Many SSO applications leverage a single authentication for a user, yet have options for access to discrete "component" applications. A few prime examples of this are AWS and Office 365. Both of these applications can be broken down to separate component applications (e.g. EC2 and S3 for AWS and Outlook and Calendar for Office 365). With the introduction of linked apps, we allow the admin to create separate application tiles and mappings for user access for the discrete component applications. With this release, all SSO apps (SAML and OpenID Connect) and all custom SSO apps in the catalog now have a LInked Applications tab. From this tab, the Admin can add the linked app to make the component applications available to their users.
For AWS, and Office 365, we know which apps are available as linked apps and show those in the UI. For other applications, we simply provide a template allowing the Admin to add the linked application. NOTE: Linked Apps is currently in "Preview" for Office 365 because some of the Microsoft component applications do not support a true SSO experience (for those apps, the user must click on a profile name to get signed into the app).
Improved UX for MFA response through RADIUS
Customers using our RADIUS implementation to extend our MFA to clients (e.g. VPNs) have been asking us to support out-of-band responses when using MFA from the client. In other words, when logging into a VPN client, when the user is prompted for MFA, the user should be able to respond to the challenge (e.g. push notification through Mobile Authenticator, SMS, etc.) through the challenge itself (rather than typing in a response code in the client). This can now be enabled by going to Settings > Authentication > RADIUS Connections > Clients and configuring the response options.
Improved Local Admin Account Password Management for Macs
I'm also really excited about the improvements we've made to our ability to manage the local admin accounts for Macs. Specifically, in this release we've made 2 improvements:
- We now give Admins the ability to set a policy to define how frequently passwords get rotated, and
- We now give Admins the ability to set rules for the password complexity of the passwords we create.
We hope you like these new features and look forward to hearing your feedback!