Release 5.21

November 2021

New in this release

OTP Preferences

The following changes have been made to per user OTP Preferences

• A new per user setting OTP Delivery Type has been added. This setting allows the user to specify the default OTP delivery type overriding the value set in OTP settings.
• An additional user registration setting has been added to prevent users allowed to edit their own contact values from also adding new contact values.
• The per user OTP preferences can now be viewed and modified by administrators

IP List Restrictions

IDaaS now allows administrators to configure IP Lists consisting of a list of IP addresses or CIDRs. An IP List can be assigned to an Admin API application which restricts the IP addresses that can access that application.

Microsoft CA Revocation

When a user with smart credentials is disabled or deleted or a smart credential is disabled or deleted, the certificates associated with the smart credentials are revoked in the CA. This capability is now supported for certificates issued by a Microsoft CA.

Fixed in this release

The following issues have been fixed in this release.

1. Changes to user attributes are now audited as part of the user add or modify audit. Previously the changes generated separate audits for each user attribute.
2. When the session idle timer expires for a user logged into the user or admin portal, the user is now redirected to the Logout page instead of the Login page.
3. When a user verifies a change to their contact details, the OTP generated now uses the OTP Settings lifetime. Previously it was valid for 60 seconds.
4. In OTP Settings the option to include the OTP expiry time in a SMS message is now always shown. Previously it was only shown if SMS was the default delivery type.
5. Sending push notifications to devices whose device Id starts with a 0 was broken. This has been fixed.
6. The Using Authenticators link in the User Guide has been fixed.
7. The Unlock User option is now disabled for administrators without the required permission. The operation failed when it was performed but should not have been available.
8. The IP address was not being passed correctly for RADIUS authentication with Citrix Netscaler. As a result, location related risk-based authentication contexts were not available. This has been fixed.
9. Performance of audit archive downloads has been improved for large archives.
10. When downloading an audit archive, downloads of other archives is now blocked.
11. Audit and User searches on some Date filters set to None was defaulting to 24 hours instead of not filtering on dates resulting in the wrong results being returned.
12. Reauthenticating the OAuth authentication for a custom email server could result in the Email server name and replay address being removed.
13. Some buttons in the Admin portal do not show up when the Theme is set to a light color. The buttons have been updated to display correctly.
14. The dialogs for updating a user contact value in the User portal have been updated to include better validation of the input value, include the current value when editing an existing value, and include a Dialog title.
15. The Unlink action in the User list should not be enabled unless at least one user is selected
16. The Knowledge-based Authentication related pages in the Admin portal have been refreshed.
17. When OTP authentication is configured to show the user all of their contact options, a Voice delivery option is now included for the user's Mobile contact if it is defined.
18. User contacts with long names or values are now displayed correctly on small screens when OTP authentication is configured to show the user's contact options.
19. The Date/Time context rule slider is now available for RADIUS application Resource Rules.
20. When entering a URL for a Resource Server the value is now validated immediately. Previously the value was validated when the page was saved.
21. When the Enterprise Service Gateway is configured to use a network proxy, gateway registration requests were not using the proxy.

Changes to Identity as a Service APIs

The following changes have been made to existing models in the Admin API.

• ipListId has been added to AdminApiApplication and AdminApiApplicationParms. This attribute specifies the UUID of the IP List assigned to the Admin API application.

Enterprise Service Gateway Deprecation

Entrust will only support the last four releases of the Enterprise Service Gateway (the current version 5.21 and the three previous releases 5.18, 5.19 and 5.20). Entrust recommends that customers always upgrade their Enterprise Service Gateway to the latest release because each release contains security updates to the Enterprise Service Gateway O/S.

Browser Deprecation

Identity as a Service no longer supports Internet Explorer 11.