Release 5.7
Smart Login
Smart Login capability has been added to allow Passwordless authentication. When enabled, a user with a Mobile Smart Credential paired to their account can authenticate to their intelliTrust account or a SAML/OIDC application integrated with IntelliTrust without the need to provide a username and password.
New User Attribute: User Principal Name
IntelliTrust now supports User Principal Name as a system user attribute. It can be used like any of the other system user attributes.
Smart Credential definitions can update their upn
variable default value and set it to <User Principal Name>
.
If there was an existing custom user attribute named User Principal Name
it will be renamed as User Principal Name----Renamed----
. All uses of this custom user attribute will remain as is.
All directory configurations will be updated to map the Active Directory userPrincipalName
user attribute into the new system User Principal Name
user attribute. This will occur at the next scheduled synchronization or it can be manually triggered by an administrator through a forced synchronization.
Microsoft CA Gateway Enhancements
-
IntelliTrust now supports key backup and recovery when using a Microsoft CA with Smart Credentials. The Key Management certificate template can be configured to support these features.
-
The Certificates List page has been updated to include support for displaying Microsoft CA configuration and connectivity information.
-
The previous limitation of properly synchronizing a user's DN value when ESG versions prior to 5.5 existed has been resolved. The automatic synchronization of a user's DN value is supported for versions of ESG 5.5 and later. When using a directory associated with an ESG 5.5 or later, the user's DN value will always be synchronized. When using a directory associated with an ESG 5.4 or earlier, the user's DN value will not be synchronized.
See the Administration Guide for complete details on how to configure your IntelliTrust account to use a Microsoft CA.
Smart Credential Enhancements
IntelliTrust now supports cloning of Smart Credential definitions.
Custom Email Server
You can configure IntelliTrust to use your own SMTP mail server for sending emails from IntelliTrust.
RADIUS Authenticator Challenge
A new setting “Authenticator Challenge” has been added to RADIUS applications. When enabled, users authenticating to a RADIUS application will be prompted to enter the name of the second-factor authenticator they want to be authenticate with after which they will be challenged to answer their second-factor authentication challenge.
Disable Machine Authentication
A new setting has been added to the Machine Authenticator settings to enable or disable Machine Authentication. When enabled, a user will see a Remember Me button on the login screen.
Bulk Operation Enhancements
The following Bulk Operations have been enhanced:
Import User/Groups
In previous versions of IntelliTrust, if a user already had a group assigned then the that user record in the Bulk Operation would fail. This restriction has been removed.
Import Grid Cards
Support for setting the state of the Grid Card being imported has been added. A Grid Card can be imported in the ACTIVE
or INACTIVE
states. This value must be provided in the 4th column of the Bulk Import CSV file (see example below). If ommitted, the Grid Card will be imported in the ACTIVE state. Below are examples with and without the state column.
Without the state column:
Card #,serialNumber,userId,,A1,B1,C1...
1, 1, alice,, P1, NH, EX...
With the state column:
#,serialNumber,userId,state,A1,B1,C1...
1, 1, alice, ACTIVE, P1, NH, EX...
2, 2, bob, INACTIVE, QW, 5H, EK...
Administration API for Create OTP
IntelliTrust now provides an Administration API to create and return an OTP. This can be used in place of the Authentication API challenge for OTP-only based authentications. The retrieved OTP can then be sent by the caller to the user. The API also provides support for OTPs using PSD2.
Changes to IntelliTrust APIs
The following have been added to the Administration APIs:
- A new method
createOTPUsingPOST
has been added that allows you to create and return an OTP. - New attribute
userPrincipalName
in been added to theUser
andUserParms
objects. This attribute contains theuserPrincipalName
of the user if that user was synchronized from a directory.