Octopus Authentication Server Version 6.6 Release Announcement

Octopus Authentication Server version 6.6 introduces a variety of features that simplify and streamline the user authentication experience while maintaining the highest levels of security. As some of these features require the latest Agent versions, it is strongly recommended to use Octopus Desk for Windows v4.0.1 / Octopus Desk for Mac v3.0.2 and to encourage users to download the latest version of the Octopus Authenticator mobile app.

Desktop SSO for integrated applications [SSA-14172]: Octopus Authentication Server now supports application integration, enabling Windows users to seamlessly access these applications without manually entering login credentials. When an integrated application launches, the Windows Agent retrieves user credentials and automatically populates the fields of the Login screen.

This automatic population occurs through definition of Desktop SSO elements for the integrated application in the Octopus Management Console. When defining application settings, the system admin specifies properties and parameters of the Login window and its fields. These attributes are automatically saved to a configuration file which is then deployed to workstations, allowing the Windows Agent to identify the Login window and set user credentials in the appropriate fields.

For detailed information about configuration of integrated applications, please refer to the Octopus Management Console Admin Guide and the Octopus SQL Agent Installation Guide, or contact Secret Double Octopus support.

WS-Federation support [SSA-15310]: The new dedicated WS-Fed service provides integration between the Octopus Authenticator and the WS-Federation mechanism. The service enables full-scale integration with Entra ID, allowing use of the Octopus platform on Entra ID domain-joined machines. It also supports integration with mobile device management systems, e.g., Microsoft Intune.

Entra ID external authentication with the Octopus authentication solution [SSA-15562]: The new Entra ID EAM service enables users to log into the Microsoft Entra admin center using the Octopus platform as a means of two-factor authentication.

Adaptive Authentication for RADIUS services [SSA-15253]: Octopus Authentication Server now supports the option for strong authentication for login to RADIUS services, such as VPN solutions that support two-factor authentication. When this feature is enabled, users need to enter the verification code that is generated and displayed in the Octopus Authenticator mobile app after the push authentication request has been approved. The following figure shows an example of a dialog prompting users to enter the code:

Note: Adaptive Authentication for RADIUS services is not necessary for FIDO and bypassed users, as they routinely need to provide an accesss token in order to authenticate.

Biometrics data monitoring enhancements [SSA-15296]: Octopus Authenticator settings (in the Octopus Management Console) now allow the system admin to choose whether to disable the authenticator upon changes in biometrics data. When the Detect Changes in User Biometrics toggle is enabled, the mobile app checks for changes in biometrics with every authentication request, and detected changes are recorded as an auditing event. When the new Lock Authenticator on Biometrics Change toggle is also enabled, the app blocks authentication and the mobile authenticator is disabled. The user cannot work with the account until it is re-enabled by the admin in the Octopus Management Console.

Note: To use these features, the Force Biometric Authentication toggle must be enabled.

Audit enhancements [SSA-15216]: Session ID is now included in auditing records for enrollment requests.

Publish enhancements [SSA-15287]: Octopus Authentication Server version 6.6 introduces several new configurations for optimizing publish time.