This version simplifies the user enrollment experience, streamlines the installation process and enhances audit logging details.
Version highlights include:
- Redesigned enrollment invitation email helps ensure a simple and straightforward enrollment process. The invitation’s expiration date and information about getting assistance now appears at the beginning of the email, before the enrollment instructions.
- For an improved and streamlined installation process, the Octopus Authentication Server installer now creates self-signed certificates only. A script to change the default configuration after installation is available for customers who require the server to use HTTP.
- Audit log enhancements provide additional logging data, including the active Domain Controller running LDAP queries and LDAP service logins by unassigned users.
This major version introduces several new authentications flows, offers significant enhancements to the User Portal, including branding options and more self-service actions, supports increased flexibility and better control of service workflows, and provides numerous features to simplify the enrollment process and promote greater security and confidentiality.
Some of the version highlights include:
- Adaptive Authentication (available for Octopus authentication) helps prevent user identity hijacking by requiring stronger authentication for login attempts from unrecognized workstations and browsers. When Adaptive Authentication is enabled, users authenticating for the first time from an unknown device are required to enter the verification code displayed in the Octopus Authenticator mobile app. Following the first successful strong authentication, users are no longer required to enter a code if the browser or workstation is designated as a Trusted device.
- User Portal branding settings allow customers to design a unique look and feel for the Portal using colors, images, and organization-specific texts. Available branding features include Portal name and logo, background image, status bar, terms-of-use message, and more.
- New Portal self-service actions allow users to view a list of all browsers used for authentication and enable them to clear data stored on a browser, such as the previously selected authentication method. The Reset Password action allows Local users (who aren’t members of integrated directories) to easily change the user verification password needed to authenticate to services that require MFA.
- The Portal Auto Launch option for SAML services offers streamlining and convenience by having these services open automatically when users authenticate to the Portal. The global Auto Launch setting defined at the service level can be overridden at either the group or user level, enabling flexibility and support for specific user requirements.
- The Resend To Another Address option allows invitation emails to be sent to an address other than the one recorded for the user in the system. This significantly facilitates the first enrollment process, as it allows new users who do not yet have access to the system to receive enrollment emails and start registering devices.
- Users without access to the mobile app now have the option to log into organizational platforms and services using a temporary token, avoiding the need for the Admin to provide them with the actual AD password. To maintain token confidentiality, the token can be sent to the user by email. The token may also be designated for one-time use only, as required.
- The Services list now includes prominently displayed service validity information to avoid errors and interruptions in service workflows. If any required service settings are missing, or if one or more settings are invalid, a warning icon appears. Clicking the icon opens a clearly organized list of the settings that are missing/invalid.
- The Clone Service action existing service certificate or, available for all service types, lets the Admin quickly and easily create a new instance of an existing service. All service settings are copied, except for SAML service URLs (which are replaced with random UUIDs) and LDAP/RADIUS service port numbers (which are left blank). The Admin can choose whether to use the existing service certificate or generate a new certificate for the cloned service.
Attached please find the Release Notes containing the complete list of all new features in the version.