Release Notes

The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary.

Current release: 8.18.21040.1

Fixed issues

  • Certain top level domain names, (e.g. .at/.ac) were not supported when signing up or adding new domain names.
  • ‘Required’ flag on questions when configuring the Q&A id service was not always saved.

Released February 15, 2021


Other changes

  • Domain verification is now enabled by default for new installations.

Released January 13, 2021


New functionality

  • Okta Verify: To prevent API tokens from going stale if not used for 30 days, these will now be refreshed by Specops Authentication after 20 days.
  • Added support for traditional Chinese as a user interface language.
  • Added support for PingID as an identity service.

Improvements/Fixed issues

  • Changing/Resetting password could fail for users with short sAMAccountName (1 or 2 characters).
  • Gatekeeper: Changed event id 239, for rejected password resets, to informational level instead of warning.
  • From Internet Explorer, some identity services could fail unexpectedly due to too many redirects.
  • Secure Service Desk: Added device selection for Duo identity service.
  • Secure Service Desk: Loading user could fail if mobile attribute override was set to displayName or other commonly used attribute.
  • Added domain name to unenrolled users report.

Released November 17, 2020


Other changes

  • Gatekeeper: Added additional eventlogging around user counting.
  • After unlocking account and getting signed out, customizations were not shown.

Released November 04, 2020

Current Release: 8.16.20272.1

New functionality

  • Duo identity service now supports Auth API. This gives a better and more integrated user experience. Existing Duo configuration must be upgraded to bring this to end users.
  • Quick verification has been enabled in Secure Service Desk for the Duo identity service. This requires configuring the Duo identity service to use Auth API.
Note: This release requires all Gatekeepers to be upgraded preferably on the same day. No configuration changes should be made until this is complete. If there is a mix of Gatekeeper versions in your environment and changes are made, undesired notification behavior will be triggered.

Released September 30, 2020


Improvements/Fixed issues

  • After authenticating with Fingerprint app on iOS, the Fingerprint app could fail to return to the originating browser.
  • Authentication with Windows Identity could get stuck with a spinning wheel, never completing.
  • Better indication if a user account in Active Directory has a malformed userPrincipalName.
  • Users whose password had expired in Active Directory, could sometimes not change the password without doing a reset.
  • User counting could be misleading in cases with multiple Active Directory domains.

Other changes

  • PowerShell modules were not signed.

Released September 08, 2020


Fixed issues

  • Bug fixes

Released August 06, 2020


Fixed issues

  • Fixed an issue where notifications for insufficient enrollment sometimes took longer to send or failed.

Released July 29, 2020


Fixed issues

  • Fixed an issue where displaying the text messages report took you to an error page.

Released July 21, 2020


New features

  • Added new cmdlet Clear-SAGatekeeperCache to clear Gatekeeper cache, to conform with what already is supported from admin tools.
  • Added lockout settings for Mobile Code, Email and Personal Email identity services.
  • Added notifications on admin web pages to indicate if there is a new Gatekeeper version available.
  • Length of identity verification session is now configurable and displayed to Service Desk agent.
  • Added configurable MFA policy for password change.
  • Added option to customize name of Windows Identity id service.
  • Added Service Desk setting for enforcing user to change password at next logon after reset, either mandatory or selected by Service Desk agent.

Fixed issues

  • Browser’s password manager could unexpectedly try to save password.
  • Certain firewalls could drop connections while processing requests from browser to Specops Authentication.
  • Improved usability of customization UI with display name instead of identifiers.
  • Made cmdlets install with Admin tools instead of the Gatekeeper.

Other changes

  • Enterprise admins are now granted permissions to users’ sub-object. This does not apply to already existing sub-objects.

Released July 21, 2020

Release: 8.13.20128.13

New features

  • Gatekeeper Admin – Added PowerShell cmdlet Update-SpecopsAuthenticationUrls to update ‘useful links’ URLs from cloud to AD settings container.
  • Gatekeeper Admin – added PowerShell cmdlet New Update-SpecopsAuthenticationGatekeeperAdminTools to install Gatekeeper admin tool MSI.
  • Added option for Service Desk agent to reset a user’s password to a generated password, without being able to see the generated password.
  • Enabled Quick Verification (email) for identity verification in Service Desk.
  • Enabled customization of text messages from mobile code id service.

Fixed issues

  • Added missing translations for some languages.
  • Gatekeeper – After upgrading Gatekeeper, tabs in the admin tool were not always updated.
  • Changed Email ID services to use time-based one-time password to improve usability and security.
  • Fingerprint app on iOS could fail to resume correct web page after authenticating.
  • Improved filtering for Service Desk statistics.
  • Added support for Okta preview and EMEA domains.
  • Added missing translations for Q&A page.
  • If all default Q&A questions had been removed, it was not possible to add additional languages.
  • Additional information about user displayed when opened in Service Desk.
  • Added monitoring logging for user locked out of an Identity Service that a user can get locked out of (Mobile Code, Secret Questions, Email Id Services)

Released May 19, 2020


New features

  • Added a Trusted Network Location identity service which can be used to increase the authentication weight for requests from selected IP addresses.
  • Added support for restricting user enrollment only from trusted network locations.
  • Added support for not presenting Captcha for users connecting from trusted network locations.
  • Added Email identity service for verification with email stored in Active Directory.
  • Added Quick Verification identity service for verification using personal email address.
  • • Added Service Desk (formerly User Management) with user identification enforcement, and the ability to unlock user’s computers when locked with Bitlocker or Symantec Encryption.

Released April 29, 2020


Usability Improvements

  • Simplified enrollment process for end users.
  • Improved usability for mobile code identity service.

Other Changes

  • Added option to configure security level for user enrollment process to fit different organizations’ needs.

Released April 22, 2020


Updated Requirements

  • Updated requirement for Gatekeeper and Gatekeeper admin tools to .Net Framework 4.7.2.

New Features

  • Added cmdlet to list users lacking enrollment for a specific id service (Get-SAUnenrolledUsers)

Fixed Issues

  • Blocking regions could fail if the region selected didn’t have a locale in the operating system where Gatekeeper admin tool was running
  • Start page for a user incorrectly showed the Change password button, even if the change password feature was disabled
  • Improved error message from enrollment cmdlet if the user was outside scope
  • Fixed an issue where user data wasn’t always removed when removing a user’s enrollment

Released March 10, 2020


Usability improvements

  • New start page for users, listing actions a user can take.

Fixed issues

  • User management could display inaccurate value for “Time until password must be changed.”

Other changes

  • Added fallback language for customized text.
  • User management pages are hosted on their own URL. Links from the admin tool will go there. Saved bookmarks will redirect to the new URL.


  • Gatekeeper could unexpectedly switch between domain controllers, causing replication issues resulting in end user getting a “That took a bit too long” error message.
  • If Gatekeeper fails to reset a user’s password, event log message has been set to warning level (previously information level).
  • Gatekeeper Admin Tool: Improved error messages if migrating users from uReset 7.x fails.

Released January 23, 2020


New Features

  • Added a Geoblocking feature that allows you to filter incoming requests based on geographical location (see Geoblocking for more information).

Fixed Issues

  • Improved error messaging in case of Gatekeeper activation failure.

Released October 16, 2019


New Features

  • Added option to configure default country code for Mobile verification enrollment

Fixed Issues

  • Clarified allowed username formats when user is asked to enter username
  • User Management
    • Improved performance of user details page
    • Added information about key recovery events to user details page
  • Password start page
    • Will now load color and logo customizations
    • New unlock button if user only needs to unlock account
  • Landing page improvements
    • Only end user links to the left
    • Added link to Key Recovery
  • Fixed issues with Gatekeeper failing to activate due to proxy configuration and improved troubleshooting for Gatekeeper connectivity
  • Fixed issues with saving uReset notifications

Released September 18, 2019


New Features

  • Added three new languages: Polish, Korean and Czech
  • Added support for migrating a single user from uReset 7 in addition to the batch version

Fixed Issues

  • Fixed bug where migration from uReset 7 failed in some scenarios
  • Fixed issue with not being able to select and copy text on the customization page
  • Added missing Email column to exported not enrolled users report
  • General stability imporvements

Released August 27, 2019


New Features

  • Added support for customization on landing pages.

Fixed Issues

  • Added various missing information in logs for Specops Key Recovery.
  • Fixed bug in Specops Authentication PowerShell CmdLets when domain name was shorter than 3 characters.
  • When used with Specops Password Policy, fixed issue with unsatisfied password dictionary rule displaying incorrect information message.

Released July 25, 2019


New Features

  • Fingerprint usability improvements when authenticating on a mobile device.

Fixed Issues

  • Various fixes for multiple AD domain environments.
  • Fixed bug when exporting CSV of not enrolled users report.

Released June 19, 2019


New features 

  • Updates to customization functionality in Specops Authentication Web. These customization improvements make it easier to change the look and feel of the Specops Authentication end-user interface, including colors, text, and logos. For more information, see here. 
  • Mobile Bank ID is enabled for customers using the EU data center from 8.5 onwards. 

Released May 20th 2019


Fixed Issues

  • Various improvements for customers using the uReset feature in Active Directory environments with multiple domains. 

Released May 8th 2019


New Features

  • Support for Specops Key Recovery: This is a self-service solution for unlocking encrypted computers. If a user is locked out at the pre-boot screen, they can use Specops Key Recovery to unlock the computer, without needing to call their organization’s helpdesk. For more information, click here.

Note: To use Specops Key Recovery, you must have a Specops Key Recovery license.

Released April 16th, 2019


New Features

  • When signing up for a Specops Authentication account, administrators can now choose either the European (EU) or North American (NA) data center.  
  • Added domain name protection in URLs. This prevents an account from being accessed using a registered domain name. When this is enabled, all references to a domain name in application URLs are replaced by obfuscated IDs.
  • Added an option to prevent Domain Controllers from removing the required Gatekeeper permissions on Domain Admin accounts, allowing these and other protected accounts to enroll.  

Note: The Mobile Bank ID identity service is not currently available for customers using the E.U data center.  

Fixed Issues

  • Users could not authenticate using Mobile Bank ID in ADAL browsers. 
  • Customer administrators were prevented from federating their domain with Office 365. 
  • Customizations, such as customer specific logos were not displayed correctly on error pages. 

Other changes

  • If a manager identification request cannot be sent (because of missing or invalid email addresses), users will now receive a report notifying them. 
  • If a user sees User must change password at next login flag, they are now guided to the Change Password page when trying to use their password within Specops Authentication. 
  • Improved error handling for session timeouts. When a session timeout occurs, users can now click a button to return to where they started.  

Released Feb 28th, 2019


Note: The version number has been incremented from 2.12 to 8.0.

Fixed issues

  • Fixed an issue in which the online dictionary rule wasn’t displayed when users reset or changed passwords.   

Other changes

  • Gated MFA – This function makes it possible to protect one identity service with the help of another to prevent misuse. For example, this requires users to enter a mobile code before being allowed to sign in with their password.   
  • The minimum length for secret questions can now be configured by each user.  
  • The Symantec VIP Identity service now supports auto-enrollment.

Released November 14th, 2018


New features

  • Support for authentication with the SITHS/EFOS identity service.

Other changes

  • Support to sign-in with email address/samAccountName on the Authentication Web.
  • Setting to disable Captcha in the ADAL Browser.
  • New contact information fields during account creation.
  • Option to Test Connection with the Duo identity service.
  • Support for different Active Directory attributes when configuring the Duo, and Symantec VIP identity service.
  • Automatic sign-out from the Authentication Web (following a password reset/change, or 30 minutes of inactivity).
  • Option to configure the maximum weight (star assignment) of an identity service.
  • Setting to allow Administrator and User Management users to be outside the scope of management.
  • Configurable auto/manual enrollment for the Mobile Code identity service. If auto enrollment is selected, users with a mobile number in Active Directory will be automatically enrolled with the identity service.
  • Various improvements to the Migration Wizard.
  • Various improvements to the user experience, including top navigation menu, and additional information on several pages on the Authentication Web, and the Gatekeeper Admin Tool.

Released October 23, 2018


Fixed issues

  • In some scenarios, the end-user received a “Failed to validate captcha” error during authentication and had to try again.

Released July 25, 2018


New features

  • New shared web interface and Gatekeeper with Specops uReset. You can access both products from a single interface and allow users to extend their multi-factor authentication enrollments to verify themselves during a password reset. For more information, contact your account representative.
  • Language support for Dutch, French, German, Japanese, Portuguese, Russian, Simplified Chinese, Spanish, Swedish.
  • Support for multiple Active Directory domains in the same forest.
  • Delegated permissions for Gatekeeper installation. Gatekeepers can now be configured by a user that does not have administrative permissions on the domain level. The user can configure Specops Authentication for an organizational unit where they are an administrator.
  • Added drop-down for picking country code when using the Mobile Code identity service.
  • Added option to allow the end-user to enter their North American local numbers, without entering a country code, when using the Mobile Code identity service.
  • Improved design for the Specops Authentication start page.

Fixed issues

  • In some scenarios, the end-user received multiple mobile codes when using the Mobile Code identity service.

Other changes

  • Various improvements to the user experience, including for some error scenarios.

Released July 18, 2018


New features

  • Added cmdlets for administrator enrollment.
  • Swedish language support.

Fixed issues

  • In some scenarios, when multiple Gatekeepers were installed, Gatekeepers with lower assigned priorities were used when a Gatekeeper with a higher assigned priority was available.
  • During authentication, the company logo in the ADAL browser linked to the Specops Authentication start page.

Other changes

  • Improved user experience when installing multiple Gatekeepers for redundancy.
  • Removed read-only domain controllers when selecting preferred domain controller for Gatekeepers.
  • Reorganized Reporting, Monitoring, and Statistics menus on the Specops Authentication web.

Released April 25, 2018


New features

  • Reporting menu for tracking user enrollment progress.

Fixed issues

  • If the captcha prompt was closed before finishing the captcha, the user could get stuck on the page.
  • In some scenarios, multi-factor authentication failed in the ADAL browser if one identity service was remaining.
  • Switching between statistics tabs saved the previous filter.

Other changes

  • Progress bar display when upgrading the Gatekeeper.
  • Added option to force the Gatekeeper service to use a specific domain controller.
  • Increased Sign out button visibility on mobile browser.

Released April 11, 2018


New features

  • Support for proxy server customization during Gatekeeper setup.
  • Support for user counting (nightly and manual) complete with statistics.
  • Text customization for various end-user text elements.
  • Audit tracking for various events on the Specops Authentication web.

Other changes

  • Additional text customizations for end-user text elements.
  • Security improvements for various user scenarios.
  • Improved experience when using the Specops Authentication admin tools while accessing the Gatekeeper remotely.
  • Various design improvements to the administration pages on the Specops Authentication web.
  • Added sign out button during multi-factor authentication. This will allow the user to sign out of all identity services before they have completed authenticated with Specops Authentication.

Released March 26, 2018


New features

  • Email and SMS notifications for various events, including Manager Identification requests.
  • Multi-factor authentication policy for previously enrolled users when accessing their enrollment.
  • Detailed view of Specops Authentication usage, including identity service usage, number of sent text messages, and successful authentications to O365.
  • Detailed view of Specops Authentication subscription.
  • The Manager Identification identity service can be configured to display the name (or partial name) of the manager to the end-user.

Other changes

  • Various improvements to the user experience, including for some error scenarios.
  • Moved customer specific Duo configuration information to the customer’s Active Directory.

Released February 20, 2018



  • Moved customer specific O365 configuration to the customer’s Active Directory.
  • Various improvements to the user experience, including for some error scenarios.

Released January 29, 2018


New features

  • Added an enrollment reminder when a user with an incomplete enrollment signs in to O365.

Fixed issues

  • In some scenarios, the Gatekeeper status displayed not connected, when it should have displayed connected.
  • During authentication with Windows Identity, the password reveal button (eye button) was missing.
  • During the Gatekeeper installation, selecting a custom domain account, and switching to a managed service account, resulted in an error.
  • Accessing the customization features on the Specops Authentication web, when logged in with the installation account, logged the user out.
  • The Symantec VIP configuration page did not apply the CSS custom file.
  • Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app (iOS and Android).

Other changes

  • Various improvement to the user experience, including for some error scenarios.

Released January 15, 2018


Fixed issues

  • Downloading the MetaData file for Symantec VIP the second time did not produce the same file.
  • Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app.
  • Unable to disable an O365 domain that did not exist in Azure AD.

Other changes

  • Various small improvements to the user experience, including for some error scenarios.

Released December 28, 2017