The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary. For the Specops Authentication Client Release Notes, click here.
- Duplicate entries no longer displayed when viewing auditing and events.
- Statistics will be accurate from 1st August onwards.
Released July 12, 2022
- Stability fixes.
Released June 15, 2022
- Added support for adding enrollments from Secure Service Desk.
- Added support for using Manager identification in Service Desk as a quick verification.
- Added support for configuring Okta to always start on the menu page instead of automatically sending a push or SMS.
- Changed the name of "RSA SecureID" to "SecureID".
- Improved messaging in Secure Service Desk when user has an email domain that isn't verified. It will now be clearer when an email can't be sent.
- Improvements to the Gatekeeper Admin Tool. Active Directory Group names have been changed to more correctly reflect their usage. The Security groups section has been replaced by two new sections, "Administrative security groups" and "Service accounts security groups". The uReset tab now also has a link to Enroll.
- Default texts for "Send email" and "Send text message" in Secure Service Desk, can now be customized.
- Improved text color calculation when customizing background colors. Color contrast between background and text should now be better and more consistent.
- Company logo is no longer clickable.
- Fixed issue in Secure Service Desk user details, where the link to a user's manager could be missing.
- Improvements to policy editing. Identity services are now automatically sorted on add/remove. The list of selected identity services can be sorted on any column. Add/remove by clicking anywhere has now been replaced with add/remove buttons. Newly added but not saved identity services will also be highlighted.
- Improvements to Manager Identification in Secure Service Desk when using it as an advanced verification.
- Improved page navigation for uReset/Change Password tabs in the Admin portal. Editing a Change Password policy and saving it should now return the user to the Change Password tab.
Released May 30, 2022
- Added new customer setting to enable Okta SMS support. This setting must now be enabled to add SMS support in Okta.
Released April 26, 2022
- Added SMS support to the Okta identity service. Also renamed the identity service to Okta (previously Okta Verify) to better reflect the supported factors.
- Fixed a rare issue where users could receive an "Session expired" message when authenticating for an identity service.
- Password reset/change could fail with a message in the event log about "Method not found".
Released April 11, 2022
- Added new security group for "Reporting readers". Members of this group will have access to the reporting pages in the Specops Authentication Web.
- Customers can now add a custom "from address" to emails being sent from Secure Service Desk and the Email identity service.
- New passwords can now be sent to a user's manager or to a custom email address when resetting a password from Secure Service Desk.
- Recovery keys can now be sent to a user's manager or to a custom email address when unlocking a computer from Secure Service Desk.
- Improved error message that users receive when trying to authenticating from outside of trusted networks while not being enrolled with enough id services.
- Improved email message when verifying a user by email from Secure Service Desk.
- Gatekeeper could not be installed on systems with Intel gen 11 CPUs.
Released March 23, 2022
- Gatekeeper Loading user could fail, and eventlog showing error with event id 2005.
Released March 02, 2022
- Minor bug fixes.
Released February 16, 2022
- User history did not always display the name ("Performed By") of the service desk agent performing actions on the user.
- Improved support for Active Directory forests with multiple domains.
- When installing additional Gatekeepers, the already configured Active Directory scope settings were not always picked up and had to be re-selected.
- PowerShell cmdlets could fail with error message "Method not found" related to json serialization.
Released February 10, 2022
- Added ability for administrators to add scopes without having administrator privileges in those scopes. Administrators with the correct privileges can fix the scope status in the Gatekeeper Admin post-addition.
Released January 11, 2022
- Added support for importing IP ranges for Trusted Network Locations from file.
- Improved Specops Fingerprint enrollment information, also added a link to the app store.
- New customizable text on the password start page, the text about Password Reset and Password Change can now be customized.
- Fixed issue with emails containing apostrophe not working in the Password Reset app.
- Editing AD scopes no longer requires permission to all AD scopes, having permissions to the AD scope that is being edited is enough.
- Fixed typo in cmdlet name for Mobile Code (SMS) enrollment.
Released December 09, 2021
- Added authentication methods to support new ID service.
Released November 30, 2021
- Improved error handling when setting up Microsoft 365.
Released November 18, 2021
- Added GPO mode support for Change Password.
- Added option to disable enrollment notification during user counting.
- Changed default value for policy configuration to suggest GPO mode over cloud policy by default.
Released November 08, 2021
- New option to store mobile number in user's subobject. If this is enabled, the mobile number is stored encrypted, not accessible from Active Directory.
- New cmdlet Add-SAMobileCodeEnrollment to enroll users with the Mobile Code (SMS) identity service.
The Add-SAIdentityServiceEnrollment cmdlet no longer supports to enrolling for 'MobileCode'. Use Add-SAMobileCodeEnrollment instead.
- The change password button could unexpectedly be disabled.
- When customizing the menu background, the text color could be difficult to see.
- When configuring where Gatekeeper saves attributes in Active Directory, only single-valued attributes were allowed. Now also multi-valued attributes can be used.
- New button to "remove all" identity services when editing a policy.
Released October 19, 2021
- New report to show enrolled users.
- Service desk agent could not provide new password for users without email or mobile number set in AD. The new setting "Allow manual password override" now enables this, if the setting is enabled.
- Improved confusing error message if typing invalid code during enroll with Personal Email id service.
- Prefer Duo Security push devices and show device selection when using landline.
- New cmdlets for ”tagging” Group Policies: Get-SAGpo/Clear-SAGpoTag/Set-SAGpoTag.
- Changed Mobile Code (SMS) default to show "part of number" instead of the entire number.
Released September 14, 2021
- Features not enabled in a subscription could be clickable, but not working, and cause confusion to end users.
- Gatekeeper could get in a non-responding state where service restart was needed.
Released July 28, 2021
- Added new feature for masking phone numbers in Secure Service Desk.
- Added new feature for displaying and sending enrollment link from Secure Service Desk.
- Okta is now available as a quick verification in Secure Service Desk.
- Service desk settings page has an updated design.
- A new placeholder for user first name is now available when editing notifications.
- The default selected scope is now empty when running the Gatekeeper installation wizard. If the root is selected a warning will now be displayed.
- Adding images to notifications could fail without useful error message.
- Signing out from admin will now also sign out the user from Service Desk.
- The icons presented next to password/passphrase rules have been changed and should now be aligned with SPP password change UI. This should also improve visual feedback for people with color vision deficiency, since the icons now differ in both shape and color.
- Admin and Service desk policies are now identical by default.
Released June 09, 2021
- Added support for Yubikey as an identity service.
- Added support for showing rules/phrases in order as configured in Specops Password Policy (Only for users affected by Specops Password Policy).
- Improved error message during if user with 'must not change password' set in Active Directory attempts to reset/change their password.
- Enrolling with the Duo Security identity service could result in an error message.
- Improved user feedback when Duo Security has been configured to bypass two-factor authentication.
- Improved user feedback when a user has inactive/disabled/locked devices for Symantec VIP.
Released April 27, 2021
- Improved user experience for the Symantec VIP identity service.
- Added support for ‘quick verification’ to Symantec VIP from service desk.
- Added option to configure custom verification URL for service desk
- Improved usability when entering phone number for the Mobile Code (SMS) identity service, in particular for Internet Explorer users.
- Active Directory domain name with underscore (‘_’) was not fully supported.
- Integrated Windows Authentication could fail from Edge.
Released March 09, 2021
- Certain top level domain names, (e.g. .at/.ac) were not supported when signing up or adding new domain names.
- ‘Required’ flag on questions when configuring the Q&A id service was not always saved.
Released February 15, 2021
- Domain verification is now enabled by default for new installations.
Released January 13, 2021
- Okta: To prevent API tokens from going stale if not used for 30 days, these will now be refreshed by Specops Authentication after 20 days.
- Added support for traditional Chinese as a user interface language.
- Added support for PingID as an identity service.
- Changing/Resetting password could fail for users with short sAMAccountName (1 or 2 characters).
- Gatekeeper: Changed event id 239, for rejected password resets, to informational level instead of warning.
- From Internet Explorer, some identity services could fail unexpectedly due to too many redirects.
- Secure Service Desk: Added device selection for Duo Security identity service.
- Secure Service Desk: Loading user could fail if mobile attribute override was set to displayName or other commonly used attribute.
- Added domain name to unenrolled users report.
Released November 17, 2020
- Duo Security identity service now supports Auth API. This gives a better and more integrated user experience. Existing Duo Security configuration must be upgraded to bring this to end users.
- Quick verification has been enabled in Secure Service Desk for the Duo Security identity service. This requires configuring the Duo Security identity service to use Auth API.
Released September 30, 2020
- After authenticating with Fingerprint app on iOS, the Fingerprint app could fail to return to the originating browser.
- Authentication with Windows Identity could get stuck with a spinning wheel, never completing.
- Better indication if a user account in Active Directory has a malformed userPrincipalName.
- Users whose password had expired in Active Directory, could sometimes not change the password without doing a reset.
- User counting could be misleading in cases with multiple Active Directory domains.
- PowerShell modules were not signed.
Released September 08, 2020
- Bug fixes
Released August 06, 2020
- Fixed an issue where notifications for insufficient enrollment sometimes took longer to send or failed.
Released July 29, 2020
- Fixed an issue where displaying the text messages report took you to an error page.
Released July 21, 2020
- Added new cmdlet Clear-SAGatekeeperCache to clear Gatekeeper cache, to conform with what already is supported from admin tools.
- Added lockout settings for Mobile Code (SMS), Email and Personal Email identity services.
- Added notifications on admin web pages to indicate if there is a new Gatekeeper version available.
- Length of identity verification session is now configurable and displayed to Service Desk agent.
- Added configurable MFA policy for password change.
- Added option to customize name of Windows Identity id service.
- Added Service Desk setting for enforcing user to change password at next logon after reset, either mandatory or selected by Service Desk agent.
- Browser’s password manager could unexpectedly try to save password.
- Certain firewalls could drop connections while processing requests from browser to Specops Authentication .
- Improved usability of customization UI with display name instead of identifiers.
- Made cmdlets install with Admin tools instead of the Gatekeeper.
- Enterprise admins are now granted permissions to users’ sub-object. This does not apply to already existing sub-objects.
Released July 21, 2020
- First release of Secure Service Desk as a standalone product.
- Gatekeeper Admin – Added PowerShell cmdlet Update-SpecopsAuthenticationUrls to update ‘useful links’ URLs from cloud to AD settings container.
- Gatekeeper Admin – added PowerShell cmdlet New Update-SpecopsAuthenticationGatekeeperAdminTools to install Gatekeeper Admin Tool MSI.
- Added option for Service Desk agent to reset a user’s password to a generated password, without being able to see the generated password.
- Enabled Quick Verification (Email) for identity verification in Service Desk.
- Enabled customization of text messages from Mobile Code (SMS) id service.
- Added missing translations for some languages.
- Gatekeeper – After upgrading Gatekeeper, tabs in the admin tool were not always updated.
- Changed Email ID services to use time-based one-time password to improve usability and security.
- Fingerprint app on iOS could fail to resume correct web page after authenticating.
- Improved filtering for Service Desk statistics.
- Added support for Okta preview and EMEA domains.
- Added missing translations for Q&A page.
- If all default Q&A questions had been removed, it was not possible to add additional languages.
- Additional information about user displayed when opened in Service Desk.
- Added monitoring logging for user locked out of an Identity Service that a user can get locked out of (Mobile Code (SMS), Secret Questions, Email Id Services)
Released May 19, 2020
- Added a Trusted Network Location identity service which can be used to increase the authentication weight for requests from selected IP addresses.
- Added support for restricting user enrollment only from Trusted Network Locations.
- Added support for not presenting Captcha for users connecting from Trusted Network Locations.
- Added Email identity service for verification with email stored in Active Directory.
- Added Quick Verification identity service for verification using Personal Email address.
- Added Service Desk (formerly User Management) with user identification enforcement, and the ability to unlock user’s computers when locked with Bitlocker or Symantec Encryption.
Released April 29, 2020
- Simplified enrollment process for end users.
- Improved usability for Mobile Code (SMS) identity service.
- Added option to configure security level for user enrollment process to fit different organizations’ needs.
Released April 22, 2020
- Updated requirement for Gatekeeper and Gatekeeper Admin Tool s to .Net Framework 4.7.2.
- Added cmdlet to list users lacking enrollment for a specific id service (Get-SAUnenrolledUsers)
- Blocking regions could fail if the region selected didn’t have a locale in the operating system where Gatekeeper Admin Tool was running
- Start page for a user incorrectly showed the Change password button, even if the change password feature was disabled
- Improved error message from enrollment cmdlet if the user was outside scope
- Fixed an issue where user data wasn’t always removed when removing a user’s enrollment
Released March 10, 2020
- New start page for users, listing actions a user can take.
- User management could display inaccurate value for “Time until password must be changed.”
- Added fallback language for customized text.
- User management pages are hosted on their own URL. Links from the admin tool will go there. Saved bookmarks will redirect to the new URL.
- Gatekeeper could unexpectedly switch between domain controllers, causing replication issues resulting in end user getting a “That took a bit too long” error message.
- If Gatekeeper fails to reset a user’s password, event log message has been set to warning level (previously information level).
- Gatekeeper Admin Tool : Improved error messages if migrating users from uReset 7.x fails.
Released January 23, 2020
- Added a Geoblocking feature that allows you to filter incoming requests based on geographical location (see Geoblocking for more information).
- Improved error messaging in case of Gatekeeper activation failure.
Released October 16, 2019
- Added option to configure default country code for Mobile verification enrollment
- Clarified allowed username formats when user is asked to enter username
- Improved performance of user details page
- Added information about key recovery events to user details page
Password start page
- Will now load color and logo customizations
- New unlock button if user only needs to unlock account
Landing page improvements
- Only end user links to the left
- Added link to Key Recovery
- Fixed issues with Gatekeeper failing to activate due to proxy configuration and improved troubleshooting for Gatekeeper connectivity
- Fixed issues with saving uReset notifications
Released September 18, 2019
- Added three new languages: Polish, Korean and Czech
- Added support for migrating a single user from uReset 7 in addition to the batch version
- Fixed bug where migration from uReset 7 failed in some scenarios
- Fixed issue with not being able to select and copy text on the customization page
- Added missing Email column to exported not enrolled users report
- General stability improvements
Released August 27, 2019
- Added support for customization on landing pages.
- Added various missing information in logs for Specops Key Recovery .
- Fixed bug in Specops Authentication PowerShell CmdLets when domain name was shorter than 3 characters.
- When used with Specops Password Policy , fixed issue with unsatisfied password dictionary rule displaying incorrect information message.
Released July 25, 2019
- Fingerprint usability improvements when authenticating on a mobile device.
- Various fixes for multiple AD domain environments.
- Fixed bug when exporting CSV of not enrolled users report.
Released June 19, 2019
- Updates to customization functionality in Specops Authentication Web . These customization improvements make it easier to change the look and feel of the Specops Authentication end-user interface, including colors, text, and logos. For more information, see here.
- Mobile Bank ID is enabled for customers using the EU data center from 8.5 onwards.
Released May 20th 2019
- Various improvements for Active Directory environments with multiple domains. Customers affected by multi-domain issues are recommended to upgrade their Gatekeeper.
- Support for (Undefined variable: Products Short.SBE_short) when used with Specops Password Policy 7.1 and later. The (Undefined variable: Products Short.SBE_short) rule will be displayed to users when they change their password.
- Support for length-based password aging when used with Specops Password Policy 7.1 and later. The length-based password aging setting will be displayed to users when they change their password.
Released May 15, 2019
- Support for Specops Key Recovery : This is a self-service solution for unlocking encrypted computers. If a user is locked out at the pre-boot screen, they can use Specops Key Recovery to unlock the computer, without needing to call their organization’s helpdesk. For more information, click here.
Released April 16, 2019
- Administrators can redirect the Specops Password Reset mobile app, so that it points to Specops uReset 8 and above, instead of Specops uReset 7.12 or Specops Password Reset applications.
- When signing up for a Specops uReset 8 account, administrators can now choose either the European (EU) or North American (NA) data center.
- Added domain name protection in URLs. This prevents an account from being accessed using a registered domain name. When this is enabled, all references to a domain name in application URLs are replaced by obfuscated IDs.
- Some users were not being moved, when attempting to migrate them from Specops uReset 7.12 to Specops uReset 8.0.
- If a Manager Identification request cannot be sent (because of missing or invalid email addresses), end-users will now receive a report notifying them.
- If a user sees the User must change password at next login flag, they are now guided to the Change Password page when trying to use their password within Specops Authentication .
- Improved error handling for session timeouts. When a session timeout occurs, users can now click a button to return to where they started.
Released February 28, 2019
- The version number has been incremented from 7.12 to 8.0.
- uReset customers upgrading from version 7.12 or earlier will need to migrate their enrollments. Contact your account representative for more information.
- Fixed an issue in which the online dictionary rule wasn’t displayed when users reset or changed passwords.
- Gated MFA – This function makes it possible to protect one identity service with the help of another to prevent misuse. For example, this requires users to enter a Mobile Code (SMS) before being allowed to sign in with their password.
- The minimum length for Secret Questions can now be configured by each user.
- The Symantec VIP Identity service now supports auto-enrollment.
Released November 14th, 2018
- Password change support on the Authentication Web .
- Support for authentication with the EFOS/SITHS identity service.
- Support for displaying the Breached Password Protection rule during password change. This is applicable to Specops Password Policy customers with the Breached Password Protection add-on.
- Support to sign-in with email address/samAccountName on the Authentication Web .
- Setting to disable Captcha in the ADAL Browser.
- New contact information fields during account creation.
- Option to Test Connection with the Duo Security identity service.
- Support for different Active Directory attributes when configuring the Duo Security, and Symantec VIP identity service.
- Default “User must change password at next login” setting when a user password is reset from the User Management pages on the Authentication Web.
- Automatic sign-out from the Authentication Web (following a password reset/change, or 30 minutes of inactivity).
- Option to configure the maximum weight (star assignment) of an identity service.
- End-user verification with one-time SMS code from the User Management pages on the Authentication Web .
- Setting to allow Administrator and User Management users to be outside the scope of management.
- Configurable auto/manual enrollment for the Mobile Code (SMS) identity service. If auto enrollment is selected, users with a mobile number in Active Directory will be automatically enrolled with the Identity Service.
- Various improvements to the Migration Wizard.
- Various improvements to the user experience, including a new top navigation menu, and additional information on several pages on the Authentication Web , and the Gatekeeper Admin Tool .
- Option to remove the “Unicode” password rules text displayed to the end-user during a password change.
Released October 23, 2018
- In some scenarios, the end-user received a “Failed to validate captcha” error during authentication and had to try again.
- Accessing the Enrollment page from the Client menu shortcut, results in a “can’t reach this page” error on older versions of Microsoft Edge.
Released July 25, 2018
- New shared web interface and Gatekeeper with Specops uReset . You can access both products from a single interface and allow users to extend their multi-factor authentication enrollments to verify themselves during a password reset. For more information, contact your account representative.
- Language support for Dutch, French, German, Russian, Spanish, Swedish, Simplified Chinese, Japanese, Portuguese.
- Support for multiple Active Directory domains in the same forest.
- Delegated permissions for Gatekeeper installation. Gatekeepers can now be configured by a user that does not have administrative permissions on the domain level. The user can configure Specops Authentication for an organizational unit where they are an administrator.
- Added drop-down for picking country code when using the Mobile Code (SMS) identity service.
- Redundacy with multiple gatekeepers (if using the new Authentication Gatekeeper).
- The Helpdesk interface has been redesigned and renamed to User Management.
- Added option to allow the end-user to enter their North American local numbers, without entering a country code, when using the Mobile Code (SMS) identity service.
- Improved design for the Specops Authentication start page.
- In some scenarios, the end-user received multiple mobile codes when using the Mobile Code (SMS) identity service.
- Various improvements to the user experience, including for some error scenarios.
Released July 18, 2018
- Added cmdlets for administrator enrollment.
- Swedish language support.
- In some scenarios, when multiple Gatekeepers were installed, Gatekeepers with lower assigned priorities were used when a Gatekeeper with a higher assigned priority was available.
- During authentication, the company logo in the ADAL browser linked to the Specops Authentication start page.
- Improved user experience when installing multiple Gatekeepers for redundancy.
- Removed read-only domain controllers when selecting preferred domain controller for Gatekeepers.
- Reorganized Reporting, Monitoring, and Statistics menus on the Specops Authentication web.
Released April 25, 2018
- Reporting menu for tracking user enrollment progress.
- If the captcha prompt was closed before finishing the captcha, the user could get stuck on the page.
- In some scenarios, multi-factor authentication failed in the ADAL browser if one identity service was remaining.
- Switching between statistics tabs saved the previous filter.
- Progress bar display when upgrading the Gatekeeper.
- Added option to force the Gatekeeper service to use a specific domain controller.
- Increased Sign out button visibility on mobile browser.
Released April 11, 2018
- Support for proxy server customization during Gatekeeper setup.
- Support for user counting (nightly and manual) complete with statistics.
- Text customization for various end-user text elements.
- Audit tracking for various events on the Specops Authentication web.
- Additional text customizations for end-user text elements.
- Security improvements for various user scenarios.
- Improved experience when using the Specops Authentication admin tools while accessing the Gatekeeper remotely.
- Various design improvements to the administration pages on the Specops Authentication Web .
- Added sign out button during multi-factor authentication. This will allow the user to sign out of all identity services before they have completed authenticated with Specops Authentication .
Released March 26, 2018
- Email and SMS notifications for various events, including Manager Identification requests.
- Multi-factor authentication policy for previously enrolled users when accessing their enrollment.
- Detailed view of Specops Authentication usage, including identity service usage, number of sent text messages, and successful authentications to O365.
- Detailed view of Specops Authentication subscription.
- The Manager Identification identity service can be configured to display the name (or partial name) of the manager to the end-user.
- Various improvements to the user experience, including for some error scenarios.
- Moved customer specific Duo Security configuration information to the customer’s Active Directory.
Released February 20, 2018
- Moved customer specific O365 configuration to the customer’s Active Directory.
- Various improvements to the user experience, including for some error scenarios.
Released January 29, 2018
- Added an enrollment reminder when a user with an incomplete enrollment signs in to O365.
- In some scenarios, the Gatekeeper status displayed not connected, when it should have displayed connected.
- During authentication with Windows Identity, the password reveal button (eye button) was missing.
- During the Gatekeeper installation, selecting a custom domain account, and switching to a managed service account, resulted in an error.
- Accessing the customization features on the Specops Authentication web, when logged in with the installation account, logged the user out.
- The Symantec VIP configuration page did not apply the CSS custom file.
- Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app (iOS and Android).
- Various improvement to the user experience, including for some error scenarios.
Released January 15, 2018
- Downloading the MetaData file for Symantec VIP the second time did not produce the same file.
- Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app.
- Unable to disable an O365 domain that did not exist in Azure AD.
- Various small improvements to the user experience, including for some error scenarios.
Released December 28, 2017