Release 5.0

June 2019

Manage SAML certificates (AAAS-16382)

You can create and delete signing certificates for SAML applications. This allows customers to manage their certificates and to use a different certificate for each application if they choose.

Sign C# SDK (AAAS-15996)

The DLLs for the Administration and Authentication C# SDKs are now signed.

User Registration (AAAS-15194)

User registration allows you to require users to self-register when logging in to IntelliTrust. This feature is useful for users that do not have the second-factor authenticators required to access the User portal application, SAML, or OIDC applications.

Active Directory Sync/Unsync individual users using Admin API (AAAS-17155)

This release includes the ability to synchronize or unsynchronize individual users from Active Directory using the Administration API. This allows customers to immediately synchronize updates for a new or existing Active Directory user. Additionally, an unsynchronize endpoint is also available. This allows customers to immediately set a user back to being locally managed in IntelliTrust (disassociate the user with AD Sync). Both APIs require an Enterprise Service Gateway v5.0 or later.

Directory migration (AAAS-16766)

In this release, you can migrate users from one directory to another directory and all the users will then be synced from the new directory. To do this, delete the directory from IntelliTrust that you want to migrate from and create a new directory that you want to migrate to. When synced using this new directory, all the users will then be synced from the new directory.

Note: If the same user is present in both directories and you remove the directory that user is originally associate with, the other directory will take over that user.

Audit archiving (AAAS-12833)

Starting with this release, audit events are stored in the database for six months only. Older audit events (up to three years) are archived in compressed audit files available for download under Reports > Archives. The system does not retain audit events older than three years.

Changes to IntelliTrust APIs

The following have been added to the Administration APIs:

• New methods in the Administration API to sync a user from the directory on demand and to force unsync a user who is currently synced.
• New methods in the Administration API to get and list the directories defined in the account.
• New search criteria for the Administration API user list operation:
• Match users with or without a given authenticator
• Match users with a given user type
• Match users that require (or do not require) user registration
• Return the list of locked authenticators for each user