Release 5.1

July 2019

ActiveSync Access for mobile (AAAS-16379)

ActiveSync Access integrates Microsoft Office 365 server with IntelliTrust to allow users to perform secure, multi-factor authentication-based provisioning of their Exchange ActiveSync devices.

Password and second factor lockout behaviour (AAAS-7598)

In this feature, we have changed how the lockout behavior for second-factor authentication works. Previously, there was a separate lockout count for second-factor authentication. For example, if you did OTP authentication, the OTP lockout updated. But if you did PASSWORD+OTP authentication, the PASSWORD+SECOND FACTOR lockout updated.

In this release, the PASSWORD_AND_SECONDFACTOR authenticator is no longer treated as an authenticator type with its own lockout. For example, if the user enters the password correctly and uses TOKEN for second factor and enters an invalid token response five times, then the user's TOKEN authenticator will be locked and the user will not be able to use a TOKEN in any application until it is unlocked.

In this release, the behavior has been changed so that in second-factor authentication, the PASSWORD lockout updates if the password is invalid and the second-factor authenticator lockout count updates if the second-factor lockout count updates. Previously, a separate lockout was maintained for one factor authentication versus second-factor authentication. Now the same lockout is used for both. For example, if you do PASSWORD+OTP authentication and you enter an invalid OTP, the OTP lockout updates.

There is an upgrade impact on this change. Prior to 5.1 being installed, a user may be locked out for PASSWORD+SECOND FACTOR. After 5.1 is installed, the user will no longer be locked out.

IntelliTrust AD FS integration (AAAS-17226)

A new application template has been added to the Applications page for Entrust Datacard AD FS Adapter.

RBA Location History (AAAS-16375)

A new Location History Trust Threshold setting has been added to the risk-based authentication settings to set the number of times a user must log in from a location before it is trusted.

AD Sync status (AAAS-15971)

The Directory Sync Details ppage has been enhanced to have more metrics for users and groups. These metrics only reflect the statistics during the crawl phase of the sync process. In addition, the details dialog now contains the most recent errors (20 maximum) reported by the gateway while syncing users/groups.

The metrics are now in a tabular format for improved readability and the sync status has an animation for clear indication of the state.

Changes to IntelliTrust APIs

The following have been added to the Administration APIs for Active Sync Access:

• Sync and manage Exchange ActiveSync Devices from Microsoft Office 365
• Retrieve the latest information about devices (POST /api/web/v1/users/{userid}/activesyncdevices)
• Allow/Block ActiveSync Devices (PUT /api/web/v1/users/{userid}/activesyncdevices)
• Remove ActiveSync Devices (DELETE /api/web/v1/users/{userid}/activesyncdevices)
• Fetch cached Exchange ActiveSync Devices (GET /api/web/v1/users/{userid}/activesyncdevices)