Release 5.7

March 2020

Smart Login

Smart Login capability has been added to allow Passwordless authentication. When enabled, a user with a Mobile Smart Credential paired to their account can authenticate to their intelliTrust account or a SAML/OIDC application integrated with IntelliTrust without the need to provide a username and password.

New User Attribute: User Principal Name

IntelliTrust now supports User Principal Name as a system user attribute. It can be used like any of the other system user attributes.

Smart Credential definitions can update their upn variable default value and set it to <User Principal Name>.

If there was an existing custom user attribute named User Principal Name it will be renamed as User Principal Name----Renamed----. All uses of this custom user attribute will remain as is.

All directory configurations will be updated to map the Active Directory userPrincipalName user attribute into the new system User Principal Name user attribute. This will occur at the next scheduled synchronization or it can be manually triggered by an administrator through a forced synchronization.

Microsoft CA Gateway Enhancements

• IntelliTrust now supports key backup and recovery when using a Microsoft CA with Smart Credentials. The Key Management certificate template can be configured to support these features.

• The Certificates List page has been updated to include support for displaying Microsoft CA configuration and connectivity information.

• The previous limitation of properly synchronizing a user's DN value when ESG versions prior to 5.5 existed has been resolved. The automatic synchronization of a user's DN value is supported for versions of ESG 5.5 and later. When using a directory associated with an ESG 5.5 or later, the user's DN value will always be synchronized. When using a directory associated with an ESG 5.4 or earlier, the user's DN value will not be synchronized.

See the Administration Guide for complete details on how to configure your IntelliTrust account to use a Microsoft CA.

• Admin Guide

Smart Credential Enhancements

IntelliTrust now supports cloning of Smart Credential definitions.

Custom Email Server

You can configure IntelliTrust to use your own SMTP mail server for sending emails from IntelliTrust.

RADIUS Authenticator Challenge

A new setting “Authenticator Challenge” has been added to RADIUS applications. When enabled, users authenticating to a RADIUS application will be prompted to enter the name of the second-factor authenticator they want to be authenticate with after which they will be challenged to answer their second-factor authentication challenge.

Disable Machine Authentication

A new setting has been added to the Machine Authenticator settings to enable or disable Machine Authentication. When enabled, a user will see a Remember Me button on the login screen.

Bulk Operation Enhancements

The following Bulk Operations have been enhanced:

Import User/Groups

In previous versions of IntelliTrust, if a user already had a group assigned then the that user record in the Bulk Operation would fail. This restriction has been removed.

Import Grid Cards

Support for setting the state of the Grid Card being imported has been added. A Grid Card can be imported in the ACTIVE or INACTIVE states. This value must be provided in the 4th column of the Bulk Import CSV file (see example below). If ommitted, the Grid Card will be imported in the ACTIVE state. Below are examples with and without the state column.

Without the state column:

Card #,serialNumber,userId,,A1,B1,C1...
1, 1, alice,, P1, NH, EX...

With the state column:

#,serialNumber,userId,state,A1,B1,C1...
1, 1, alice, ACTIVE, P1, NH, EX...
2, 2, bob, INACTIVE, QW, 5H, EK...

Administration API for Create OTP

IntelliTrust now provides an Administration API to create and return an OTP. This can be used in place of the Authentication API challenge for OTP-only based authentications. The retrieved OTP can then be sent by the caller to the user. The API also provides support for OTPs using PSD2.

Changes to IntelliTrust APIs

The following have been added to the Administration APIs:

• A new method createOTPUsingPOST has been added that allows you to create and return an OTP.
• New attribute userPrincipalName in been added to the User and UserParms objects. This attribute contains the userPrincipalName of the user if that user was synchronized from a directory.