ADSelfService Plus Fixes and Enhancements [2022]

ADSelfService Plus Fixes and Enhancements [2022]

Release Notes for build 6212 (Nov 14, 2022)
Feature:
  • Hardware TOTP token support: Hardware tokens such as Protectimus hardware TOTP token and Deepnet Security hardware token can now be configured as a custom TOTP authenticator for identity verification.
Enhancements :
  • SMS and email verification support for VPN MFA: SMS and email verification can now be configured as an authenticator for VPN MFA.
  • Bulk enrollment support for authenticators: Admins can now enroll end users for Google Authenticator, Microsoft Authenticator, Zoho OneAuth TOTP authenticator, and custom TOTP authenticators through bulk enrollment either using a CSV file or through  a database fetcher.
  • An option to skip the Select your mobile number/email address drop-down in the MFA verification page for SMS and email verification has now been included.
Issue Fixed :
  • An issue in the working of Linux agent (Cent OS 7) has now been resolved.
Release Notes for build 6211 (Oct 28, 2022)
Important Update:
  • Third-party requirement for NTLMv2 SSO: To enable NTLMv2 SSO for ManageEngine ADSelfService Plus in builds 6211 and above, you have to manually download the Jespa JAR file and add it to the lib folder of the product's installation directory. For more information, click here.
Enhancement:
  • A major security enhancement has been made in the product.
Issue fix:
The forced enrollment using login scripts feature didn't work for partially enrolled users. This issue has been fixed.
Release Notes for build 6210 (Oct 21, 2022)
Enhancements :
  • Notification Center: To ensure product security, a notification center has now been included to display important alerts that require admin attention.
  • To ensure security, the Spring JAR files used in the product have been updated to version 5.3.21.
  • To ensure security, the Commons Text JAR files used in the product have been updated to version 1.10.
Issues fixed :
  • An issue that caused an infinite password sync loop when password sync is configured for Active Directory bidirectionally has now been resolved.
  • An issue that caused the login agent to crash when Have I been Pwned integration was enabled and HTTP was configured has now been fixed.
  • An authorization issue in Talkback APIs has now been resolved.
  • A memory leak issue which caused the domain controller to restart abruptly in rare scenarios when Password Sync Agent version 2.0 was configured has now been fixed.

Release Notes for build 6209 (Sep 30, 2022)
Issues fixed :
  • An issue in the Restrict Users scheduler under License Management when there were different domains containing the same usernames has now been fixed.
  • An issue that occurred while searching for a username containing '_' in reports when using an external MS SQL database has now been fixed.
  • An issue in prompting MFA during VPN login when the username format was domain name/username has now been fixed.

Release Notes for build 6208 (Sep 21, 2022)
Features:
  • MFA for Windows User Account Control: All UAC elevation prompts that require credentials such as installing an application, editing the registry, and so on can now be secured using MFA.
  • Machine-based MFA: Secure business-critical machines in your organization by enforcing Machine-based MFA. This allows users to access the machine only upon successful identity verification through MFA, irrespective of their enrollment status, self-service policy membership, and ADSelfService Plus server connectivity.
Issue fixed:
  • An issue which caused MFA to not function as intended in Windows 11 machines during system unlock has now been fixed.
Release Notes for build 6207 (Aug 29, 2022)
Features:
  • MFA for mobile app login: ADSelfService Plus mobile app logins can now be secured with an additional layer of authentication using MFA.
  • Passwordless login: Provide easy and secure access to log in to the mobile app using modern authentication factors such as biometric authentication, push notification authentication, TOTP authentication, and so on.
  • Support for additional authenticators: The ADSelfService Plus mobile app now supports Zoho OneAuth authentication, custom TOTP authentication and backup recovery code support during self-service actions and mobile app logins.
  • Manage device enrollment: An option to restrict the number of devices users can use to enroll for mobile app authenticators like push notification, biometric, and QR-code authentication has now been included.
Enhancement:
  • User enumeration prevention: An option to prevent attacks through user enumeration in the mobile app has now been introduced.
Issue fixed:


  • An issue with the functioning of Accessibility VoiceOver in iOS devices has now been resolved.
Release Notes for build 6206 (Aug 18, 2022)
Issues Fixed :
  • An issue with the functioning of the custom range filter in Audit Reports, when there were a large number of audit records, has now been fixed.
  • A performance issue while derestricting users under License Management when there were a large number of restricted users has now been fixed.
Release Notes for build 6205 (Aug 9, 2022)
Enhancements :
  • Enrollment report customization: The Enrolled Users Report and Non-enrolled Users Report can now be customized to view additional user information, such as their active status, last logon time, etc.
  • Cloning existing policies: Existing self-service policy configuration settings can be copied to create multiple policies across domains now.
  • Granular control over trust periods: The MFA trust period for browsers and machines can now be customized in terms of minutes, hours, or days.
Issue fixes :
  • An issue with deleting licensed users who have an apostrophe character in their names has been fixed.
  • An XSS issue that could potentially occur in the Conditional Access rule assignment section has been fixed.
Release Notes for build 6204 (Jul 29, 2022)
Enhancement :
  • The MFA and Password Policy Enforcer features have now been extended to technicians who use product authentication.
Issue fixed :
  • An issue in which the functioning of the Password Sync Agent was affected when a domain flatName was specified during domain configuration has now been fixed.
  • A security vulnerability which caused authenticated remote code execution in quick enrolment configuration by super admin when connecting to MySQL database has now been fixed.
Release Notes for build 6203 (Jun 30, 2022)
Issue fixed :
  • A denial-of-service attack issue (CVE-2022-34829) in the ADSelfService Plus Mobile App Deployment API has now been fixed.
    For more information, refer to our security advisory page.

Release Notes for build 6202 (Jun 27, 2022)
Security enhancement:
  • An option to prevent user enumeration by initiating a mock MFA process has now been included. This has been implemented to mitigate CVE-2022-28987.
Issue fixed:
  • An issue in which the Change Password notification was not triggered when the operation was performed via the mobile application or mobile web browser has now been fixed.

Release Notes for build 6201 (Jun 9, 2022)
Enhancements :
  • Mac Agent support has now been extended to macOS Monterey.
  • XLSX format is now supported for exporting reports.
  • An option to extend the portal session expiration duration to one day has now been provided.
Issues fixed :
  • Performance-related issues in User Reports, Restricted Users report, Password Expiration Notification, and Unrestrict Users scheduler have now been fixed.
  • An issue that blocked the database query while sending enrollment push notifications has now been resolved.
  • An issue in VPN MFA when the configured MFA method was push notification has now been fixed.
Release Notes for build 6200 (May 24, 2022)

Issues fixed:

  • The communication between the Password Sync Agent and the ADSelfService Plus server has now been secured with the inclusion of an access key (CVE-2021-37423) . For more information, refer to our security advisory page.
  • An issue which exposed the username information in the request URL sent to the ADSelfService Plus server upon successful IdP authentication has now been fixed.
  • An issue where the embedded employee search option was not displaying the desired results has now been resolved.
  • To enhance security, the Spring JAR files used in the product have now been updated to version 5.3.18.

Note : If you are already using the Password Sync Agent and wish to upgrade to build 6200, you must reinstall the Password Sync Agent to ensure proper functioning of the agent. Click here for the Password Sync Agent installation steps.


Release Notes for build 6123 (Apr 13, 2022)
Issue fixes :
  • A security vulnerability which exposed admin credentials if the ADSelfService Plus server access was compromised while installing the login agent using Remcom and RemoteExec methods has now been fixed.
  • A security vulnerability which caused XSS script execution in the Configured Domains page has now been fixed.
Release Notes for build 6122 (Apr 09, 2022)
Issue fix :
  • In product instances where post-action custom scripts are enabled, a security vulnerability (CVE-2022-28810) which could lead to remote code execution during password reset and password change, has been fixed. This vulnerability was reported by Hernan Diaz, Andrew Iwamaye, and Jake Baines of Rapid7.
Release Notes for build 6121 (Mar 03, 2022)
Issue Fix:
  • A security vulnerability (CVE-2022-24681) which allowed XSS script execution in the reset password, unlock account, and user must change password pages has now been fixed.
  • A vulnerability causing the NTLM Hash to be disclosed to operators when configuring the storage path of a remote machine in the Reports tab has now been fixed.
Release Notes for build 6120 (Feb 11, 2022)
Enhancements:
  • Site-based DC Update: Let's you assign a particular set of domain controllers (DCs) to an OU so that self-service changes made by users from that OU are quickly updated in the DCs assigned to that OU.
  • Password Sync tab is now equipped with the capability to deselect all the linked accounts for password reset, account unlock, and password change operations.
  • An option that allows domain display name to be shown or hidden in the end-user portal/pages has now been added in the Reset & Unlock tab.
  • IP-based portal restriction will now deny technician logins from black listed IP addresses.
  • Windows MFA, which was prompted for user login and screen unlock earlier will now be prompted only during user login.
Issues fixed:
  • Glitches pertaining to MFA application to macOS machines whose names contained spaces have been resolved.
  • When the login page was customized to display only the login button, the drop-down list had glitches. This issue has now been resolved.
  • An issue which caused the failure of SAML SSO for custom applications since only "Exclusive Canonicalization with Comments" XML Canonicalization method was supported has now been fixed.
  • An issue in which mail content was added to the syslog files has now been removed.
  • An issue specific to the Germany locale in displaying the number in the password policy enforcer text has now been fixed.
  • Text customizations done in Language Customization tab for languages other than English were not reflecting. This has been fixed.
  • A memory leak issue in VPN MFA's NPS extension has now been fixed.
Please click here to check the fixes and enhancements on the previous version of the application.














      New to ADSelfService Plus?

        Resources

                Related Products