The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary. For the Specops Authentication Client Release Notes, click here.
Current Release: 8.18.20353.1
- Domain verification is now enabled by default for new installations.
Released January 13, 2021
- Okta Verify: To prevent API tokens from going stale if not used for 30 days, these will now be refreshed by Specops Authentication after 20 days.
- Added support for traditional Chinese as a user interface language.
- Added support for PingID as an identity service.
- Changing/Resetting password could fail for users with short sAMAccountName (1 or 2 characters).
- Gatekeeper: Changed event id 239, for rejected password resets, to informational level instead of warning.
- From Internet Explorer, some identity services could fail unexpectedly due to too many redirects.
- Secure Service Desk: Added device selection for Duo identity service.
- Secure Service Desk: Loading user could fail if mobile attribute override was set to displayName or other commonly used attribute.
- Added domain name to unenrolled users report.
Released November 17, 2020
- Gatekeeper: Added additional eventlogging around user counting.
- After unlocking account and getting signed out, customizations were not shown.
Released November 04, 2020
- Gatekeeper: password resets could be handled incorrectly for users affected by password policy containing minimum password age setting, depending on time zone.
- Changing user interface language in Secure Service Desk did not always work.
- After a user had unlocked their account, if locked out from Active Directory, the user was able to unlock again without having to re-authenticate.
Released October 23, 2020
- Duo identity service now supports Auth API. This gives a better and more integrated user experience. Existing Duo configuration must be upgraded to bring this to end users.
- Quick verification has been enabled in Secure Service Desk for the Duo identity service. This requires configuring the Duo identity service to use Auth API.
Released September 30, 2020
- After authenticating with Fingerprint app on iOS, the Fingerprint app could fail to return to the originating browser.
- Authentication with Windows Identity could get stuck with a spinning wheel, never completing.
- Better indication if a user account in Active Directory has a malformed userPrincipalName.
- Users whose password had expired in Active Directory, could sometimes not change the password without doing a reset.
- User counting could be misleading in cases with multiple Active Directory domains.
- PowerShell modules were not signed.
Released September 08, 2020
- Bug fixes
Released August 06, 2020
- Fixed an issue where notifications for insufficient enrollment sometimes took longer to send or failed.
Released July 29, 2020
- Fixed an issue where displaying the text messages report took you to an error page.
Released July 21, 2020
- Added new cmdlet Clear-SAGatekeeperCache to clear Gatekeeper cache, to conform with what already is supported from admin tools.
- Added lockout settings for Mobile Code, Email and Personal Email identity services.
- Added notifications on admin web pages to indicate if there is a new Gatekeeper version available.
- Length of identity verification session is now configurable and displayed to Service Desk agent.
- Added configurable MFA policy for password change.
- Added option to customize name of Windows Identity id service.
- Added Service Desk setting for enforcing user to change password at next logon after reset, either mandatory or selected by Service Desk agent.
- Browser’s password manager could unexpectedly try to save password.
- Certain firewalls could drop connections while processing requests from browser to Specops Authentication.
- Improved usability of customization UI with display name instead of identifiers.
- Made cmdlets install with Admin tools instead of the Gatekeeper.
- Enterprise admins are now granted permissions to users’ sub-object. This does not apply to already existing sub-objects.
Released July 21, 2020
- Gatekeeper Admin – Added PowerShell cmdlet Update-SpecopsAuthenticationUrls to update ‘useful links’ URLs from cloud to AD settings container.
- Gatekeeper Admin – added PowerShell cmdlet New Update-SpecopsAuthenticationGatekeeperAdminTools to install Gatekeeper admin tool MSI.
- Added option for Service Desk agent to reset a user’s password to a generated password, without being able to see the generated password.
- Enabled Quick Verification (email) for identity verification in Service Desk.
- Enabled customization of text messages from mobile code id service.
- Added missing translations for some languages.
- Gatekeeper – After upgrading Gatekeeper, tabs in the admin tool were not always updated.
- Changed Email ID services to use time-based one-time password to improve usability and security.
- Fingerprint app on iOS could fail to resume correct web page after authenticating.
- Improved filtering for Service Desk statistics.
- Added support for Okta preview and EMEA domains.
- Added missing translations for Q&A page.
- If all default Q&A questions had been removed, it was not possible to add additional languages.
- Additional information about user displayed when opened in Service Desk.
- Added monitoring logging for user locked out of an Identity Service that a user can get locked out of (Mobile Code, Secret Questions, Email Id Services)
Released May 19, 2020
- Added a Trusted Network Location identity service which can be used to increase the authentication weight for requests from selected IP addresses.
- Added support for restricting user enrollment only from trusted network locations.
- Added support for not presenting Captcha for users connecting from trusted network locations.
- Added Email identity service for verification with email stored in Active Directory.
- Added Quick Verification identity service for verification using personal email address.
- • Added Service Desk (formerly User Management) with user identification enforcement, and the ability to unlock user’s computers when locked with Bitlocker or Symantec Encryption.
Released April 29, 2020
- Simplified enrollment process for end users.
- Improved usability for mobile code identity service.
- Added option to configure security level for user enrollment process to fit different organizations’ needs.
Released April 22, 2020
- Updated requirement for Gatekeeper and Gatekeeper admin tools to .Net Framework 4.7.2.
- Added cmdlet to list users lacking enrollment for a specific id service (Get-SAUnenrolledUsers)
- Blocking regions could fail if the region selected didn’t have a locale in the operating system where Gatekeeper admin tool was running
- Start page for a user incorrectly showed the Change password button, even if the change password feature was disabled
- Improved error message from enrollment cmdlet if the user was outside scope
- Fixed an issue where user data wasn’t always removed when removing a user’s enrollment
Released March 10, 2020
- New start page for users, listing actions a user can take.
- User management could display inaccurate value for “Time until password must be changed.”
- Added fallback language for customized text.
- User management pages are hosted on their own URL. Links from the admin tool will go there. Saved bookmarks will redirect to the new URL.
- Gatekeeper could unexpectedly switch between domain controllers, causing replication issues resulting in end user getting a “That took a bit too long” error message.
- If Gatekeeper fails to reset a user’s password, event log message has been set to warning level (previously information level).
- Gatekeeper Admin Tool: Improved error messages if migrating users from uReset 7.x fails.
Released January 23, 2020
- Added a Geoblocking feature that allows you to filter incoming requests based on geographical location (see Geoblocking for more information).
- Improved error messaging in case of Gatekeeper activation failure.
Released October 16, 2019
- Added option to configure default country code for Mobile verification enrollment
- Clarified allowed username formats when user is asked to enter username
- User Management
- Improved performance of user details page
- Added information about key recovery events to user details page
- Password start page
- Will now load color and logo customizations
- New unlock button if user only needs to unlock account
- Landing page improvements
- Only end user links to the left
- Added link to Key Recovery
- Fixed issues with Gatekeeper failing to activate due to proxy configuration and improved troubleshooting for Gatekeeper connectivity
- Fixed issues with saving uReset notifications
Released September 18, 2019
- Added three new languages: Polish, Korean and Czech
- Added support for migrating a single user from uReset 7 in addition to the batch version
- Fixed bug where migration from uReset 7 failed in some scenarios
- Fixed issue with not being able to select and copy text on the customization page
- Added missing Email column to exported not enrolled users report
- General stability improvements
Released August 27, 2019
- Added support for customization on landing pages.
- Added various missing information in logs for Specops Key Recovery.
- Fixed bug in Specops Authentication PowerShell CmdLets when domain name was shorter than 3 characters.
- When used with Specops Password Policy, fixed issue with unsatisfied password dictionary rule displaying incorrect information message.
Released July 25, 2019
- Fingerprint usability improvements when authenticating on a mobile device.
- Various fixes for multiple AD domain environments.
- Fixed bug when exporting CSV of not enrolled users report.
Released June 19, 2019
- Updates to customization functionality in Specops Authentication Web. These customization improvements make it easier to change the look and feel of the Specops Authentication end-user interface, including colors, text, and logos. For more information, see here.
- Mobile Bank ID is enabled for customers using the EU data center from 8.5 onwards.
Released May 20th 2019
- Various improvements for Active Directory environments with multiple domains. Customers affected by multi-domain issues are recommended to upgrade their Gatekeeper.
- Support for Breached Password Protection Express when used with Specops Password Policy 7.1 and later. The Breached Password Protection Express rule will be displayed to users when they change their password.
- Support for length-based password aging when used with Specops Password Policy 7.1 and later. The length-based password aging setting will be displayed to users when they change their password.
Released May 15, 2019
- Support for Specops Key Recovery: This is a self-service solution for unlocking encrypted computers. If a user is locked out at the pre-boot screen, they can use Specops Key Recovery to unlock the computer, without needing to call their organization’s helpdesk. For more information, click here.
Note: To use Specops Key Recovery, you must have a Specops Key Recovery license.
Released April 16, 2019
- Administrators can redirect the Specops Password Reset mobile app, so that it points to Specops uReset 8 and above, instead of Specops uReset 7.12 or Specops Password Reset applications.
- When signing up for a Specops uReset 8 account, administrators can now choose either the European (EU) or North American (NA) data center.
- Added domain name protection in URLs. This prevents an account from being accessed using a registered domain name. When this is enabled, all references to a domain name in application URLs are replaced by obfuscated IDs.
- Some users were not being moved, when attempting to migrate them from Specops uReset 7.12 to Specops uReset 8.0.
- If a manager identification request cannot be sent (because of missing or invalid email addresses), end-users will now receive a report notifying them.
- If a user sees the User must change password at next login flag, they are now guided to the Change Password page when trying to use their password within Specops Authentication.
- Improved error handling for session timeouts. When a session timeout occurs, users can now click a button to return to where they started.
Released February 28, 2019
- The version number has been incremented from 7.12 to 8.0.
- uReset customers upgrading from version 7.12 or earlier will need to migrate their enrollments. Contact your account representative for more information.
- Fixed an issue in which the online dictionary rule wasn’t displayed when users reset or changed passwords.
- Gated MFA – This function makes it possible to protect one identity service with the help of another to prevent misuse. For example, this requires users to enter a mobile code before being allowed to sign in with their password.
- The minimum length for secret questions can now be configured by each user.
- The Symantec VIP Identity service now supports auto-enrollment.
Released November 14th, 2018
- Password change support on the Authentication Web.
- Support for authentication with the SITHS/EFOS identity service.
- Support for displaying the Password Breached Password Protection rule during password change. This is applicable to Specops Password Policy customers with the Breached Password Protection add-on.
- Support to sign-in with email address/samAccountName on the Authentication Web.
- Setting to disable Captcha in the ADAL Browser.
- New contact information fields during account creation.
- Option to Test Connection with the Duo identity service.
- Support for different Active Directory attributes when configuring the Duo, and Symantec VIP identity service.
- Default “User must change password at next login” setting when a user password is reset from the User Management pages on the Authentication Web.
- Automatic sign-out from the Authentication Web (following a password reset/change, or 30 minutes of inactivity).
- Option to configure the maximum weight (star assignment) of an identity service.
- End-user verification with one-time SMS code from the User Management pages on the Authentication Web.
- Setting to allow Administrator and User Management users to be outside the scope of management.
- Configurable auto/manual enrollment for the Mobile Code identity service. If auto enrollment is selected, users with a mobile number in Active Directory will be automatically enrolled with the Identity Service.
- Various improvements to the Migration Wizard.
- Various improvements to the user experience, including a new top navigation menu, and additional information on several pages on the Authentication Web, and the Gatekeeper Admin Tool.
- Option to remove the “Unicode” password rules text displayed to the end-user during a password change.
Released October 23, 2018
- In some scenarios, the end-user received a “Failed to validate captcha” error during authentication and had to try again.
- Accessing the Enrollment page from the Client menu shortcut, results in a “can’t reach this page” error on older versions of Microsoft Edge.
Released July 25, 2018
- New shared web interface and Gatekeeper with Specops Authentication. You can access both products from a single interface and allow users to extend their multi-factor authentication enrollments to access O365. For more information, contact your account representative.
- Language support for Japanese, Portuguese, and Simplified Chinese.
- Redundacy with multiple gatekeepers (if using the new Authentication Gatekeeper).
- Added option to allow the end-user to enter their North American local numbers, without entering a country code.
- The Helpdesk interface has been redesigned and renamed to User Management.
July 18, 2018