Oct 31, 2019

Idaptive release notes

The following release notes highlight new features and provide updates on resolved and known issues.

19.5-HF3 Release

New features

This release includes updated cloud agents for Windows and Mac endpoints.

  • Windows Cloud Agent (Endpoint authentication for Windows)

    The new Windows Cloud Agent supports online and offline multi-factor authentication for Active Directory and Idaptive Directory users on Windows-based workstations.

    Refer to Enroll Windows 10 machines for more information.

  • Mac Cloud Agent (Endpoint authentication for macOS)

    The Mac Cloud Agent now supports online and offline multi-factor authentication for users in Active Directory and the Idaptive Directory.

    Refer to Managing Macs with the Mac Cloud Agent for more information.

Improvements and behavior changes

  • SAML single log out now succeeds in B2B applications when you include the nameID attribute in the SAML response.

  • Intermittent Zero Sign-On failures that were caused by a browser cache issue are now fixed.

  • Users are no longer required to re-enter their username during a federated login sequence. The username on the Identity Provider is now automatically populated based on the login information available from the Service Provider.

  • Federated users can no longer be mapped to OAuth client users to prevent federated authentication.

  • The value of the Secret field is now preserved when Map federated user to existing directory user option is changed from disabled to optional or required for an existing Partner Management configuration.


Windows Cloud Agent

  • The Windows Cloud agent can now restart following a crash of the agent service.

  • Users can now login to their Windows PCs with their latest AD password in a scenario where their computer was not connected to the domain controller after their password was updated.

    For example, if a user changed their password while connected to the domain controller at the office, then traveled home and tried to login with the new password without a VPN connection.

  • The windows credential provider now provides adequate logs required for diagnosis of issues.

  • The windows cloud agent UI no longer freezes when network connectivity is intermittent and non-reliable.

  • Mobile notifications requesting acknowledgment of authentication to a user's PC now allow the authentication on the user’s PC when the PC’s UI is on the Spotlight screen.

Known issues

Windows Cloud Agent

  • The Windows Cloud Agent must be installed on a workstation that is joined to Active Directory.
  • Self-service password reset capability is currently not supported.

    An administrator must perform all password resets.

  • The pass-through period for Multi-factor Authentication is currently not supported.

    Users will need to pass the second-factor authentication challenge for each access attempt.

Mac Cloud Agent

  • Mac Cloud Agent currently does not support macOS 10.15
  • The local account can get out of sync with the matching account in the directory source after the password change, resulting in a denied login.

    Workaround: Log in to a local admin account and set the local password of the impacted user to the same password as the directory source through System Preferences  Users or through the dscl command line.

  • A user might get removed from the FileVault boot screen if they changed their password without entering their previous password in the Keychain Sync dialog on 10.14.3+ macOS devices.

    Workaround: To avoid this issue, users should log out after changing their password in the User Portal. When they log back in, click Yes at the Keychain Sync prompt and enter their previous password to sync their keychain and FileVault password.

  • The grace period policy for the MFA lock screen might stop working if the device is not restarted in more than two weeks.

    Workaround: Restart the device.

  • Users might get prompted for a one-time passcode (OTP) while in connected mode.

    Workaround: Enter the OTP code to login, or restart the machine.

  • Apple Watch unlock is not compatible with the MFA lock screen policy

    Workaround: Disable the MFA lock screen policy for Apple Watch users in the Admin Portal.