrations.

Support for encrypted SAML assertions (AAAS-10414)

IntelliTrust now supports encrypting SAML assertions. Encrypting assertions adds an extra layer of security by making the information unreadable to anyone other than the intended SAML Service Provider. While this feature is provided generically for any SAML application, the only built-in service provider that supports this feature currently is SalesForce.

Signed SAML metadata (AAAS-10413)

When downloading SAML metadata from IntelliTrust, it is now signed using the SAML signing certificate. SAML service providers that validate metadata signatures will have a high level of assurance that the metadata has not been tampered with.