Release 4.8
Support for sending push notifications to custom mobile applications (AAAS-15065)
This release supports sending push notifications through Firebase Cloud Messaging (FCM) or Apple Push Notification Service (APNS) to custom mobile applications built using the Entrust Mobile Soft Token SDK.
Password strength indicator (AAAS-15751)
A new Minimum Password Strength setting has been added to the Password settings. This setting enforces the password strength when creating or resetting a password. Factors such as common passwords, names, phrases, and character repetition determine the strength of the password.
Support for Slack SAML application (AAAS-9667)
This release includes support for authentication to Slack through IntelliTrust.
Audit archiving (AAAS-12833)
This release includes the ability to download archived audit logs in .CSV format. Audits are available for download for a period of six months. Archive audits are maintained for a period of three years.
My Activity UI enhancements (AAAS-16079)
UI improvements have been made to the My Activity page.
Audit logs (AAAS-15657)
A new radiobutton is available to toggle between Authentication and Management audit logs on the Dashboard.
Audit logs for specific users (AAAS-15657)
A new Audits tab has been added to the User Details page to allow administrators to view audit logs for specific users.
IdentityGuard migration (AAAS-15937)
Entrust IdentityGuard migration to IntelliTrust includes import of Entrust IdentityGuard passwords.
Support for V11Ex Auth API (AAAS-15106)
Entrust IdentityGuard clients using V11Ex API can now be used with the IntelliTrust IdentityGuard Agent.
RADIUS agent logging (AAAS-15031)
A new setting has been added to the RADIUS application configuration to enable or disable RADIUS message logging. When enabled, messages for the RADIUS agent are logged to the same log file as the gateway logs.
OTP voice delivery (AAAS-15740)
A new system user attribute phone has been added for users. This attribute is used with OTP delivery. When set, a user receives a phone call with a message that provides their OTP. If a user does not have a phone number set but has a mobile number set, the mobile number is used for voice delivery, when OTP using voice is requested.
Note the following:
- OTP values are spoken individually. Therefore using VOICE over OTP with letters as the OTP values (instead of just numbers) may be harder for users to understand.
- When using transaction details with dynamic linking of transactions using OTP, transaction details are spoken as words or phrases.
- Existing directory configurations will have their directory attribute mapping updated to include an IntelliTrust phone attribute to ad telephoneNumber mapping automatically during the IntelliTrust upgrade. This applies to all gateway versions.
- The IntelliTrust phone attribute is set to optional by default. A user does not require telephoneNumber set for AD Sync to process successfully. The phone attribute will not be set in this case. The next time an AD Sync is executed after the IntelliTrust upgrade, the phone number will be synchronized.
Changes to IntelliTrust APIs
The following have been added to the Administration APIs:
- User and UserParms
- A new attribute phone has been added to User and UserParms. This attribute is a system attribute used to track a user's phone number. The phone number can be used for OTP authentication using voice delivery.
getOTPAuthenticatorSettings
andupdateOTPAuthenticatorSettings
- When obtaining or setting OTPAuthenticatorSettings, the attribute otpDefaultDelivery can be set to VOICE. The API for this has been updated to v2 (for example:
/api/web/v2/settings/otp
).
- When obtaining or setting OTPAuthenticatorSettings, the attribute otpDefaultDelivery can be set to VOICE. The API for this has been updated to v2 (for example:
The following changes have been made to the Authentication APIs:
userAuthenticatorQuery
- The OTPDetails response from the the userAuthenticatorQuery API can now include VOICE capability. This can be used in the availableOTPDelivery list attribute value and in the otpDefaultDelivery attribute value. The API for this has been updated to v2 (for example:
/api/web/v2/authentication/users
).
- The OTPDetails response from the the userAuthenticatorQuery API can now include VOICE capability. This can be used in the availableOTPDelivery list attribute value and in the otpDefaultDelivery attribute value. The API for this has been updated to v2 (for example:
userChallenge
- The AuthenticatedResponse returned from the userChallenge API can now include VOICE if VOICE was used for OTP delivery. This can be used in the otpdeliveryType attribute value.
- The UserChallengeParameters sent in the userChallenge API can now include VOICE as the OTP delivery. This can be used in the otpDeliveryType attribute value.
- The API for this has been updated to v2 (for example: /api/web/v2/authentication/users/authenticate/{authenticator}).
- When a TOKEN or TOKENPUSH challenge is requested, the challenge response will include a new attribute tokenDetails. This attribute provides a list of serial numbers of the user's tokens that can be used to answer the challenge.