You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Release Notes Version 7.205.0.0
New Features
Microsoft 365
We have introduced extended support to inventory hybrid attributes of groups for Microsoft 365 Hybrid setup (On-premise AD + Azure). With this update, membership management and updates can now be performed on those on-premise groups synced from Azure, which was previously not possible. This enhancement enables organizations to better manage their hybrid environment, streamlining the membership management process for synced groups, and improving overall efficiency.
IT Shop
A new feature has been introduced in Privileged Session Management (PSM) that enables the addition of a particular group to a domain account. If the computer has been inventoried locally, EmpowerID creates a temporary local admin user with RDP permissions. It then verifies if the Access Request policy is configured to add a specific group to the domain account. If the setting is present, the workflow responsible for creating the local temporary admin identifies the domain account of the user and adds it to the designated group. Upon completion of the PSM session, the workflow removes the user from the group.
To enhance the search functionality for users in the IT shop, we have implemented a filtering mechanism that displays only the resources that the user is authorized to access. This has been achieved through the creation of new Management Roles and the implementation of visibility restriction policies. By leveraging these tools, we can offer a faster and more streamlined search experience, tailored to the unique needs and permissions of each user. The table below outlines the new objects introduced in this implementation:
Recertification
We have introduced new recertification policies to attest user rights and access, simplifying the configuration of guidelines and procedures for the recertification process. These new policies include:
Direct Reports – This recertification policy collects access data to validate the necessity of managers and their direct reports for a valid business purpose. The data is presented to the responsible person to certify whether a direct report for a particular manager should exist.
Group Membership – This recertification policy collects access data to validate whether a user's group membership is still necessary for a valid business purpose. The information is reviewed by the responsible party for the group, who can determine whether the membership should continue.
Person Access Summary – This policy validates a person's access assignments, including the level of access granted and any special privileges or permissions. It provides a comprehensive summary of all types of access assignments currently granted to the person.
Person Validity – This recertification policy determines whether a Person object is still required in EmpowerID.
To simplify the use of Recertification policies, we have implemented inclusive configurations that require configuring the Add Item Type Scope (Data). With this new approach, audits will only collect data based on the Item Types added to the policies. If an audit has a policy with no Item Type, the audit will not generate any data or business requests.
Previously, the policies supported exclusive configuration, which meant that the scope of data to collect was predefined, and users could only exclude types and data. This new approach allows for greater flexibility and customization of the recertification policies, ensuring that data collection is focused only on the necessary information.
EmpowerID has introduced a new feature that allows for the sending of additional advanced reminder emails to auditors involved in the access review process. This enhancement ensures that the access review process is completed within the designated timeframe and in compliance with the organization's security policies. Previously, the system was only configured to send email notifications for business request tasks generated for access recertification.
The advanced email feature can be accessed from the Audit Detail page, providing an intuitive and streamlined approach for users to send reminders to auditors involved in the access review process. This new capability helps to improve the overall efficiency and effectiveness of access review, ensuring that all relevant stakeholders are aware of their responsibilities and deadlines.
Improvements
We have implemented a new feature in the IT shop's ResourceAdmin User Interface that makes it easier to add client secrets, certificates, app scopes, and app roles. Users can now access an "Add Client Secret" button, as well as buttons for adding certificates, scopes, and app roles, streamlining the process of adding these resources.
This new functionality reflects our ongoing commitment to improving the user experience and providing our customers with the tools they need to efficiently manage their resources.
Â
We have improved the user experience in the IAM Shop by making it easier for users to see which permission levels have already been assigned. We have added additional text and links that make the assigned permission levels more visible, ensuring that users have a clear understanding of their access rights and privileges.
By providing greater transparency around assigned permission levels, users can more effectively navigate the IAM shop and take advantage of the resources available to them.
We are excited to announce that we have added responsive support for mobile devices on various pages within EmpowerID, improving the user experience for our customers. The following pages have been updated to support mobile devices:
Computers Login Session Access
Computers Login Session History
Computers Membership-based Access
Mobile Navigation For Computer ManageAccess
Credentials Manage Access Navigation Mobile
Computers Request Access Listings
With these enhancements, users can now easily access and use EmpowerID on their mobile devices, providing a more flexible and convenient experience. By optimizing these pages for mobile use, we are helping our customers stay connected and productive, whether they are in the office or on the go.
Â
Fixed Issues
With this release, we have made significant improvements to PSM to address several issues and enhance the user experience.
One major issue addressed in this release is related to the computer video recording during live snooping, where the recording wasn't capturing all sessions. We have also addressed the issue of lagging PSM video recording and distorted images on the screen.
To improve the recording uploader, this release introduces a separate component called Upload-Monitor, which monitors the upload folder and location and signals the uploader to retry if an upload fails to complete.
We have also made changes to the PSM session duration, where users can now access sessions only within their allotted time limit. Previously, users could access sessions for up to 10 minutes beyond their allotted time limit, leading to potential security risks. These changes ensure that access is not granted more than the given allotted time.
Â
Â
Â
Â
Â