Release Notes

The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary. For the Specops Authentication Client Release Notes, click here.

Current release: 8.21.21207.1

Fixed Issues

  • Features not enabled in a subscription could be clickable, but not working, and cause confusion to end users.
  • Gatekeeper could get in a non-responding state where service restart was needed.

Released July 28, 2021


New Functionality

  • Added new feature for masking phone numbers in Secure Service Desk.
  • Added new feature for displaying and sending enrollment link from Secure Service Desk.
  • Okta verify is now available as a quick verification in Secure Service Desk.

Improvements/Fixed Issues

  • Service desk settings page has an updated design.
  • A new placeholder for user first name is now available when editing notifications.
  • The default selected scope is now empty when running the Gatekeeper installation wizard. If the root is selected a warning will now be displayed.
  • Adding images to notifications could fail without useful error message.

Other Changes

  • Signing out from admin will now also sign out the user from Service Desk.
  • The icons presented next to password/passphrase rules have been changed and should now be aligned with SPP password change UI. This should also improve visual feedback for people with color vision deficiency, since the icons now differ in both shape and color.
  • Admin and Service desk policies are now identical by default.

Released June 09, 2021


New Functionality

  • Added support for YubiKey as an identity service.
  • Added support for showing rules/phrases in order as configured in Specops Password Policy (Only for users affected by Specops Password Policy).

Improvements/Fixed Issues

  • Improved error message during if user with ‘must not change password’ set in Active Directory attempts to reset/change their password.
  • Enrolling with the Duo identity service could result in an error message.
  • Improved user feedback when Duo has been configured to bypass two-factor authentication.
  • Improved user feedback when a user has inactive/disabled/locked devices for Symantec VIP.

Released April 27, 2021


New Functionality

  • Improved user experience for the Symantec VIP identity service.
  • Added support for ‘quick verification’ to Symantec VIP from service desk.
  • Added option to configure custom verification URL for service desk

Improvements/Fixed Issues

  • Improved usability when entering phone number for the Mobile Code identity service, in particular for Internet Explorer users.
  • Active Directory domain name with underscore (‘_’) was not fully supported.
  • Integrated Windows Authentication could fail from Edge.

Released March 09, 2021


Fixed issues

  • Certain top level domain names, (e.g. .at/.ac) were not supported when signing up or adding new domain names.
  • ‘Required’ flag on questions when configuring the Q&A id service was not always saved.

Released February 15, 2021


Other changes

  • Domain verification is now enabled by default for new installations.

Released January 13, 2021


New functionality

  • Okta Verify: To prevent API tokens from going stale if not used for 30 days, these will now be refreshed by Specops Authentication after 20 days.
  • Added support for traditional Chinese as a user interface language.
  • Added support for PingID as an identity service.

Improvements/Fixed issues

  • Changing/Resetting password could fail for users with short sAMAccountName (1 or 2 characters).
  • Gatekeeper: Changed event id 239, for rejected password resets, to informational level instead of warning.
  • From Internet Explorer, some identity services could fail unexpectedly due to too many redirects.
  • Secure Service Desk: Added device selection for Duo identity service.
  • Secure Service Desk: Loading user could fail if mobile attribute override was set to displayName or other commonly used attribute.
  • Added domain name to unenrolled users report.

Released November 17, 2020


Other changes

  • Gatekeeper: Added additional eventlogging around user counting.
  • After unlocking account and getting signed out, customizations were not shown.

Released November 04, 2020


Fixed issues

  • Gatekeeper: password resets could be handled incorrectly for users affected by password policy containing minimum password age setting, depending on time zone.
  • Changing user interface language in Secure Service Desk did not always work.
  • After a user had unlocked their account, if locked out from Active Directory, the user was able to unlock again without having to re-authenticate.

Released October 23, 2020


New functionality

  • Duo identity service now supports Auth API. This gives a better and more integrated user experience. Existing Duo configuration must be upgraded to bring this to end users.
  • Quick verification has been enabled in Secure Service Desk for the Duo identity service. This requires configuring the Duo identity service to use Auth API.
Note: This release requires all Gatekeepers to be upgraded preferably on the same day. No configuration changes should be made until this is complete. If there is a mix of Gatekeeper versions in your environment and changes are made, undesired notification behavior will be triggered.

Released September 30, 2020


Improvements/Fixed issues

  • After authenticating with Fingerprint app on iOS, the Fingerprint app could fail to return to the originating browser.
  • Authentication with Windows Identity could get stuck with a spinning wheel, never completing.
  • Better indication if a user account in Active Directory has a malformed userPrincipalName.
  • Users whose password had expired in Active Directory, could sometimes not change the password without doing a reset.
  • User counting could be misleading in cases with multiple Active Directory domains.

Other changes

  • PowerShell modules were not signed.

Released September 08, 2020


Fixed issues

  • Bug fixes

Released August 06, 2020


Fixed issues

  • Fixed an issue where notifications for insufficient enrollment sometimes took longer to send or failed.

Released July 29, 2020


Fixed issues

  • Fixed an issue where displaying the text messages report took you to an error page.

Released July 21, 2020


New features

  • Added new cmdlet Clear-SAGatekeeperCache to clear Gatekeeper cache, to conform with what already is supported from admin tools.
  • Added lockout settings for Mobile Code, Email and Personal Email identity services.
  • Added notifications on admin web pages to indicate if there is a new Gatekeeper version available.
  • Length of identity verification session is now configurable and displayed to Service Desk agent.
  • Added configurable MFA policy for password change.
  • Added option to customize name of Windows Identity id service.
  • Added Service Desk setting for enforcing user to change password at next logon after reset, either mandatory or selected by Service Desk agent.

Fixed issues

  • Browser’s password manager could unexpectedly try to save password.
  • Certain firewalls could drop connections while processing requests from browser to Specops Authentication.
  • Improved usability of customization UI with display name instead of identifiers.
  • Made cmdlets install with Admin tools instead of the Gatekeeper.

Other changes

  • Enterprise admins are now granted permissions to users’ sub-object. This does not apply to already existing sub-objects.

Released July 21, 2020


New features

  • Gatekeeper Admin – Added PowerShell cmdlet Update-SpecopsAuthenticationUrls to update ‘useful links’ URLs from cloud to AD settings container.
  • Gatekeeper Admin – added PowerShell cmdlet New Update-SpecopsAuthenticationGatekeeperAdminTools to install Gatekeeper admin tool MSI.
  • Added option for Service Desk agent to reset a user’s password to a generated password, without being able to see the generated password.
  • Enabled Quick Verification (email) for identity verification in Service Desk.
  • Enabled customization of text messages from mobile code id service.

Fixed issues

  • Added missing translations for some languages.
  • Gatekeeper – After upgrading Gatekeeper, tabs in the admin tool were not always updated.
  • Changed Email ID services to use time-based one-time password to improve usability and security.
  • Fingerprint app on iOS could fail to resume correct web page after authenticating.
  • Improved filtering for Service Desk statistics.
  • Added support for Okta preview and EMEA domains.
  • Added missing translations for Q&A page.
  • If all default Q&A questions had been removed, it was not possible to add additional languages.
  • Additional information about user displayed when opened in Service Desk.
  • Added monitoring logging for user locked out of an Identity Service that a user can get locked out of (Mobile Code, Secret Questions, Email Id Services)

Released May 19, 2020


New features

  • Added a Trusted Network Location identity service which can be used to increase the authentication weight for requests from selected IP addresses.
  • Added support for restricting user enrollment only from trusted network locations.
  • Added support for not presenting Captcha for users connecting from trusted network locations.
  • Added Email identity service for verification with email stored in Active Directory.
  • Added Quick Verification identity service for verification using personal email address.
  • • Added Service Desk (formerly User Management) with user identification enforcement, and the ability to unlock user’s computers when locked with Bitlocker or Symantec Encryption.

Released April 29, 2020


Usability Improvements

  • Simplified enrollment process for end users.
  • Improved usability for mobile code identity service.

Other Changes

  • Added option to configure security level for user enrollment process to fit different organizations’ needs.

Released April 22, 2020


Updated Requirements

  • Updated requirement for Gatekeeper and Gatekeeper admin tools to .Net Framework 4.7.2.

New Features

  • Added cmdlet to list users lacking enrollment for a specific id service (Get-SAUnenrolledUsers)

Fixed Issues

  • Blocking regions could fail if the region selected didn’t have a locale in the operating system where Gatekeeper admin tool was running
  • Start page for a user incorrectly showed the Change password button, even if the change password feature was disabled
  • Improved error message from enrollment cmdlet if the user was outside scope
  • Fixed an issue where user data wasn’t always removed when removing a user’s enrollment

Released March 10, 2020


Usability improvements

  • New start page for users, listing actions a user can take.

Fixed issues

  • User management could display inaccurate value for “Time until password must be changed.”

Other changes

  • Added fallback language for customized text.
  • User management pages are hosted on their own URL. Links from the admin tool will go there. Saved bookmarks will redirect to the new URL.


  • Gatekeeper could unexpectedly switch between domain controllers, causing replication issues resulting in end user getting a “That took a bit too long” error message.
  • If Gatekeeper fails to reset a user’s password, event log message has been set to warning level (previously information level).
  • Gatekeeper Admin Tool: Improved error messages if migrating users from uReset 7.x fails.

Released January 23, 2020


New Features

  • Added a Geoblocking feature that allows you to filter incoming requests based on geographical location (see Geoblocking for more information).

Fixed Issues

  • Improved error messaging in case of Gatekeeper activation failure.

Released October 16, 2019


New Features

  • Added option to configure default country code for Mobile verification enrollment

Fixed Issues

  • Clarified allowed username formats when user is asked to enter username
  • User Management
    • Improved performance of user details page
    • Added information about key recovery events to user details page
  • Password start page
    • Will now load color and logo customizations
    • New unlock button if user only needs to unlock account
  • Landing page improvements
    • Only end user links to the left
    • Added link to Key Recovery
  • Fixed issues with Gatekeeper failing to activate due to proxy configuration and improved troubleshooting for Gatekeeper connectivity
  • Fixed issues with saving uReset notifications

Released September 18, 2019


New Features

  • Added three new languages: Polish, Korean and Czech
  • Added support for migrating a single user from uReset 7 in addition to the batch version

Fixed Issues

  • Fixed bug where migration from uReset 7 failed in some scenarios
  • Fixed issue with not being able to select and copy text on the customization page
  • Added missing Email column to exported not enrolled users report
  • General stability improvements

Released August 27, 2019


New Features

  • Added support for customization on landing pages.

Fixed Issues

  • Added various missing information in logs for Specops Key Recovery.
  • Fixed bug in Specops Authentication PowerShell CmdLets when domain name was shorter than 3 characters.
  • When used with Specops Password Policy, fixed issue with unsatisfied password dictionary rule displaying incorrect information message.

Released July 25, 2019


New Features

  • Fingerprint usability improvements when authenticating on a mobile device.

Fixed Issues

  • Various fixes for multiple AD domain environments.
  • Fixed bug when exporting CSV of not enrolled users report.

Released June 19, 2019


New features 

  • Updates to customization functionality in Specops Authentication Web. These customization improvements make it easier to change the look and feel of the Specops Authentication end-user interface, including colors, text, and logos. For more information, see here. 
  • Mobile Bank ID is enabled for customers using the EU data center from 8.5 onwards. 

Released May 20th 2019


Fixed Issues

  • Various improvements for Active Directory environments with multiple domains. Customers affected by multi-domain issues are recommended to upgrade their Gatekeeper. 

Other changes 

  • Support for Breached Password Protection Express when used with Specops Password Policy 7.1 and later. The Breached Password Protection Express rule will be displayed to users when they change their password.
  • Support for length-based password aging when used with Specops Password Policy 7.1 and later. The length-based password aging setting will be displayed to users when they change their password.

Released May 15, 2019


New Features

  • Support for Specops Key Recovery: This is a self-service solution for unlocking encrypted computers. If a user is locked out at the pre-boot screen, they can use Specops Key Recovery to unlock the computer, without needing to call their organization’s helpdesk. For more information, click here.

Note: To use Specops Key Recovery, you must have a Specops Key Recovery license.

Released April 16, 2019


New Features  

  • Administrators can redirect the Specops Password Reset mobile app, so that it points to Specops uReset 8 and above, instead of Specops uReset 7.12 or Specops Password Reset applications.
  • When signing up for a Specops uReset 8 account, administrators can now choose either the European (EU) or North American (NA) data center. 
  • Added domain name protection in URLs. This prevents an account from being accessed using a registered domain name. When this is enabled, all references to a domain name in application URLs are replaced by obfuscated IDs.

Fixed Issues

  • Some users were not being moved, when attempting to migrate them from Specops uReset 7.12 to Specops uReset 8.0. 

Other changes

  • If a manager identification request cannot be sent (because of missing or invalid email addresses), end-users will now receive a report notifying them. 
  • If a user sees the User must change password at next login flag, they are now guided to the Change Password page when trying to use their password within Specops Authentication. 
  • Improved error handling for session timeouts. When a session timeout occurs, users can now click a button to return to where they started.  

Released February 28, 2019



  • The version number has been incremented from 7.12 to 8.0.
  • uReset customers upgrading from version 7.12 or earlier will need to migrate their enrollments. Contact your account representative for more information.

Fixed issues

  • Fixed an issue in which the online dictionary rule wasn’t displayed when users reset or changed passwords.   

Other changes

  •  Gated MFA – This function makes it possible to protect one identity service with the help of another to prevent misuse. For example, this requires users to enter a mobile code before being allowed to sign in with their password.   
  • The minimum length for secret questions can now be configured by each user.  
  • The Symantec VIP Identity service now supports auto-enrollment.

Released November 14th, 2018


New features

  • Password change support on the Authentication Web.
  • Support for authentication with the SITHS/EFOS identity service.
  • Support for displaying the Password Breached Password Protection rule during password change. This is applicable to Specops Password Policy customers with the Breached Password Protection add-on.

Other changes

  • Support to sign-in with email address/samAccountName on the Authentication Web.
  • Setting to disable Captcha in the ADAL Browser.
  • New contact information fields during account creation.
  • Option to Test Connection with the Duo identity service.
  • Support for different Active Directory attributes when configuring the Duo, and Symantec VIP identity service.
  • Default “User must change password at next login” setting when a user password is reset from the User Management pages on the Authentication Web.
  • Automatic sign-out from the Authentication Web (following a password reset/change, or 30 minutes of inactivity).
  • Option to configure the maximum weight (star assignment) of an identity service.
  • End-user verification with one-time SMS code from the User Management pages on the Authentication Web.
  • Setting to allow Administrator and User Management users to be outside the scope of management.
  • Configurable auto/manual enrollment for the Mobile Code identity service. If auto enrollment is selected, users with a mobile number in Active Directory will be automatically enrolled with the Identity Service.
  • Various improvements to the Migration Wizard.
  • Various improvements to the user experience, including a new top navigation menu, and additional information on several pages on the Authentication Web, and the Gatekeeper Admin Tool.
  • Option to remove the “Unicode” password rules text displayed to the end-user during a password change.

Released October 23, 2018


Fixed Issues

  • In some scenarios, the end-user received a “Failed to validate captcha” error during authentication and had to try again.

Known issues

  • Accessing the Enrollment page from the Client menu shortcut, results in a “can’t reach this page” error on older versions of Microsoft Edge.

Released July 25, 2018


New Features

  • New shared web interface and Gatekeeper with Specops Authentication. You can access both products from a single interface and allow users to extend their multi-factor authentication enrollments to access O365. For more information, contact your account representative.
  • Language support for Japanese, Portuguese, and Simplified Chinese.
  • Redundacy with multiple gatekeepers (if using the new Authentication Gatekeeper).
  • Added option to allow the end-user to enter their North American local numbers, without entering a country code.
  • The Helpdesk interface has been redesigned and renamed to User Management.

July 18, 2018