Entrust

Release 4.5

Optional system user attributes (AAAS-14202)

The following system attributes can now be configured as optional or mandatory:

Note: OTP authentication is not available if a user does not have values for both email and mobile system attributes.
Note: The Gateway (Directory Sync Agent) will be updated to maintain the configured user attribute setting (mandatory or optional). All previous gateways will continue to treat user attributes based on their value when the directory was created. These settings cannot be changed dynamically for older gateways.

Display QR code (AAAS-15401)

Users can scan a QR code to activate Entrust Soft Token, Google Authenticator, and Mobile Smart Credential from the User Portal. This is useful for users without an email address.

User Registration Period (AAAS-15429)

A new User Registration Period setting has been added to the General Settings page. This field sets a registration period during which a user is allowed to authenticate to the User Portal using only a password. The registration period starts from the moment the user is created in IntelliTrust and expires after the configured number of days. Once a user logs in to their account, they must add a second factor authentication method in order to continue to log in to their account once the registration period expires. For more information, see the IntelliTrust Admin Online Help.

AD Sync status (AAAS-14257)

AD sync status information can now be viewed in the IntelliTrust admin portal. This allows you to see the current progress of a synchronization including how many users have been processed. See the IntelliTrust Admin Online Help for more information.

Note: The AD sync status feature is not supported with pre-4.5 gateways.

AD Sync group optional upload (AAAS-14201)

AD synchronization can be configured so that no groups are synchronized to IntelliTrust or that only groups matching the group filters are synchronized to IntelliTrust. See the IntelliTrust Admin Online Help for more information.

Note: The AD sync group optional feature is not supported with pre-4.5 gateways.

Support for new languages (AAAS-14203)

This release supports the following new languages in the User Portal:

Improved auditing (AAAS-13787)

The auditing features have been improved to include additional management audit events such as changes to directory configurations, gateways, and applications.

Support for dynamic linking of transactions using OTP (AAAS-14255)

Added the ability to integrate IntelliTrust for PSD2 compliance with European Banking Authority (EBA) Regulatory Technical Standards for strong customer authentication. See the IntelliTrust Admin Online Help for more information.

KBA redirect URL (AAAS-15476)

A URL has been added to make it easier to for users to register a KBA authenticator on their account. By navigating to /#/register/kba a user will be automatically redirected to their authenticators and prompted to add a KBA authenticator. This feature can be used when onboarding new users and you want them to add KBA as an authenticator.

Password reset URL (AAAS-14200)

A password reset URL is available at /#/reset/<userID> to redirect users directly to a password reset. See the IntelliTrust Admin Online Help for more information.

Note: The parameter is optional.

Support for Feitian C300 tokens (AAAS-14405)

Added support for Entrust Datacard CR C300 tokens for OTP, unlock, and PIN processing.

IntelliTrust Authentication API Enhancements (AAAS-14056)

The following enhancements have been made to IntelliTrust authentication APIs:

IntelliTrust Administration API Enhancements (AAAS-14358)

The following new attributes describing capabilities supported by the token are returned when querying Tokens:

Developer Portal now includes C# SDK (AAAS-14616)

The IntelliTrust developer portal now includes a C# SDK for interacting with the IntelliTrust Administration and Authentication APIs. The supported SDKs are now Java, PHP, and C#.