ADSelfService Plus Fixes and Enhancements [2017]
Release Notes for build 5509 (Dec 27, 2017)
Enhancement:
- Bulk disenroll users: Select multiple users from the Enrolled Users report or import users from a CSV file to disenroll them in bulk.
Issues fixed:
- Oracle EBS password sync driver has been updated to the latest version.
- Issue in using Google Authenticator while performing password self-service from the Android mobile app.
- Issue in enrolling more than 10,000 users at once from external databases.
- Issue which failed to refresh the CAPTCHA image when using a load balancer.
- UI issue in "Choose mail/mobile recipient" page.
- Vulnerability issue in Windows login client.
Release Notes for build 5508 (Dec 13, 2017)
Issues fixed:
- Issue in cached credentials update when using Windows native VPN client.
- When password reset secure link is opened in a mobile web browser, it redirects the user to the login page of ADSelfService Plus instead of the password reset page. This issue appeared when ADSelfService Plus is integrated with AD360 and has now been fixed.
- Oracle Database for importing enrollment data can now be configured using service name as the connection type.
- Vulnerability issue in the Windows login client.
- Issue in check-box option during self-update.
- Issue in logging in to the self-service portal using mail attribute when its value is the same as that of UserPrincipalName.
- Change password issue when User must change password at next logon option is enabled in AD.
- Issue which displayed incorrect message during SMS verification.
Release Notes for build 5507 (Nov 20, 2017)
Highlight:
- Four new authentication methods: Biometric, QR code, time-based one-time passcode, and push notification can be used for identity verification during password self-service; all four methods come built-in with the ADSelfService Plus mobile app.
- Support for Duo Security, RSA SecurID, and RADIUS authentication methods in mobile app (both iOS and Android).
- SSO support for three new apps: Bamboo, Bonusly, and Cybozu.
Enhancement:
- Now set different limits for self-reset password and unlock account actions in advanced policy configuration.
- Support for inetOrgPerson objects in addition to user objects for AD LDS password synchronization.
Issues fixed:
- Issue in updating the OUs' names even after manually running a refresh of domain objects in ADSelfService Plus.
- Enrolling users via CSV import has been optimized.
- Issue in viewing Organization Chart when it is opened in Internet Explorer compatibility mode.
- Issue in navigating through the reports.
- Issue in sending SMS through custom SMPP protocol.
Release Notes for build 5506 (Oct 16, 2017)
Highlight:
- SSO for 90+ cloud apps: Now provide users with one-click access to 16 more cloud apps such as Office 365, SugarCRM, LiveChat, Cisco Meraki, etc., in addition to the already supported 80 apps.
Issues fixed:
- Vulnerability issue when using Google Authenticator.
- Issue where the login client software is not copied to the target machine during manual installation from the ADSelfService Plus admin portal.
- Issue where users were not able to close the enrollment pop up when the force enrollment logon script is pushed via GPO.
- Enrollment issue which forced enrolled users to enroll again when they log in to the self-service portal.
Release Notes for build 5505 (Oct 09, 2017)
Highlight:
- Employee Search feature is now supported in the ADSelfService Plus mobile web app.
Enhancement:
- Now you can sort the Employee Search results based on attributes.
Issues fixed:
- Issue in sending enrollment notification to domains that contain a large number of non-enrolled users.
- Brazilian Portuguese language issues have been fixed.
- XSS vulnerability issue while updating manager field using self-directory update.
- Issue in accessing the HTA login script when TLS 1.2 is strictly forced.
- Issue in AD LDS password synchronization.
Release Notes for build 5504 (Sep 19, 2017)
Enhancement:
- You can now use the custom attributes as macros and in password synchronization for linking Active Directory accounts with other applications.
- 'DateTime' data type has been added for creating custom attributes.
- Option to send all notifications to the secondary email addresses of users.
- Now you can customize the license expiration notification settings to suit your requirement.
- PGSQL database that comes built-in with the product has been updated to 9.2.4 version.
- Self-service (password reset, account unlock, and change password) notifications are now supported for non-AD accounts including IBM iSeries, HP UX, Office 365, G Suite, and Salesforce.
- Performance improvements.
Issues fixed:
- Issue which failed to partially hide the email address during the secure link identity verification process for password reset and account unlock.
- Some security issues have been fixed.
- [For builds 5400 and later] Issue in enforcing the product to use a particular TLS protocol.
Release Notes for build 5503 (Sep 05, 2017)
Highlight:
- ADSelfService Plus can now be integrated with SIEM solutions that support Syslog such as Splunk to forward audit logs and gain advanced intelligence on user activities.
Enhancement:
- Compliance with Vasco authentication server for RADIUS multi-factor authentication.
Issues fixed:
- The issue which caused database migration to slow down.
- The issue which prevents deleting unowned licensed users.
- The issue in importing enrollment data from Oracle database.
Release Notes for build 5502 (July 31, 2017)
Highlight
- Single Sign-On for 80 cloud applications: Now provide users with one-click access to over 80 cloud applications.
Enhancement
- Option to configure display name of applications configured for password synchronization.
Issue Fixed
- The issue which restricted Free Edition users from configuring multiple AD domains after the end of trial period.
Release Notes for build 5501 (July 14, 2017)
Feature:
- Supports customization of texts on the mobile app’s home page.
Issues fixed:
- The issue in AD synchronizer scheduler which fails to import domain users from Active Directory.
- GINA installation issue when there is a newline character in frame text.
- The issue in installing GINA client when VPN parameters contain special characters.
- The issue which prevented users from accessing the Audio CAPTCHA button using the keyboard.
- The issue in editing the Manager field while configuring self-update layout.
- Issue in proxy server configuration which displayed a blank page after a successful self-service operation
- The issue which prevented password expiration notifications from being sent to members of domain users group.
- The issue in the self-service password reset operation when a domain controller configured in Site-based DC is removed from the Domain Settings configuration.
- The issue in installing the Password Sync Agent on FIPS compliance enabled domain controllers.
- The issue which displayed incorrect password reset status displayed for Office 365.
- The issue which obscured the remaining Clickatell SMS count from being viewed in the license details page.
- The issue in CSR generation while configuring SSL certificate.
Release Notes for build 5500 (June 23, 2017)
Enhancements:
- Enforce password history checks for password reset operations using password policy enforcer.
- Restrict users during license management based on their smart card status (enabled/disabled).
- Set up the scheduler to automatically reinstate revoked licenses of users when specific conditions, such as user account is enabled, user account becomes active, and smart card is enabled, are met.
- Now send attachments along with password expiration notifications.
- Enroll users in bulk for Duo Security authentication by importing data from CSV files and external databases.
- Enable product downtime notifications to instantly get alerts whenever the product stops running.
Issues Fixed:
- The issue in saving Access URL has been fixed.
Release Notes for build 5400 (May 25, 2017)
Enhancements:
- Apache Tomcat server used in the product is now updated to version 8.0.
- Added an option to show/hide the “Reset Password/Unlock Account” tile from the Windows login screen.
Release Notes for build 5330 (May 3, 2017)
Features:
Release Notes for build 5329 (April 27, 2017)
Issues Fixed:
- Issue in using Cisco AnyConnect VPN for cached credentials update.
- Issue in logon client (GINA/Credential Provider agent) installation caused by configuring 64-bit VPN settings for cached credentials update.
- Issue in updating to the latest build using service pack.
- Issue in starting the product using the desktop shortcut icon.
- Issue in customizing the size of non-English fonts on logon page.
Release Notes for build 5328 (April 14, 2017)
Enhancements:
- Mobile app customization: Now you can completely customize the home screen of the app and disable access to certain features.
- Dictionary rule in password policy enforcer can now be configured to restrict password that is either an exact match of a dictionary word or has dictionary words as its substring.
Issues Fixed:
- Issue in configuring OpenLDAP server over SSL.
- Alignment issue in login page when product language is set to Arabic.
- Issue in editing the email verification code message as HTML during multi-factor authentication configuration.
Release Notes for build 5327 (March 15, 2017)
Features:
- Duo Security, RSA SecurID and RADIUS-based authentication support: Self-service password reset and account unlock processes are now more secure than ever thanks to three new authentication methods for verifying users’ identities.
- RADIUS-based authentication support for two-factor authentication during login.
- Support for SMPP-based custom SMS provider.
Issues Fixed:
- Issue in installing the login client software in MAC machines.
- Issue in configuring Salesforce for password sync and SSO.
- Issue in sending email verification code for login two-factor authentication when the email body contains HTML code.
- Issue which showed an error message when the change password tab is clicked.
- Issue which triggered verification code emails twice when Internet Explorer 11 is used for the self-password reset process.
- Issue in importing CSV file during auto enrollment when the domain name contains special characters.
Release Notes for build 5326 (February 24, 2017)
Enhancements:
- AD domain-to-domain password sync: Now you can enable password synchronization between two or more Active Directory domains.
- Option to synchronize passwords only after successful password reset in Active Directory.
- Ability to identify the IP addresses of machines used to access the product via proxy server.
Issues Fixed:
- XSS vulnerability in self-update manager field.
- Issue which resulted in distorted photos during self-update.
- Issue which associated technicians with wrong time zone.
Release Notes for build 5325 (February 3, 2017)
Enhancements:
- Two-factor authentication for ADSelfService Plus login can now be configured based on OUs and groups. To configure the settings, navigate to Configuration → Policy Configuration → Select Policy → Advanced → Login TFA.
- Option to exclude smart card users from password/account expiration notifications, and soon-to-expire password users and password expired users report.
- Now you can import enrollment data from an external/in-house PostgreSQL database.
- Option to display "Select mobile no./Email address" as the default text in drop down list during verification code step.
Fixes:
- Issue in adding and removing domain controllers in Site-based DCs configuration.
Release Notes for build 5324 (January 20, 2017)
Enhancements:
- Cisco AnyConnect VPN client is now supported for updating cached credentials.
- 64-bit version of VPN clients are now supported for cached credentials update.
- The photo attribute can now be set as ‘Read Only’ in self-update layout.
Issues fixed:
- Issue which allowed end users to tamper with the password self-service process.
Release Notes for build 5323 (January 11, 2017)
Enhancements:
- The password policy enforcer feature now ensures strong passwords for your users by:
- Preventing the use of any dictionary word.
- Prohibiting the use of five consecutive characters from an old password.
- Mandating the use of at least one Unicode character.
- You can exempt a password from complying with a custom password policy if it meets a certain character length set by you.
- The password strength analyzer feature now works even without enforcing your custom password policy.
Release Notes for build 5322 (January 5, 2017)
Issues fixed:
- Issue in Windows logon agent (GINA/CP) when GINA/Mac customization scheduler is configured.
- Issue which failed to save OU and group selections during policy configuration.
Release Notes for build 5321 (December 30, 2016)
Enhancements:
- Enhanced Force Enrollment: Now you can configure multiple force enrollment schedulers based on self-service policies.
- Option to exclude disable users while scheduling soon-to-expire password users and password expired users reports.
- Users can be restricted to select managers from a specific set of OUs or groups during self-update of AD profile information.
Issues fixed:
- Issue in changing the database to MS SQL that is located in another untrusted domain when NTLMv2 is enabled.
- Issue in displaying password policy rules in mobile web browsers during password reset via secure email link.
- Corrected the UI text which showed reset password successful message for Office 365 change password operation.
- Issue in password reset when enforce password history option is enabled.
- Issue in ServiceDesk Plus integration.
- Issue in loading the CAPTCHA image properly when using reverse proxy.
- Protocol can be now be configured during the manual installation of logon (GINA/CP) client software.
- UI issue in multi-factor authentication configuration page when the verification code email message contains double quotes.
- Domain settings issue which prevented a domain containing a large number of users from being deleted.
- Issue in reports which showed the values available in the mail/mobile attributes instead of the attributes configured by the admin.
Please click here to check the fixes and enhancements on the previous version of the application.
New to ADSelfService Plus?