Release Notes

The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary. For the Specops Client Release Notes, click here.

Current Release

8.43.24270.2

Fixed issues

  • Various bug fixes.
  • [In limited preview] Specops Secure Access - MFA for Windows enables second factor after password for authenticating users logging into Windows. This requires Specops Client 7.21 and .NET Desktop Runtime 8.
  • [In limited preview] Specops Secure Access - NPS companion enables protecting network reachable resources, such as VPN and Remote Desktop Gateway through RADIUS when using Microsoft Network Policy Server (NPS)

Released September 26, 2024

8.43.24268.17

New functionality

  • Username can be saved as a "Remember me" cookie when authenticating for admin and Secure Service Desk resources.

Released September 24, 2024

8.42.24186.7

Fixed issues

  • Bug fixes

Released July 30, 2024

8.42.24169.10

Improvements/Fixed issues

  • In Secure Service Desk, RSA is now always available as an advanced verification option. This is the required verification option when users have RSA hardware tokens with PIN.
  • samAccountName is now available as a placeholder when configuring notifications.
  • An error message will now be displayed if chosen group names are too long during Gatekeeper installation.

Released June 18, 2024

8.42.24152.1

New functionality

  • Secure Service Desk now supports more fine-grained configuration when allowing agents to enroll users.
  • Secure Service Desk now supports serving users with a non-unique UserPrincipalName(UPN).
  • Secure Service Desk now supports a new role "User verifiers". Agents are assigned this role have their access restricted to the Identity Verification part of Secure Service Desk.
  • Added a new cmdlet "Set-SendSpecopsAuthenticationFirstDayPasswordNotification" for First Day Password. This will send a First Day Password notification to a user that has previously been tagged for onboarding.

Improvements/Fixed issues

  • Editing email notification templates no longer validate domain names if Gatekeeper is configured to use SMTP.
  • The Set-SpecopsAuthenticationOnboarding cmdlet used for First Day Password now requires the "UserMobile" phone number to have the international format (starting with +).
  • Secure Service Desk will now try to prepend the Default country code to all SMS sent, if the phone number is not in an international format (+).
  • Using First Day Password from the secure browser (Reset Password link on the login screen) will now be faster at signing in the user.

Released June 04, 2024

8.41.24106.12

New functionality

  • New configuration for Secure Service Desk has been added. It's now possible to configure which identity services should be available for Identity Verification.

Fixed issues

  • The message displayed when a user successfully completes the First Day Password process can now be configured.
  • The Gatekeeper has been updated to more gracefully handle missing permissions to read all attributes on a user.
  • Added additional information about user identification when exporting Service Desk auditing data.
  • Sending notifications related to Secure Service Desk could fail for customers without uReset.

Released April 16, 2024

8.42.24152.1

New functionality

  • Secure Service Desk now supports more fine-grained configuration when allowing agents to enroll users.
  • Secure Service Desk now supports serving users with a non-unique UserPrincipalName(UPN).
  • Secure Service Desk now supports a new role "User verifiers". Agents are assigned this role have their access restricted to the Identity Verification part of Secure Service Desk.
  • Added a new cmdlet "Set-SendSpecopsAuthenticationFirstDayPasswordNotification" for First Day Password. This will send a First Day Password notification to a user that has previously been tagged for onboarding.

Improvements/Fixed issues

  • Editing email notification templates no longer validate domain names if Gatekeeper is configured to use SMTP.
  • The Set-SpecopsAuthenticationOnboarding cmdlet used for First Day Password now requires the "UserMobile" phone number to have the international format (starting with +).
  • Secure Service Desk will now try to prepend the Default country code to all SMS sent, if the phone number is not in an international format (+).
  • Using First Day Password from the secure browser (Reset Password link on the login screen) will now be faster at signing in the user.

Released June 04, 2024

8.41.24106.12

New functionality

  • New configuration for Secure Service Desk has been added. It's now possible to configure which identity services should be available for Identity Verification.

Fixed issues

  • The message displayed when a user successfully completes the First Day Password process can now be configured.
  • The Gatekeeper has been updated to more gracefully handle missing permissions to read all attributes on a user.
  • Added additional information about user identification when exporting Service Desk auditing data.
  • Sending notifications related to Secure Service Desk could fail for customers without uReset.

Released April 16, 2024

8.40.24078.2

Fixed issues

  • Fixed issue where authentication with Duo could result in a 400 error code.
  • Added exception handling for non-unique user names in Secure Service Desk.
  • Changed default value for “Update mobile number in AD” (Mobile code Identity Service) to “Store in user subobject (encrypted).”
  • Added Gatekeeper connection statuses when the Gatekeeper appears offline.
  • Clarified time indication when onboarding new users. Logs now state that UTC time is indicated.

Released March 20, 2024

8.40.24040.3

Fixed issues

  • Passkeys is now classified as a 3rd party identity service.
  • Passkeys now allows for up to 10 enrolled devices.
  • Fixed an issue where GeoBlocking returned an unexpected 403 status code.
  • Fixed an issue where UPN could be missing from event details.
  • Added file logging for the event log collector.
  • Re-added missing logging for Mobile Bank ID statistics.

Released February 15, 2024

8.40.24029.15

New functionality

  • Added support for Passkeys as identity service.
  • Added support for Entra ID as identity service.
  • [In limited preview] Added Onboarding functionality to allow new users to access the network using two-factor authentication, even without having enrolled with any ID services.

Improvements/fixed issues

  • Fixed issue when trying to read information from Active Directory and not not having the required permissions.
  • Fixed an issue where a cloud user could be unable to perform a password reset when a Gatekeeper SMTP server was configured and unavailable.
  • Fixed an issue where identity services could be sorted in an incorrect order.
  • Fixed an issue where some emails could be incorrectly blocked when using a Gatekeeper SMTP server.
  • Fixed issue where the user counting could report an incorrect number of enrolled users for some 3rd party identity services (Symantec VIP, Duo, Ping, SecurID).

Other changes

  • During install or reinstallation of a Gatekeeper (from the new Gatekeeper Admin Tool), the Gatekeepers security group will be granted permissions to read properties for objects under the "Password Settings Container" node containing fine-grained password policies. This means fine-grained password settings will be readable by Gatekeepers without manually having to change security settings.

Released January 30, 2024

8.39.23346.10

New functionality

  • Added support for QR Code and Number Challenge for Specops Fingerprint. To counter fatique attacks, QR Code and Number Challenge configurations are now available for the Specops Fingerprint identity service.

Improvements/fixed issues

  • Updated color scheme for the Specops Fingerprint app.
  • Fixed issue that could cause the user counting to not count usage of 3rd party identity providers correctly.
  • When installing a new gatekeeper, the pre-selected service account type is now Group Managed Service Accounts (gMSA).
  • The search string in Secure Service Desk is now remembered between searches.
  • Fixed issue where images could be omitted when included in notifications.

Released December 13, 2023

8.38.23313.6

Fixed issues

  • Minor updates.

Released November 15, 2023

8.38.23300.6

Fixed issues

  • Minor updates.

Released November 01, 2023

8.38.23298.6

New functionality

  • Added functionality to select in what language Secure Service Desk will send emails and text messages. A new setting has been added to the Secure Service Desk configuration in the Admin portal.
  • Added functionality to customize emails for Manager Identification in Quick Verification.
  • Added new identity service, SITHS eID.

Improvements/Fixed issues

  • Improved customization options for Secure Service Desk. Default button color will now also affect navigation links in Service Desk.
  • Improved layout on customization page in Admin portal to allow for easier navigation.
  • The PingID identity service will now only show supported devices when authenticating. Previously unsupported devices like "Security Keys" were available.
  • Gatekeeper status information is now available when selecting Gatekeeper in the Gatekeeper Admin tool.
  • Information about the currently used Service account is now listed in the Gatekeeper Admin tool.
  • Fixed issue with the country flag in the MobileCode identity service not working properly.
  • Updated the UI for Manager Identification in Quick Verification to be better aligned with other Quick Verifications.

Other changes

  • Logo for Google Authenticator updated to reflect changes from Google.

Released October 26, 2023

8.37.23237.4

New functionality

  • Added support for multiple push devices for the Okta identity service.
  • Added support for Kerberos Integrated Authentication.

Improvements/Fixed issues

  • Fixed issues when setting up Gatekeeper using gMSA.
  • For some ID services, the "back" button could be missing, preventing user from changing to another ID service.
  • Users can now unlock an account, even though Change Password is not currently allowed.
  • Deleting Trusted IP ranges now requires confirmation.
  • Deleting a geo-blocked country now requires confirmation.
  • Logging clarifications for Azure AD password resets.
  • Improved message in Gatekeeper Admin when checking for new version if the latest version is downloaded but not installed.

Other changes

  • Logo for Google Authenticator updated to reflect changes from Google.

Released August 29, 2023

8.36.23226.1

Fixed Issues

  • Authentication with Swedish Mobile BankdID could fail unexpectedly.

Released August 16, 2023

8.36.23191.1

Improvements/Fixed Issues

  • Changed default account type for Gatekeeper installation to Managed Service Account.

Released July 10, 2023

8.36.23178.1

New functionality

  • Added support for Freja eID as identity service.
  • Added new setting to make it possible to disable push notifications for the Fingerprint identity service.
  • Added support for running Gatekeeper service with Group Managed Service Account.

Improvements/Fixed issues

  • Improved usability for self service resets/changes if rejected from a third party password filter in Active Directory.
  • Showing IP address to end user if getting blocked because of trusted network requirement.
  • Updated the M365 integration to use Microsoft Graph API instead of MSOnline.
  • Fixed an issue where creating a Gatekeeper could sometimes fail.
  • Added a banner for cloud accounts describing the account restrictions

Released June 27, 2023

8.35.23153.3

Fixed issues

  • Minor bug fixes.

Released June 02, 2023

8.35.23150.1

New Functionality

  • Added support to reset password in Azure AD for synced accounts.
  • Added support for Duo OpenID Connect integration, that includes support for Duo Verified Push and more.

Improvements/Fixed Issues

  • Updated the Readme file for scripted installation of Gatekeeper.
  • The change password link that is visible when entering the wrong password is no longer visible if uReset is disabled or if the user is not enrolled.
  • The styling is now aligned with that of the dynamic feedback at password change found in the Specops Client shared with Specops Password Policy.
  • All users' proxy email addresses are now disallowed from being used with the Personal Email identity service.
  • The phone number for cloud accounts will now always be masked.
  • Fixed issue when counting user enrollments for Manager Identification and a Manager was being out of scope.
  • Made improvements to the enroll session links for enrolling cloud accounts. The enroll session links can now also be revoked.
  • Added support for domain used for RSA SecurID Federal (United States) in Specops Authentication cloud configuration.

Released May 30, 2023

8.34.23090.1

New Functionality

  • The Mobile BankId identity service now implements the secure start, users must scan a qr code to start the authentication.
  • Added a new step to the Gatekeeper installation wizard; new step includes the possibility to add members to security groups during installation.
  • Added a new step to the Gatekeeper installation wizard; new step includes the possibility to select a Domain Controller to be used during the installation.

Improvements/Fixed Issues

  • Gatekeeper icons have been updated to follow the new color scheme.
  • Fixed issue where Breached Password Protection statistics were not sorted in the same order as other products.
  • Added a column with local time to the audit report export.
  • For customers with Gatekeeper SMTP configured, emails can now be sent to email addresses that exist outside of the customer domain.
  • Improved messaging when doing a password reset through Secure Service Desk and the user has an email address with a non-verified domain.
  • The texts and buttons on the password start page can now be customized.
  • Fixed issue where a loading overlay could cause identity service configuration pages to become unresponsive.

Released April 04, 2023

8.33.23062.3

New Functionality

  • Added new powershell cmdlet Get-SpecopsAuthenticationGatekeeper to resolve which gatekeeper should be used, depending on priority and connection state.
  • Added new mobile code setting that allows country code prefix to be resolved by using the user's IP address.
  • Added support for disabling SMS/Email notifications when resetting a user's password from Secure Service Desk. The UI for configuring Password reset options for Service Desk in Authentication Web portal has been re-designed to support this.
  • Added support for customizing the name of the following identity services:
    • Mobile Code
    • Email
    • Personal Email
    • Manager Identification
    • Secret Questions
    • Windows Identity
  • Added new Caps Lock warning to relevant input fields.
  • Added support for configuring a domain as preferred. The preferred domain is used when saving enrollment and other direct links listed in the Gatekeeper Admin Tool.
  • Added support for hiding the user's personal email address from service desk agents in Secure Service Desk.

Improvements/Fixed Issues

  • Fixed issue where enrolling users through powershell could break when having multiple gatekeepers.
  • Fixed issue where deleting/moving an Admin user out of scope could prevent further logins.
  • Fixed issue where the selected phrases/password tab was not remembered correctly when using SPP together with uReset.
  • When using the Secured Browser to enroll, the Privacy Policy information banner will now show the entire url to the privacy policy instead of a "Read more" link.
  • Users can no longer enroll for the Personal Email identity service using their work email.
  • "VPN-less password reset with cached credential update" is now enabled by default for new customers.
  • Powershell scripts used for scripted installation will now always be signed.
  • Secret Questions will no longer be included in the default policies for new customers.
  • Simplified the gatekeeper installation wizard.

Released March 06, 2023

8.32.23030.1

New Functionality

  • Added support for Norwegian as a user interface language.

Improvements/Fixed Issues

  • Fixed issue where customers could get unexpected errors because an email provider was not configured correctly.
  • Fixed issue where certain phone numbers were not considered to have correct format and could not be used with Mobile Code. Also fixed issue with not being allowed to input phone numbers without country code.
  • Added some missing French translations.
  • Improvements to handling of unresponsive domain controllers in multiple domain environments.

Released February 07, 2023

8.32.22343.3

New Functionality

  • Added SMTP email support for sending emails through the gatekeeper.
  • Added support for customizing the "You are already enrolled" text.
  • Added new setting for requiring unique answers to Secret Questions.

Improvements/Fixed Issues

  • Fixed an issue where cmdlet Get-SAUnEnrolledUsersIdentityService didn't return all unenrolled users.
  • Fixed issue with Mobile Code where the default country code (+1) didn't work correctly when selecting Canada.
  • The Gatekeeper Admin tool has been updated to use a new color scheme.
  • Service Desk will now display an error message the Specops Password Policy policy includes a regex and can't auto generate passwords.
  • All text messages will now be prefixed with the company name.
  • Improved how Active Directory domain controller is discovered.

Released December 14, 2022

8.31.22325.1

Fixed issues

  • Fixed issue with Symantec Endpoint Encryption Connection Status incorrectly showing “Not Configured”, when actually working.

Released November 24, 2022

8.31.22308.1

Improvements/Fixed issues

  • Twitter identity service disabled due to security concerns.

Released November 22, 2022

8.31.22308.1

Improvements/Fixed issues

  • The Office 365 tab in the Gatekeeper Admin Tool will not be visible anymore for customers without the Office 365 subscription.
  • Secret Questions - Added additional logging when a user provides the wrong answer or is locked out of the Secret Questions identity service. The logs are created by the Gatekeeper and can be retrieved by the customer.

Released November 08, 2022

8.30.22271.2

Fixed issues

  • Minor bug fixes.

Released October 03, 2022

8.30.22269.1

New functionality

  • Added support to tag GPOs for managed users in Secure Service Desk. By tagging GPOs for managed users, only users targeted by tagged GPOs will be available in Secure Service Desk. License count will also be based on tagged GPOs.

Improvements/Fixed issues

  • Fixed issue where the "Clear cache on All gatekeepers" button could show up twice.
  • A new Secure Service Desk tab has been added to the Specops Authentication Gatekeeper Admin Tool. Secure Service Desk-related configuration has been moved/duplicated to this tab.
  • Improved experience for cancelling a Mobile Bank ID authentication.
  • Added support for customization of texts for RSA Token and SecurId app code description.
  • Fixed issue with Admin reporting showing an error message to run user counting, even though it had already run.
  • Fixed issue with text color not being set correctly (white), when customizing background color to black.
  • Added informational message for reporting enrollment ratios when no data could be found.
  • The uReset Feature setting in the Specops Authentication Gatekeeper Admin Tool has been moved, the setting is now called "Allow password resets" and can be found on the Active Directory tab.

Released September 26, 2022

8.29.22243.2

Fixed issues

  • Added improved logging for communication between gatekeeper and backend.
  • Fixed issue with manual user counting not working for customers with only Service Desk subscription.

Released September 08, 2022

8.29.22227.3

Fixed issues

  • Fixed an issue where Enrollment Ratio details was not shown in some cases, even though data was available.

Released August 23, 2022

8.29.22188.2

Fixed issues

  • Duplicate entries no longer displayed when viewing auditing and events.
  • Statistics will be accurate from 1st August onwards.

Released July 12, 2022

8.29.22161.1

Fixed issues

  • Stability fixes.

Released June 15, 2022

8.29.22145.2

New functionality

  • Added support for adding enrollments from Secure Service Desk.
  • Added support for using Manager identification in Service Desk as a quick verification.
  • Added support for configuring Okta to always start on the menu page instead of automatically sending a push or SMS.

Improvements/Fixed issues

  • Changed the name of "RSA SecurID" to "SecurID".
  • Improved messaging in Secure Service Desk when user has an email domain that isn't verified. It will now be clearer when an email can't be sent.
  • Improvements to the Gatekeeper Admin Tool. Active Directory Group names have been changed to more correctly reflect their usage. The Security groups section has been replaced by two new sections, "Administrative security groups" and "Service accounts security groups". The uReset tab now also has a link to Enroll.
  • Default texts for "Send email" and "Send text message" in Secure Service Desk, can now be customized.
  • Improved text color calculation when customizing background colors. Color contrast between background and text should now be better and more consistent.
  • Company logo is no longer clickable.
  • Fixed issue in Secure Service Desk user details, where the link to a user's manager could be missing.
  • Improvements to policy editing. Identity services are now automatically sorted on add/remove. The list of selected identity services can be sorted on any column. Add/remove by clicking anywhere has now been replaced with add/remove buttons. Newly added but not saved identity services will also be highlighted.
  • Improvements to Manager Identification in Secure Service Desk when using it as an advanced verification.
  • Improved page navigation for uReset/Change Password tabs in the Admin portal. Editing a Change Password policy and saving it should now return the user to the Change Password tab.

Released May 30, 2022

8.28.22102.3

Improvements/Fixed issues

  • Added new customer setting to enable Okta SMS support. This setting must now be enabled to add SMS support in Okta.

Released April 26, 2022

8.28.22096.2

New functionality

  • Added SMS support to the Okta identity service. Also renamed the identity service to Okta (previously Okta Verify) to better reflect the supported factors.

Improvements/Fixed Issues

  • Fixed a rare issue where users could receive an "Session expired" message when authenticating for an identity service.
  • Password reset/change could fail with a message in the event log about "Method not found".

Released April 11, 2022

8.27.22081.3

New functionality

  • Added new security group for "Reporting readers". Members of this group will have access to the reporting pages in the Specops Authentication Web.
  • Customers can now add a custom "from address" to emails being sent from Secure Service Desk and the Email identity service.
  • New passwords can now be sent to a user's manager or to a custom email address when resetting a password from Secure Service Desk.
  • Recovery keys can now be sent to a user's manager or to a custom email address when unlocking a computer from Secure Service Desk.

Fixed issues

  • Improved error message that users receive when trying to authenticating from outside of trusted networks while not being enrolled with enough id services.
  • Improved email message when verifying a user by email from Secure Service Desk.
  • Gatekeeper could not be installed on systems with Intel gen 11 CPUs.

Released March 23, 2022

8.26.22055.1

Fixed issues

  • Gatekeeper Loading user could fail, and eventlog showing error with event id 2005.

Released March 02, 2022

8.26.22045.1

Fixed issues

  • Minor bug fixes.

Released February 16, 2022

8.26.22035.1

Improvements/Fixed issues

  • User history did not always display the name ("Performed By") of the service desk agent performing actions on the user.
  • Improved support for Active Directory forests with multiple domains.
  • When installing additional Gatekeepers, the already configured Active Directory scope settings were not always picked up and had to be re-selected.
  • PowerShell cmdlets could fail with error message "Method not found" related to json serialization.

Released February 10, 2022

8.25.21354.1

New functionality

  • Added ability for administrators to add scopes without having administrator privileges in those scopes. Administrators with the correct privileges can fix the scope status in the Gatekeeper Admin post-addition.

Released January 11, 2022

8.25.21336.9

New functionality

  • Added support for importing IP ranges for Trusted Network Locations from file.

Improvements/Fixed Issues

  • Improved Specops Fingerprint enrollment information, also added a link to the app store.
  • New customizable text on the password start page, the text about Password Reset and Password Change can now be customized.
  • Fixed issue with emails containing apostrophe not working in the Password Reset app.
  • Editing AD scopes no longer requires permission to all AD scopes, having permissions to the AD scope that is being edited is enough.

Other changes

  • Fixed typo in cmdlet name for Mobile Code (SMS) enrollment.

Released December 09, 2021

8.24.21326.1

General improvements

  • Added authentication methods to support new ID service.

Released November 30, 2021

8.24.21314.1

General improvements

  • Improved error handling when setting up Microsoft 365.

Released November 18, 2021

8.24.21308.1

New functionality

  • Added GPO mode support for Change Password.

Improvements/Fixed issues

  • Added option to disable enrollment notification during user counting.

Other changes

  • Changed default value for policy configuration to suggest GPO mode over cloud policy by default.

Released November 08, 2021

8.23.21286.1

New Functionality

  • New option to store mobile number in user's subobject. If this is enabled, the mobile number is stored encrypted, not accessible from Active Directory.
  • New cmdlet Add-SAMobileCodeEnrollment to enroll users with the Mobile Code (SMS) identity service.
    NOTE
    The Add-SAIdentityServiceEnrollment cmdlet no longer supports to enrolling for 'MobileCode'. Use Add-SAMobileCodeEnrollment instead.

Improvements/Fixed Issues

  • The change password button could unexpectedly be disabled.
  • When customizing the menu background, the text color could be difficult to see.
  • When configuring where Gatekeeper saves attributes in Active Directory, only single-valued attributes were allowed. Now also multi-valued attributes can be used.

Other Changes

  • New button to "remove all" identity services when editing a policy.

Released October 19, 2021

8.22.21253.2

New functionality

  • New report to show enrolled users.
  • Service desk agent could not provide new password for users without email or mobile number set in AD. The new setting "Allow manual password override" now enables this, if the setting is enabled.

Improvements/Fixed issues

  • Improved confusing error message if typing invalid code during enroll with id service.
  • Prefer Duo Security push devices and show device selection when using landline.
  • New cmdlets for ”tagging” Group Policies: Get-SAGpo/Clear-SAGpoTag/Set-SAGpoTag.

Other changes

  • Changed Mobile Code (SMS) default to show "part of number" instead of the entire number.

Released September 14, 2021

8.21.21207.1

Fixed Issues

  • Features not enabled in a subscription could be clickable, but not working, and cause confusion to end users.
  • Gatekeeper could get in a non-responding state where service restart was needed.

Released July 28, 2021

8.21.21147.1

New Functionality

  • Added new feature for masking phone numbers in Secure Service Desk.
  • Added new feature for displaying and sending enrollment link from Secure Service Desk.
  • Okta is now available as a quick verification in Secure Service Desk.

Improvements/Fixed Issues

  • Service desk settings page has an updated design.
  • A new placeholder for user first name is now available when editing notifications.
  • The default selected scope is now empty when running the Gatekeeper installation wizard. If the root is selected a warning will now be displayed.
  • Adding images to notifications could fail without useful error message.

Other Changes

  • Signing out from admin will now also sign out the user from Service Desk.
  • The icons presented next to password/passphrase rules have been changed and should now be aligned with SPP password change UI. This should also improve visual feedback for people with color vision deficiency, since the icons now differ in both shape and color.
  • Admin and Service desk policies are now identical by default.

Released June 09, 2021

8.20.21104.1

New Functionality

  • Added support for Yubikey as an identity service.
  • Added support for showing rules/phrases in order as configured in Specops Password Policy (Only for users affected by Specops Password Policy).

Improvements/Fixed Issues

  • Improved error message during if user with 'must not change password' set in Active Directory attempts to reset/change their password.
  • Enrolling with the Duo Security identity service could result in an error message.
  • Improved user feedback when Duo Security has been configured to bypass two-factor authentication.
  • Improved user feedback when a user has inactive/disabled/locked devices for Symantec VIP.

Released April 27, 2021

8.19.21062.3

New Functionality

  • Improved user experience for the Symantec VIP identity service.
  • Added support for ‘quick verification’ to Symantec VIP from service desk.
  • Added option to configure custom verification URL for service desk

Improvements/Fixed Issues

  • Improved usability when entering phone number for the Mobile Code (SMS) identity service, in particular for Internet Explorer users.
  • Active Directory domain name with underscore (‘_’) was not fully supported.
  • Integrated Windows Authentication could fail from Edge.

Released March 09, 2021

8.18.21040.1

Fixed issues

  • Certain top level domain names, (e.g. .at/.ac) were not supported when signing up or adding new domain names.
  • ‘Required’ flag on questions when configuring the Q&A id service was not always saved.

Released February 15, 2021

8.18.20353.1

Other changes

  • Domain verification is now enabled by default for new installations.

Released January 13, 2021

8.17.20321.1

New functionality

  • Okta: To prevent API tokens from going stale if not used for 30 days, these will now be refreshed by Specops Authentication after 20 days.
  • Added support for traditional Chinese as a user interface language.
  • Added support for PingID as an identity service.

Improvements/Fixed issues

  • Changing/Resetting password could fail for users with short sAMAccountName (1 or 2 characters).
  • Gatekeeper: Changed event id 239, for rejected password resets, to informational level instead of warning.
  • From Internet Explorer, some identity services could fail unexpectedly due to too many redirects.
  • Secure Service Desk: Added device selection for Duo Security identity service.
  • Secure Service Desk: Loading user could fail if mobile attribute override was set to displayName or other commonly used attribute.
  • Added domain name to unenrolled users report.

Released November 17, 2020

8.16.20272.1

New functionality

  • Duo Security identity service now supports Auth API. This gives a better and more integrated user experience. Existing Duo Security configuration must be upgraded to bring this to end users.
  • Quick verification has been enabled in Secure Service Desk for the Duo Security identity service. This requires configuring the Duo Security identity service to use Auth API.
NOTE
This release requires all Gatekeepers to be upgraded preferably on the same day. No configuration changes should be made until this is complete. If there is a mix of Gatekeeper versions in your environment and changes are made, undesired notification behavior will be triggered.

Released September 30, 2020

8.15.20248.2

Improvements/Fixed issues

  • After authenticating with Fingerprint app on iOS, the Fingerprint app could fail to return to the originating browser.
  • Authentication with Windows Identity could get stuck with a spinning wheel, never completing.
  • Better indication if a user account in Active Directory has a malformed userPrincipalName.
  • Users whose password had expired in Active Directory, could sometimes not change the password without doing a reset.
  • User counting could be misleading in cases with multiple Active Directory domains.

Other changes

  • PowerShell modules were not signed.

Released September 08, 2020

8.14.20218.4

Fixed issues

  • Bug fixes

Released August 06, 2020

8.14.20211.1

Fixed issues

  • Fixed an issue where notifications for insufficient enrollment sometimes took longer to send or failed.

Released July 29, 2020

8.14.20202.1

Fixed issues

  • Fixed an issue where displaying the text messages report took you to an error page.

Released July 21, 2020

8.14.20198.2

New features

  • Added new cmdlet Clear-SAGatekeeperCache to clear Gatekeeper cache, to conform with what already is supported from admin tools.
  • Added lockout settings for Mobile Code (SMS), Email and identity services.
  • Added notifications on admin web pages to indicate if there is a new Gatekeeper version available.
  • Length of identity verification session is now configurable and displayed to Service Desk agent.
  • Added configurable MFA policy for password change.
  • Added option to customize name of Windows Identity id service.
  • Added Service Desk setting for enforcing user to change password at next logon after reset, either mandatory or selected by Service Desk agent.

Fixed issues

  • Browser’s password manager could unexpectedly try to save password.
  • Certain firewalls could drop connections while processing requests from browser to Specops Authentication .
  • Improved usability of customization UI with display name instead of identifiers.
  • Made cmdlets install with Admin tools instead of the Gatekeeper.

Other changes

  • Enterprise admins are now granted permissions to users’ sub-object. This does not apply to already existing sub-objects.

Released July 21, 2020

8.13.20128.13

New features

  • First release of Secure Service Desk as a standalone product.
  • Gatekeeper Admin – Added PowerShell cmdlet Update-SpecopsAuthenticationUrls to update ‘useful links’ URLs from cloud to AD settings container.
  • Gatekeeper Admin – added PowerShell cmdlet New Update-SpecopsAuthenticationGatekeeperAdminTools to install Gatekeeper Admin Tool MSI.
  • Added option for Service Desk agent to reset a user’s password to a generated password, without being able to see the generated password.
  • Enabled Quick Verification (Email) for identity verification in Service Desk.
  • Enabled customization of text messages from Mobile Code (SMS) id service.

Fixed issues

  • Added missing translations for some languages.
  • Gatekeeper – After upgrading Gatekeeper, tabs in the admin tool were not always updated.
  • Changed Email ID services to use time-based one-time password to improve usability and security.
  • Fingerprint app on iOS could fail to resume correct web page after authenticating.
  • Improved filtering for Service Desk statistics.
  • Added support for Okta preview and EMEA domains.
  • Added missing translations for Q&A page.
  • If all default Q&A questions had been removed, it was not possible to add additional languages.
  • Additional information about user displayed when opened in Service Desk.
  • Added monitoring logging for user locked out of an Identity Service that a user can get locked out of (Mobile Code (SMS), Secret Questions, Email Id Services)

Released May 19, 2020

8.12.20114.15

New features

  • Added a Trusted Network Location identity service which can be used to increase the authentication weight for requests from selected IP addresses.
  • Added support for restricting user enrollment only from Trusted Network Locations.
  • Added support for not presenting Captcha for users connecting from Trusted Network Locations.
  • Added Email identity service for verification with email stored in Active Directory.
  • Added Quick Verification identity service for verification using address.
  • Added Service Desk (formerly User Management) with user identification enforcement, and the ability to unlock user’s computers when locked with Bitlocker or Symantec Encryption.

Released April 29, 2020

8.11.20111.6

Usability Improvements

  • Simplified enrollment process for end users.
  • Improved usability for Mobile Code (SMS) identity service.

Other Changes

  • Added option to configure security level for user enrollment process to fit different organizations’ needs.

Released April 22, 2020

8.10.20070.1

Updated Requirements

  • Updated requirement for Gatekeeper and Gatekeeper Admin Tool s to .Net Framework 4.7.2.

New Features

  • Added cmdlet to list users lacking enrollment for a specific id service (Get-SAUnenrolledUsers)

Fixed Issues

  • Blocking regions could fail if the region selected didn’t have a locale in the operating system where Gatekeeper Admin Tool was running
  • Start page for a user incorrectly showed the Change password button, even if the change password feature was disabled
  • Improved error message from enrollment cmdlet if the user was outside scope
  • Fixed an issue where user data wasn’t always removed when removing a user’s enrollment

Released March 10, 2020

8.9.20020.2

Usability improvements

  • New start page for users, listing actions a user can take.

Fixed issues

  • User management could display inaccurate value for “Time until password must be changed.”

Other changes

  • Added fallback language for customized text.
  • User management pages are hosted on their own URL. Links from the admin tool will go there. Saved bookmarks will redirect to the new URL.

Gatekeeper

  • Gatekeeper could unexpectedly switch between domain controllers, causing replication issues resulting in end user getting a “That took a bit too long” error message.
  • If Gatekeeper fails to reset a user’s password, event log message has been set to warning level (previously information level).
  • Gatekeeper Admin Tool : Improved error messages if migrating users from uReset 7.x fails.

Released January 23, 2020

8.8.19288.1

New Features

  • Added a Geoblocking feature that allows you to filter incoming requests based on geographical location (see Geoblocking for more information).

Fixed Issues

  • Improved error messaging in case of Gatekeeper activation failure.

Released October 16, 2019

8.7.19260.18

New Features

  • Added option to configure default country code for Mobile verification enrollment

Fixed Issues

  • Clarified allowed username formats when user is asked to enter username
  • User Management
    • Improved performance of user details page
    • Added information about key recovery events to user details page
  • Password start page
    • Will now load color and logo customizations
    • New unlock button if user only needs to unlock account
  • Landing page improvements
    • Only end user links to the left
    • Added link to Key Recovery
  • Fixed issues with Gatekeeper failing to activate due to proxy configuration and improved troubleshooting for Gatekeeper connectivity
  • Fixed issues with saving uReset notifications

Released September 18, 2019

8.6.19239.1

New Features

  • Added three new languages: Polish, Korean and Czech
  • Added support for migrating a single user from uReset 7 in addition to the batch version

Fixed Issues

  • Fixed bug where migration from uReset 7 failed in some scenarios
  • Fixed issue with not being able to select and copy text on the customization page
  • Added missing Email column to exported not enrolled users report
  • General stability improvements

Released August 27, 2019

8.6.19203.3

New Features

  • Added support for customization on landing pages.

Fixed Issues

  • Added various missing information in logs for Specops Key Recovery .
  • Fixed bug in Specops Authentication PowerShell CmdLets when domain name was shorter than 3 characters.
  • When used with Specops Password Policy , fixed issue with unsatisfied password dictionary rule displaying incorrect information message.

Released July 25, 2019

8.6.19170.1

New Features

  • Fingerprint usability improvements when authenticating on a mobile device.

Fixed Issues

  • Various fixes for multiple AD domain environments.
  • Fixed bug when exporting CSV of not enrolled users report.

Released June 19, 2019

8.5.19141.1

New features

  • Updates to customization functionality in Specops Authentication Web . These customization improvements make it easier to change the look and feel of the Specops Authentication end-user interface, including colors, text, and logos. For more information, see here.
  • Mobile Bank ID is enabled for customers using the EU data center from 8.5 onwards.

Released May 20th 2019

8.4.19123.2

Fixed Issues

  • Various improvements for Active Directory environments with multiple domains. Customers affected by multi-domain issues are recommended to upgrade their Gatekeeper.
  • Support for Breached Password Protection Express when used with Specops Password Policy 7.1 and later. The Breached Password Protection Express rule will be displayed to users when they change their password.
  • Support for length-based password aging when used with Specops Password Policy 7.1 and later. The length-based password aging setting will be displayed to users when they change their password.

Released May 15, 2019

8.3.19105.1

New Features

  • Support for Specops Key Recovery : This is a self-service solution for unlocking encrypted computers. If a user is locked out at the pre-boot screen, they can use Specops Key Recovery to unlock the computer, without needing to call their organization’s helpdesk. For more information, click here.
NOTE
To use Specops Key Recovery , you must have a Specops Key Recovery license.

Released April 16, 2019

8.1.19057.3

New features

  • Administrators can redirect the Specops Password Reset mobile app, so that it points to Specops uReset 8 and above, instead of Specops uReset 7.12 or Specops Password Reset applications.
  • When signing up for a Specops uReset 8 account, administrators can now choose either the European (EU) or North American (NA) data center.
  • Added domain name protection in URLs. This prevents an account from being accessed using a registered domain name. When this is enabled, all references to a domain name in application URLs are replaced by obfuscated IDs.

Fixed Issues

  • Some users were not being moved, when attempting to migrate them from Specops uReset 7.12 to Specops uReset 8.0.

Other changes

  • If a Manager Identification request cannot be sent (because of missing or invalid email addresses), end-users will now receive a report notifying them.
  • If a user sees the User must change password at next login flag, they are now guided to the Change Password page when trying to use their password within Specops Authentication .
  • Improved error handling for session timeouts. When a session timeout occurs, users can now click a button to return to where they started.

Released February 28, 2019

8.0.18311.3

Note:

  • The version number has been incremented from 7.12 to 8.0.
  • uReset customers upgrading from version 7.12 or earlier will need to migrate their enrollments. Contact your account representative for more information.

Fixed issues

  • Fixed an issue in which the online dictionary rule wasn’t displayed when users reset or changed passwords.

Other changes

  • Gated MFA – This function makes it possible to protect one identity service with the help of another to prevent misuse. For example, this requires users to enter a Mobile Code (SMS) before being allowed to sign in with their password.
  • The minimum length for Secret Questions can now be configured by each user.
  • The Symantec VIP Identity service now supports auto-enrollment.

Released November 14th, 2018

2.12.18296.1

New features

  • Password change support on the Authentication Web .
  • Support for authentication with the SITHS eID identity service.
  • Support for displaying the Breached Password Protection rule during password change. This is applicable to Specops Password Policy customers with the Breached Password Protection add-on.

Other changes

  • Support to sign-in with email address/samAccountName on the Authentication Web .
  • Setting to disable Captcha in the ADAL Browser.
  • New contact information fields during account creation.
  • Option to Test Connection with the Duo Security identity service.
  • Support for different Active Directory attributes when configuring the Duo Security, and Symantec VIP identity service.
  • Default “User must change password at next login” setting when a user password is reset from the User Management pages on the Authentication Web.
  • Automatic sign-out from the Authentication Web (following a password reset/change, or 30 minutes of inactivity).
  • Option to configure the maximum weight (star assignment) of an identity service.
  • End-user verification with one-time SMS code from the User Management pages on the Authentication Web .
  • Setting to allow Administrator and User Management users to be outside the scope of management.
  • Configurable auto/manual enrollment for the Mobile Code (SMS) identity service. If auto enrollment is selected, users with a mobile number in Active Directory will be automatically enrolled with the Identity Service.
  • Various improvements to the Migration Wizard.
  • Various improvements to the user experience, including a new top navigation menu, and additional information on several pages on the Authentication Web , and the Gatekeeper Admin Tool .
  • Option to remove the “Unicode” password rules text displayed to the end-user during a password change.

Released October 23, 2018

2.11.18204.2

Fixed Issues

  • In some scenarios, the end-user received a “Failed to validate captcha” error during authentication and had to try again.

Known issues

  • Accessing the Enrollment page from the Client menu shortcut, results in a “can’t reach this page” error on older versions of Microsoft Edge.

Released July 25, 2018

2.11.18197.1

New features

  • New shared web interface and Gatekeeper with Specops uReset . You can access both products from a single interface and allow users to extend their multi-factor authentication enrollments to verify themselves during a password reset. For more information, contact your account representative.
  • Language support for Dutch, French, German, Russian, Spanish, Swedish, Simplified Chinese, Japanese, Portuguese.
  • Support for multiple Active Directory domains in the same forest.
  • Delegated permissions for Gatekeeper installation. Gatekeepers can now be configured by a user that does not have administrative permissions on the domain level. The user can configure Specops Authentication for an organizational unit where they are an administrator.
  • Added drop-down for picking country code when using the Mobile Code (SMS) identity service.
  • Redundacy with multiple gatekeepers (if using the new Authentication Gatekeeper).
  • The Helpdesk interface has been redesigned and renamed to User Management.
  • Added option to allow the end-user to enter their North American local numbers, without entering a country code, when using the Mobile Code (SMS) identity service.
  • Improved design for the Specops Authentication start page.

Fixed issues

  • In some scenarios, the end-user received multiple mobile codes when using the Mobile Code (SMS) identity service.

Other changes

  • Various improvements to the user experience, including for some error scenarios.

Released July 18, 2018

2.7.18114.6

New features

  • Added cmdlets for administrator enrollment.
  • Swedish language support.

Fixed issues

  • In some scenarios, when multiple Gatekeepers were installed, Gatekeepers with lower assigned priorities were used when a Gatekeeper with a higher assigned priority was available.
  • During authentication, the company logo in the ADAL browser linked to the Specops Authentication start page.

Other changes

  • Improved user experience when installing multiple Gatekeepers for redundancy.
  • Removed read-only domain controllers when selecting preferred domain controller for Gatekeepers.
  • Reorganized Reporting, Monitoring, and Statistics menus on the Specops Authentication web.

Released April 25, 2018

2.6.18100.1

New features

  • Reporting menu for tracking user enrollment progress.

Fixed issues

  • If the captcha prompt was closed before finishing the captcha, the user could get stuck on the page.
  • In some scenarios, multi-factor authentication failed in the ADAL browser if one identity service was remaining.
  • Switching between statistics tabs saved the previous filter.

Other changes

  • Progress bar display when upgrading the Gatekeeper.
  • Added option to force the Gatekeeper service to use a specific domain controller.
  • Increased Sign out button visibility on mobile browser.

Released April 11, 2018

2.5.18081.1

New features

  • Support for proxy server customization during Gatekeeper setup.
  • Support for user counting (nightly and manual) complete with statistics.
  • Text customization for various end-user text elements.
  • Audit tracking for various events on the Specops Authentication web.

Other changes

  • Additional text customizations for end-user text elements.
  • Security improvements for various user scenarios.
  • Improved experience when using the Specops Authentication admin tools while accessing the Gatekeeper remotely.
  • Various design improvements to the administration pages on the Specops Authentication Web .
  • Added sign out button during multi-factor authentication. This will allow the user to sign out of all identity services before they have completed authenticated with Specops Authentication .

Released March 26, 2018

2.3.18051.2

New features

  • Email and SMS notifications for various events, including Manager Identification requests.
  • Multi-factor authentication policy for previously enrolled users when accessing their enrollment.
  • Detailed view of Specops Authentication usage, including identity service usage, number of sent text messages, and successful authentications to O365.
  • Detailed view of Specops Authentication subscription.
  • The Manager Identification identity service can be configured to display the name (or partial name) of the manager to the end-user.

Other changes

  • Various improvements to the user experience, including for some error scenarios.
  • Moved customer specific Duo Security configuration information to the customer’s Active Directory.

Released February 20, 2018

2.2.18025.1

Changes

  • Moved customer specific O365 configuration to the customer’s Active Directory.
  • Various improvements to the user experience, including for some error scenarios.

Released January 29, 2018

2.1.18011.1

New features

  • Added an enrollment reminder when a user with an incomplete enrollment signs in to O365.

Fixed issues

  • In some scenarios, the Gatekeeper status displayed not connected, when it should have displayed connected.
  • During authentication with Windows Identity, the password reveal button (eye button) was missing.
  • During the Gatekeeper installation, selecting a custom domain account, and switching to a managed service account, resulted in an error.
  • Accessing the customization features on the Specops Authentication web, when logged in with the installation account, logged the user out.
  • The Symantec VIP configuration page did not apply the CSS custom file.
  • Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app (iOS and Android).

Other changes

  • Various improvement to the user experience, including for some error scenarios.

Released January 15, 2018

2.0.17362.1

Fixed issues

  • Downloading the MetaData file for Symantec VIP the second time did not produce the same file.
  • Enrolling with the Specops Fingerprint App did not work if the enrollment was initiated on the same device used to authenticate with the Fingerprint app.
  • Unable to disable an O365 domain that did not exist in Azure AD.

Other changes

  • Various small improvements to the user experience, including for some error scenarios.

Released December 28, 2017