ADSelfService Plus Fixes and Enhancements [2024]

ADSelfService Plus Fixes and Enhancements [2024]

Release Notes for build 6501 ( Jul 3, 2024 )

Issue fixes  

  • An issue that caused incorrect messages to be displayed during failed CAPTCHA attempts has now been fixed.

  • An issue that occurred while restricting unowned licenses when multiple accounts with the same username exist across different domains has now been fixed.

Release Notes for build 6500 ( Jun 15, 2024 )
Enhancements
  • The PostgreSQL database bundled with ADSelfService Plus has been updated to version 14.12 for 64-bit machines.

  • The Apache Tomcat version used in the product has been updated to 9.0.89.

  • The JRE version used in the product has been updated to Zulu jre8_0_412.

  • The JVM Wrapper version used in ADSelfService Plus has been updated to v3_5_51.

  • ADSelfService Plus now utilizes the JDBC driver for SQL server connections.

Release Notes for build 6410 ( May 24, 2024 )
  • An issue that occurred from builds 6407 up to 6409, where the User Attempts Audit Report displayed the ADSelfService Plus server's loopback IP address instead of users' IP addresses has now been fixed.

  • An issue preventing SP-initiated OAuth SSO logins even when authentication was successful in ADSelfService Plus has now been fixed.

  • An issue with regenerating expired SAML encryption certificates when SAML authentication was configured after the certificate expired, has now been fixed.

  • An issue in the mail server configuration settings where multiple email addresses could not be saved if there was a space after each comma separating them has now been fixed.

  • An issue with updating the location of the VPN client in the Registry Editor when the Windows login agent was installed via GPO has been fixed.

  • An issue that prevented Syslog and Splunk configurations from being saved while the TCP 7 port was disabled has now been fixed.

Release Notes for build 6409 ( May 07, 2024 )
  • An issue that prevented the use of images with uppercase extensions in the product has now been fixed.

  • An issue that prevented SSO logins to Microsoft 365 has now been fixed. 

Release Notes for build 6408 ( Apr 19, 2024 )
Issue fixes 
  • An issue caused by duplicated authenticator priority values, that resulted in the update of ADSelfService Plus from version 6221 to 6403 to fail, has been fixed.
  • An issue that prevented the modification of password expiry notifications in languages other than English upon updating ADSelfService Plus from build 6213 or earlier, has now been fixed.
  • An issue causing an existing domain to disappear from ADSelfService Plus' UI when an administrator attempted to add a domain controller with the same name as the domain, has now been fixed.
Release Notes for build 6407 ( Apr 16, 2024 )
Features
  • New reports for deeper insights: ADSelfService Plus now offers fourteen new reports that provide deeper insights on user behavior pertaining to MFA usage and self-service actions.

               ➤ MFA Audit Reports: This section provides comprehensive reports that audit all user actions related to enrollment and MFA, including MFA usage from mobile devices, MFA failure reports, browsers and devices trusted for MFA, and the utilization of backup codes.

               ➤ Password Self-Service Reports: This section offers insights into users' password self-service actions, including password resets, the delivery of password expiry notifications, account unlocks, and information on current and previously blocked users.

               ➤ Agent Reports: This section offers information pertaining to the installation of the login agent on machines in the domain. These reports were previously available under the GINA/Mac/Linux Installation section of the product console.

  • SSO for ManageEngine applications: Provide one-click, secure, passwordless access to ManageEngine applications like Endpoint Central, ADAudit Plus, PAM360, and more, through SAML SSO.

Enhancements
  • ADSelfService Plus now allows the configuration of RADIUS response attributes that determine the user groups or roles for VPN connections, or other purposes.

  • Conditional Access policies can now be applied to VPN connections protected by MFA.

  • Enrollment Notifications sent via SMS can now be configured for users opting for Quick Enrollment.

  • ADSelfService Plus now allows admins to have granular control over the notifications generated for different enrollment or self-service actions.

  • Admins can now receive notifications about unsuccessful user access attempts.

  • Users are now restricted from enrolling for MFA using an email or mobile number that has already been used for enrollment by another user.

  • Policy Names and Conditional Access Rules pertaining to users attempting MFA are now audited, and can be viewed as part of MFA audit reports.

  • The Password Synchronization feature now supports Oracle's multitenant architecture.

  • Admins can now configure soon-to-expire password SMS notifications for users' secondary mobile numbers.

    Users' linked accounts can now be automatically unlocked upon successful password resets.

  • Email notifications can now be sent to administrators when ADSelfService Plus restarts after a downtime period.

Release Notes for build 6406 ( Mar 29, 2024 )
Enhancement
  • The Tomcat version has been upgraded to 8.5.99.
Issue Fixes
  • An issue that occurred when logging in using Citrix Workspace in a machine with the ADSelfService Plus Windows login agent installed has now been fixed.
  • An issue on macOS version 12 where the login agent freezes when using Duo MFA has been fixed.
  • An issue in upgrading from builds 6400 and 6401 when syslog is configured for log forwarding in ADSelfService Plus through ManageEngine AD360 has now been fixed.
  • Login failure in Windows machines caused by exceeding the idle timeout limit has now been fixed.
  • An issue in synchronizing passwords that contain HTML characters using a custom script has been resolved.
  • An issue causing the CSS parser JAR file to be duplicated when upgrading from builds 5806 and below has been fixed.
  • An issue with displaying the customized text added in the Language Customization page has now been fixed.
  • An issue with the "Trust this machine" option not functioning as intended during high user login attempts has now been fixed.
Release Notes for build 6405 ( Mar 08, 2024 )
Feature   

Just-in-Time user provisioning for applications: ADSelfService Plus now supports Just-in-Time user provisioning for Assetsonar, Monday.com, Peakon, Slack, and more applications .

  Issue Fixes  

  • An issue causing an Invalid access URL error while authenticating with Duo Security from the ADSelfService Plus mobile site has been fixed. This issue occurred when ADSelfService Plus was utilizing a reverse proxy set up on a separate machine.

  • An issue that prevented access to ADSelfService Plus via any shortcut icon when the product was already running has now been fixed.

  • An issue with the enforce enrollment login script that affected the working of the Duo Universal prompt when ADSelfService Plus was using the default port for HTTP or HTTPS connections has now been fixed.

  • An issue that caused an Invalid Request error when setting up mail configurations on non-English deployments of ADSelfService Plus has now been fixed.

  • An issue causing the Tenant ID value in OAuth mail configurations to disappear upon integrating ADSelfService Plus with AD360, has been fixed.

  • An issue that caused OAuth SSO login failures while using the PKCE code challenge has now been fixed.

Release Notes for build 6404 ( Feb 19, 2024 )

Enhancements

  1. REST API-based integration support has been provided for the RSA authenticator.

  2. The RSA authenticator now supports policy-based configuration.

  3. A Username Pattern has been introduced for RSA authentication to efficiently manage issues caused by multiple domains having similar usernames. 

 Issue Fixes 

  1. The ADSelfService Plus MFA connector for OWA MFA can now be installed  on Exchange servers which also act as domain controllers.

  2. An issue which prevented users from uploading their AD photo attribute using the directory self-update feature when the file extension of the image was in uppercase letters has been resolved.

  3. An issue that prevented password changes and resets using the ADSelfService Plus mobile site if the password contained a unicode character, despite the password policy mandating it, has now been fixed.

  4. An issue that prevented initial logins to machines using the manually-installed login agent when the ADSelfService Plus server was inaccessible, has now been fixed.

  5. A loading issue that domain technicians without a designated policy experienced while attempting to access ADSelfService Plus from AD360 has been fixed.

  6. An issue that prevented SMTP settings from being saved if the admin's display name had more than one space has now been fixed.

  7. An issue caused while configuring a high availability deployment of ADSelfService Plus with an external PostgreSQL database has now been fixed.

  8. An issue that prevented attachments with the .docs extension from being sent with emails from ADSelfService Plus has now been fixed.

  9. An issue that prevented the Mobile App Deployment page from loading when the domain name began with a numeral has now been fixed.

  10. An issue that caused the Access URL to revert to the hostname when an SSL certificate was applied has now been fixed.

  11. Issues with password changes and resets using the SHA-1 algorithm for the OpenLDAP and 389 Directory Server have now been fixed.

  12. An issue that caused the login agent to display a Server Unreachable error when  ADSelfService Plus had a context path configured has been fixed.

  13. An issue that caused incorrect search results to be displayed while searching for computers under the Conditional Access section has now been fixed.

  14. An issue that caused restricted users to consume licenses while attempting password resets or account unlocks from the self-service portal has now been fixed.

Release Notes for build 6403 ( Feb 12, 2024 )

Feature  

  • FIDO Passkeys for phishing-resistant MFA: FIDO-compliant device-authenticators like Windows Hello, Apple Face ID/Touch ID, Android Biometrics, and security keys like YubiKeys, Google Titan Keys etc., can now be used to protect access to applications for a secure, passwordless experience. 

Release Notes for build 6402 ( Jan 10, 2024 )
Enhancement
  • The Spring Framework JAR files used in the product have been updated to version 5.3.28.
Issue Fix
  • An authenticated RCE security vulnerability (CVE-2024-0252) in the load balancer component of ADSelfService Plus has been fixed. This vulnerability was reported by Joe Zhoy.
Please click here to check the fixes and enhancements on the previous version of the application.


                  New to ADSelfService Plus?