Fall (Q4) 2024 Release

Secret Server (SS) on Platform

• Entra ID Discovery Expansion: The discovery capabilities now include the new Entra ID Discovery source and scanners, broadening visibility and access to Entra ID resources. Learn more about this update here.

• Entra ID Remote Password Enhancements: A series of updates to improve handling of Entra ID accounts, specifically:

  • Processing heartbeats for Entra ID accounts requiring MFA

  • Processing heartbeats for Entra ID accounts with Conditional Access Policies that enforce MFA.

  • Learn more about this update here.

Cloud Identity Discovery (CID)

• Expanded Identity Coverage: Improve your organization’s identity security with enhanced discovery capabilities in Secret Server Cloud on the Delinea Platform. CID now covers cloud identities including privileged accounts, service accounts, admins, and shadow admins.

• Automated Monitoring of Sensitive Accounts: CID operates automatically and continuously, enabling seamless monitoring of sensitive accounts. Privileged credentials can be quickly vaulted in Secret Server as needed, ensuring secure storage and reducing the risk of unauthorized access.

• Enhanced Discovery and Access Customization: Easily discover privileged users, including those with stale credentials or lacking MFA. CID also enables quick customization of access, helping you keep user privileges current and aligned with security policies.

• Learn more about this new service here.

Identity Threat Protection (ITP) and Privilege Control for Cloud Entitlements (PCCE)

Snowflake Integration:

• Enhanced User Visibility: Easily identify and manage user accounts without MFA and partially off-boarded accounts.

• Privileged Account Discovery: Detect privileged roles and accounts based on assigned permissions.

• Comprehensive Health Checks: Ensure your Snowflake environment's security and compliance with thorough health checks.

• Attack Detection Rules: New rules targeting password and MFA-based attacks on Snowflake.

• Learn more about this new integration here.

Privileged Remote Access (PRA)

• PRA Workloads(in private preview): Unified deployment of PRA capabilities on the Delinea Platform Engine and a centralized Engine Management interface. Learn more about this new capability here.

• File Transfer Enhancements: Prevent accidental data loss while transferring files between local and remote systems. Users can see when file transfers are active and they are notified if they try to close the remote connection.

• Remote Applications: Access published RDS desktop applications rather than entire systems, enforcing least privilege access and reducing the potential attack surface and associated security risk. Learn more about this new capability here.

Connection Manager (CM)

Available in Connection Manager 2.5.3 Release:

• RDP Connection Timeout over TCP: Connection Manager now allows MacOS users to customize the RDP connection timeout over TCP. This is helpful for extending the timeout in scenarios involving proxy or MFA. Learn more about this update here.

• MacOS 15 Sequoia Support: Supports the latest MacOS release.

• Additional Updates: More updates and enhancements are detailed in these release notes.

Privilege Control for Servers (PCS)

• Granular Commands Capability (in private preview):

  • Minimize Standing Privilege: Define specific commands within PCS policies for Windows, Linux, and Unix, ensuring users can elevate only what they need.

  • Enforce Least Privilege: Limit elevated user actions to pre-approved commands, reducing security risks.

  • Enhanced Security and Control: Prevent unauthorized elevated actions with command-level restrictions.

  • Learn more about these new capabilities here.

• Targeting Machines in AD without Agents:

  • Enhanced Policy Targeting: Apply PCS policies to Active Directory (AD) machines without requiring an agent to be installed first.

  • Faster Onboarding: The onboarding process has been streamlined to accelerate time-to-value.

• Collections (in private preview):

  • Dynamic Asset Grouping: Group computers by shared attributes for simplified management.

  • Streamlined Policy Targeting: Apply policies to collections, reducing manual effort.

  • Scalability: Collections automatically update as new computers meet the defined criteria.

  • Learn more about these new capabilities here.

Identity and Federation

• Enhanced Security with Duo Integration (in public preview): Customers can enable Duo MFA for an extra layer of security during login and authentication, strengthening their security posture while ensuring a seamless user experience. Learn more about this new capability here.

• Improved User Experience with Extended Idle Timeout: The maximum user idle timeout has been increased from 60 minutes to 12 hours.

• Quick Account Unlock Option: When users are locked out, Admins can now swiftly restore access to user accounts on the Delinea Platform.

• New Documented Identity Providers for Federation: Support has been added for Google, BlokSec, RSA ID Plus, and Celestix.

• Learn more about these new capabilities here.

Engine Management

• Nomenclature Updates: Consolidated naming across Engine Management and Platform Engine, including updates to UI, Engine installer, and documentation. Some of these changes will be seen iteratively over the coming months.

• Improved Logging: View all Platform Engine and workload logs directly in the Engine Management UI, enhancing supportability.

• Learn more about these new updates here.

Marketplace and Integrations

• Download Center (in public preview): A dedicated space within the Delinea Marketplace. This new feature simplifies access to a wide range of downloadable resources, including agent updates and tools. Learn more about this new capability here.

• New and Updated Integrations:

  • External Secrets Operator with Secret Server

  • MS Sentinel AMA Integrations with Secret Server CEF and Syslog

  • RabbitMQ Helper upgraded to have UI-guided install

  • Jenkins Release 1.0.9

  • Terraform Secret Server Integration upgrade 2.0.8

  • JDBC Proxy for Tomcat and WebSphere upgrade v3.3

  • MidServer Credential Resolver 4.5.2

  • Learn more about new integrations here.

New Authenticator Mobile App

• New Authenticator Mobile App (now in GA): Introducing a dedicated mobile app for authentication. The app is now available in iOS and Google Play stores.

  • QR Code Registration: Users can scan a QR code to register.

  • Push Notifications: Receive authentication request notifications on your registered mobile device

  • Renamed "Authenticator" Tab to "Passcodes" in the Delinea Mobile application

  • New Registration Workflow: Implemented for all mobile applications on the Delinea Platform

  • Now listed in the Platform Marketplace

  • Learn more about this new application here.

Other updates

• Platform APIs (now published): The Platform APIs provide developers with comprehensive access to key platform functionalities. The APIs allow seamless integration, automation, and customization to enhance your Delinea experience:

  • Platform API Documentation

  • Sample PostMan Collection

  • Sample scripts (PowerShell  and Python) to manage OAuth tokens and test API connectivity for the Delinea Platform. These are simplified examples and might need to be adapted to fit your specific requirements.

• Platform Service Account: When you create a service account on the platform, an application account in Secret Server Cloud will now be created automatically, without the need to log in with the service account iteratively.

• Delinea Expert (in public preview): Delinea Expert is a secure, conversational AI designed to understand and generate human-like text using curated Delinea knowledge. Users can ask questions about platform features, components, or best practices and receive answers with supporting links. Learn more about this new capability here.

• Webhooks (in public preview): Supports sending platform audit logs to an HTTP webhook endpoint with enhanced event filtering, new webhook logs for better visibility and troubleshooting, and an updated UI for a streamlined experience. Learn more about this new capability here.

• Tenant IP Restriction: This new feature enhances the security of your tenant by ensuring that only trusted IP addresses can connect, helping to protect sensitive data and operations. Customers can submit a Delinea support case with their desired IP ranges to apply to their platform tenant.

• Web Password Filler (WPF): Support for Manifest v3 as of version 3.10. Learn more about this update here.

• Enhanced Filtering Experience: Updated filtering across all platform tables. This feature can be activated using the new user opt-in option under the user’s profile preferences, or directly via the tables.

• Expanded Favorites Functionality: The recents and favorites table on the homepage now covers a wider range of objects on the platform, such as pages, secrets, and computers.