The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary.
Current release: 8.18.21040.1
- Certain top level domain names, (e.g. .at/.ac) were not supported when signing up or adding new domain names.
- ‘Required’ flag on questions when configuring the Q&A id service was not always saved.
Released February 15, 2021
- Domain verification is now enabled by default for new installations.
Released January 13, 2021
- Okta Verify: To prevent API tokens from going stale if not used for 30 days, these will now be refreshed by Specops Authentication after 20 days.
- Added support for traditional Chinese as a user interface language.
- Added support for PingID as an identity service.
- Changing/Resetting password could fail for users with short sAMAccountName (1 or 2 characters).
- Gatekeeper: Changed event id 239, for rejected password resets, to informational level instead of warning.
- From Internet Explorer, some identity services could fail unexpectedly due to too many redirects.
- Secure Service Desk: Added device selection for Duo identity service.
- Secure Service Desk: Loading user could fail if mobile attribute override was set to displayName or other commonly used attribute.
- Added domain name to unenrolled users report.
Released November 17, 2020
- Gatekeeper: Added additional eventlogging around user counting.
- After unlocking account and getting signed out, customizations were not shown.
Released November 04, 2020
Current Release: 8.16.20272.1
- Duo identity service now supports Auth API. This gives a better and more integrated user experience. Existing Duo configuration must be upgraded to bring this to end users.
- Quick verification has been enabled in Secure Service Desk for the Duo identity service. This requires configuring the Duo identity service to use Auth API.
Released September 30, 2020
- After authenticating with Fingerprint app on iOS, the Fingerprint app could fail to return to the originating browser.
- Authentication with Windows Identity could get stuck with a spinning wheel, never completing.
- Better indication if a user account in Active Directory has a malformed userPrincipalName.
- Users whose password had expired in Active Directory, could sometimes not change the password without doing a reset.
- User counting could be misleading in cases with multiple Active Directory domains.
- PowerShell modules were not signed.
Released September 08, 2020
- Bug fixes
Released August 06, 2020
- Fixed an issue where notifications for insufficient enrollment sometimes took longer to send or failed.
Released July 29, 2020
- Fixed an issue where displaying the text messages report took you to an error page.
Released July 21, 2020
- Added new cmdlet Clear-SAGatekeeperCache to clear Gatekeeper cache, to conform with what already is supported from admin tools.
- Added lockout settings for Mobile Code, Email and Personal Email identity services.
- Added notifications on admin web pages to indicate if there is a new Gatekeeper version available.
- Length of identity verification session is now configurable and displayed to Service Desk agent.
- Added configurable MFA policy for password change.
- Added option to customize name of Windows Identity id service.
- Added Service Desk setting for enforcing user to change password at next logon after reset, either mandatory or selected by Service Desk agent.
- Browser’s password manager could unexpectedly try to save password.
- Certain firewalls could drop connections while processing requests from browser to Specops Authentication.
- Improved usability of customization UI with display name instead of identifiers.
- Made cmdlets install with Admin tools instead of the Gatekeeper.
- Enterprise admins are now granted permissions to users’ sub-object. This does not apply to already existing sub-objects.
Released July 21, 2020
- Gatekeeper Admin – Added PowerShell cmdlet Update-SpecopsAuthenticationUrls to update ‘useful links’ URLs from cloud to AD settings container.
- Gatekeeper Admin – added PowerShell cmdlet New Update-SpecopsAuthenticationGatekeeperAdminTools to install Gatekeeper admin tool MSI.
- Added option for Service Desk agent to reset a user’s password to a generated password, without being able to see the generated password.
- Enabled Quick Verification (email) for identity verification in Service Desk.
- Enabled customization of text messages from mobile code id service.
- Added missing translations for some languages.
- Gatekeeper – After upgrading Gatekeeper, tabs in the admin tool were not always updated.
- Changed Email ID services to use time-based one-time password to improve usability and security.
- Fingerprint app on iOS could fail to resume correct web page after authenticating.
- Improved filtering for Service Desk statistics.
- Added support for Okta preview and EMEA domains.
- Added missing translations for Q&A page.
- If all default Q&A questions had been removed, it was not possible to add additional languages.
- Additional information about user displayed when opened in Service Desk.
- Added monitoring logging for user locked out of an Identity Service that a user can get locked out of (Mobile Code, Secret Questions, Email Id Services)
Released May 19, 2020
- Added a Trusted Network Location identity service which can be used to increase the authentication weight for requests from selected IP addresses.
- Added support for restricting user enrollment only from trusted network locations.
- Added support for not presenting Captcha for users connecting from trusted network locations.
- Added Email identity service for verification with email stored in Active Directory.
- Added Quick Verification identity service for verification using personal email address.
- • Added Service Desk (formerly User Management) with user identification enforcement, and the ability to unlock user’s computers when locked with Bitlocker or Symantec Encryption.
Released April 29, 2020
- Simplified enrollment process for end users.
- Improved usability for mobile code identity service.
- Added option to configure security level for user enrollment process to fit different organizations’ needs.
Released April 22, 2020
- Updated requirement for Gatekeeper and Gatekeeper admin tools to .Net Framework 4.7.2.
- Added cmdlet to list users lacking enrollment for a specific id service (Get-SAUnenrolledUsers)
- Blocking regions could fail if the region selected didn’t have a locale in the operating system where Gatekeeper admin tool was running
- Start page for a user incorrectly showed the Change password button, even if the change password feature was disabled
- Improved error message from enrollment cmdlet if the user was outside scope
- Fixed an issue where user data wasn’t always removed when removing a user’s enrollment
Released March 10, 2020
- New start page for users, listing actions a user can take.
- User management could display inaccurate value for “Time until password must be changed.”
- Added fallback language for customized text.
- User management pages are hosted on their own URL. Links from the admin tool will go there. Saved bookmarks will redirect to the new URL.
- Gatekeeper could unexpectedly switch between domain controllers, causing replication issues resulting in end user getting a “That took a bit too long” error message.
- If Gatekeeper fails to reset a user’s password, event log message has been set to warning level (previously information level).
- Gatekeeper Admin Tool: Improved error messages if migrating users from uReset 7.x fails.
Released January 23, 2020
- Added a Geoblocking feature that allows you to filter incoming requests based on geographical location (see Geoblocking for more information).
- Improved error messaging in case of Gatekeeper activation failure.
Released October 16, 2019
- Added option to configure default country code for Mobile verification enrollment
- Clarified allowed username formats when user is asked to enter username
- User Management
- Improved performance of user details page
- Added information about key recovery events to user details page
- Password start page
- Will now load color and logo customizations
- New unlock button if user only needs to unlock account
- Landing page improvements
- Only end user links to the left
- Added link to Key Recovery
- Fixed issues with Gatekeeper failing to activate due to proxy configuration and improved troubleshooting for Gatekeeper connectivity
- Fixed issues with saving uReset notifications
Released September 18, 2019
- Added three new languages: Polish, Korean and Czech
- Added support for migrating a single user from uReset 7 in addition to the batch version
- Fixed bug where migration from uReset 7 failed in some scenarios
- Fixed issue with not being able to select and copy text on the customization page
- Added missing Email column to exported not enrolled users report
- General stability imporvements
Released August 27, 2019
- Added support for customization on landing pages.
- Added various missing information in logs for Specops Key Recovery.
- Fixed bug in Specops Authentication PowerShell CmdLets when domain name was shorter than 3 characters.
- When used with Specops Password Policy, fixed issue with unsatisfied password dictionary rule displaying incorrect information message.
Released July 25, 2019
- Fingerprint usability improvements when authenticating on a mobile device.
- Various fixes for multiple AD domain environments.
- Fixed bug when exporting CSV of not enrolled users report.
Released June 19, 2019
- Updates to customization functionality in Specops Authentication Web. These customization improvements make it easier to change the look and feel of the Specops Authentication end-user interface, including colors, text, and logos. For more information, see here.
- Mobile Bank ID is enabled for customers using the EU data center from 8.5 onwards.
Released May 20th 2019
- Various improvements for customers using the uReset feature in Active Directory environments with multiple domains.
Released May 8th 2019
- Support for Specops Key Recovery: This is a self-service solution for unlocking encrypted computers. If a user is locked out at the pre-boot screen, they can use Specops Key Recovery to unlock the computer, without needing to call their organization’s helpdesk. For more information, click here.
Note: To use Specops Key Recovery, you must have a Specops Key Recovery license.
Released April 16th, 2019
- When signing up for a Specops Authentication account, administrators can now choose either the European (EU) or North American (NA) data center.
- Added domain name protection in URLs. This prevents an account from being accessed using a registered domain name. When this is enabled, all references to a domain name in application URLs are replaced by obfuscated IDs.
- Added an option to prevent Domain Controllers from removing the required Gatekeeper permissions on Domain Admin accounts, allowing these and other protected accounts to enroll.
Note: The Mobile Bank ID identity service is not currently available for customers using the E.U data center.
- Users could not authenticate using Mobile Bank ID in ADAL browsers.
- Customer administrators were prevented from federating their domain with Office 365.
- Customizations, such as customer specific logos were not displayed correctly on error pages.
- If a manager identification request cannot be sent (because of missing or invalid email addresses), users will now receive a report notifying them.
- If a user sees a User must change password at next login flag, they are now guided to the Change Password page when trying to use their password within Specops Authentication.
- Improved error handling for session timeouts. When a session timeout occurs, users can now click a button to return to where they started.
Released Feb 28th, 2019
Note: The version number has been incremented from 2.12 to 8.0.
- Fixed an issue in which the online dictionary rule wasn’t displayed when users reset or changed passwords.
- Gated MFA – This function makes it possible to protect one identity service with the help of another to prevent misuse. For example, this requires users to enter a mobile code before being allowed to sign in with their password.
- The minimum length for secret questions can now be configured by each user.
- The Symantec VIP Identity service now supports auto-enrollment.
Released November 14th, 2018
- Support for authentication with the SITHS/EFOS identity service.
- Support to sign-in with email address/samAccountName on the Authentication Web.
- Setting to disable Captcha in the ADAL Browser.
- New contact information fields during account creation.
- Option to Test Connection with the Duo identity service.
- Support for different Active Directory attributes when configuring the Duo, and Symantec VIP identity service.
- Automatic sign-out from the Authentication Web (following a password reset/change, or 30 minutes of inactivity).
- Option to configure the maximum weight (star assignment) of an identity service.
- Setting to allow Administrator and User Management users to be outside the scope of management.
- Configurable auto/manual enrollment for the Mobile Code identity service. If auto enrollment is selected, users with a mobile number in Active Directory will be automatically enrolled with the identity service.
- Various improvements to the Migration Wizard.
- Various improvements to the user experience, including top navigation menu, and additional information on several pages on the Authentication Web, and the Gatekeeper Admin Tool.
Released October 23, 2018
- In some scenarios, the end-user received a “Failed to validate captcha” error during authentication and had to try again.
Released July 25, 2018
- New shared web interface and Gatekeeper with Specops uReset. You can access both products from a single interface and allow users to extend their multi-factor authentication enrollments to verify themselves during a password reset. For more information, contact your account representative.
- Language support for Dutch, French, German, Japanese, Portuguese, Russian, Simplified Chinese, Spanish, Swedish.
- Support for multiple Active Directory domains in the same forest.
- Delegated permissions for Gatekeeper installation. Gatekeepers can now be configured by a user that does not have administrative permissions on the domain level. The user can configure Specops Authentication for an organizational unit where they are an administrator.
- Added drop-down for picking country code when using the Mobile Code identity service.
- Added option to allow the end-user to enter their North American local numbers, without entering a country code, when using the Mobile Code identity service.
- Improved design for the Specops Authentication start page.
- In some scenarios, the end-user received multiple mobile codes when using the Mobile Code identity service.
- Various improvements to the user experience, including for some error scenarios.
Released July 18, 2018
- Added cmdlets for administrator enrollment.
- Swedish language support.
- In some scenarios, when multiple Gatekeepers were installed, Gatekeepers with lower assigned priorities were used when a Gatekeeper with a higher assigned priority was available.
- During authentication, the company logo in the ADAL browser linked to the Specops Authentication start page.
- Improved user experience when installing multiple Gatekeepers for redundancy.
- Removed read-only domain controllers when selecting preferred domain controller for Gatekeepers.
- Reorganized Reporting, Monitoring, and Statistics menus on the Specops Authentication web.
Released April 25, 2018
- Reporting menu for tracking user enrollment progress.
- If the captcha prompt was closed before finishing the captcha, the user could get stuck on the page.
- In some scenarios, multi-factor authentication failed in the ADAL browser if one identity service was remaining.
- Switching between statistics tabs saved the previous filter.
- Progress bar display when upgrading the Gatekeeper.
- Added option to force the Gatekeeper service to use a specific domain controller.
- Increased Sign out button visibility on mobile browser.
Released April 11, 2018
- Support for proxy server customization during Gatekeeper setup.
- Support for user counting (nightly and manual) complete with statistics.
- Text customization for various end-user text elements.
- Audit tracking for various events on the Specops Authentication web.
- Additional text customizations for end-user text elements.
- Security improvements for various user scenarios.
- Improved experience when using the Specops Authentication admin tools while accessing the Gatekeeper remotely.
- Various design improvements to the administration pages on the Specops Authentication web.
- Added sign out button during multi-factor authentication. This will allow the user to sign out of all identity services before they have completed authenticated with Specops Authentication.
Released March 26, 2018
- Email and SMS notifications for various events, including Manager Identification requests.
- Multi-factor authentication policy for previously enrolled users when accessing their enrollment.
- Detailed view of Specops Authentication usage, including identity service usage, number of sent text messages, and successful authentications to O365.
- Detailed view of Specops Authentication subscription.
- The Manager Identification identity service can be configured to display the name (or partial name) of the manager to the end-user.
- Various improvements to the user experience, including for some error scenarios.
- Moved customer specific Duo configuration information to the customer’s Active Directory.
Released February 20, 2018
- Moved customer specific O365 configuration to the customer’s Active Directory.
- Various improvements to the user experience, including for some error scenarios.
Released January 29, 2018
- Added an enrollment reminder when a user with an incomplete enrollment signs in to O365.
- In some scenarios, the Gatekeeper status displayed not connected, when it should have displayed connected.
- During authentication with Windows Identity, the password reveal button (eye button) was missing.
- During the Gatekeeper installation, selecting a custom domain account, and switching to a managed service account, resulted in an error.
- Accessing the customization features on the Specops Authentication web, when logged in with the installation account, logged the user out.
- The Symantec VIP configuration page did not apply the CSS custom file.
- Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app (iOS and Android).
- Various improvement to the user experience, including for some error scenarios.
Released January 15, 2018
- Downloading the MetaData file for Symantec VIP the second time did not produce the same file.
- Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app.
- Unable to disable an O365 domain that did not exist in Azure AD.
- Various small improvements to the user experience, including for some error scenarios.
Released December 28, 2017