Summer (Q3) 2024 Release

Secret Server on Platform

Entra ID Password Changing

  • Alternative to Azure AD PowerShell Modules: Introduced support for Microsoft Graph API to replace the retired Azure AD PowerShell modules.

  • MFA-Enabled Entra ID Account Passwords: Added functionality to change passwords for Entra ID accounts with MFA enabled.

  • New Secret Templates:

    • Entra ID Application Registration: Allows for containing and mapping an Entra Application as a privileged account for password changing, using the new OAuth Application Registration extended mapping.

    • Entra ID User Account: Enables password changing for an Entra ID account, even with MFA enabled, using the Application Registration.

Remote Access Service (RAS)

  • Rebranding: Remote Access Service (RAS) has been rebranded to Privileged Remote Access (PRA).

  • Dark/Light Mode Themes: Now supports dark and light mode color themes, matching the preferences applied to the platform.

  • RemoteApp Assets (Private Preview): Introduced desktop applications as a first-class inventory object for providing just enough access.

  • File Transfer Usability improvements: Multiple file uploads and downloads and background file transfers to ensure users can continue to work uninterrupted remotely.

  • Accessibility support: All PRA menu operations can be accomplished using keyboard controls.

  • Clipboard masking: Copy confidential information into the PRA clipboard minimizing exposure of sensitive data.

Connection Manager (CM)

Available in Connection Manager 2.5.2 Release

  • Vault Auto-Reauthentication Configuration: Users can now configure the vault reauthentication behavior. Options include maintaining the existing behavior that automatically restarts the authentication flow or forcing a fresh login when vault session/refresh tokens expire. This feature is especially beneficial for users with longer session/refresh lengths configured through an external identity provider.

  • Machine Field Display: Connection Manager now displays a "Machine" field from Secret Server, helping users identify the correct target when the secret name is not self-explicit. This field will show in both the Secret Server and Connection Manager grid views.

  • Session Status Popup: The Session Status popup window, which appeared every time a user signed out of a vault, is now disabled by default. Users can re-enable this pop-up if they encounter memory leak issues.

  • Memory Leak Resolutions: Addressed various memory leaks to improve performance.

Identity & Federation

  • MFA for Federated Users (now GA): Federated users can now be challenged for additional MFA within the Platform, including Platform user logon and browser-based step-up MFA such as secret access.

  • Identity Policies Administration: Significant UX improvements for creating and managing identity policies, including better handling of default values and the flexibility to apply policies globally or to specific groups.

  • Bulk Invite Users: Administrators can now invite users in bulk from various identity directories, including the Platform directory and Active Directory (AD). This feature covers AD users who have not yet logged into the platform.

  • New Connector v6.1.350: Improved the AD Connector with a job to refresh “EnvironmentInfo”, periodic updates for AD Topology, adjusted refresh intervals based on user changes, and a fix for AD master node syncing issues. Note: Upgrade to v6.1.350 or later by August 31, 2024, to avoid downtime due to major API changes.

  • New Documented Identity Providers for Federation: Added support for AD FS, Entrust, and OneLogin.

Audit

  • Audit Logging: Audit logging now supports audit events from various services including Identity, Inventory, and Tenant Profile (tenant customization).

  • Deep Linking: Added support for deep linking within audit events to easily access users and session recordings.

  • Session Recording Comments (Private Preview only): Users can now add and reply to comments on each session recording and flag risks.

  • AI-Driven Audit (Private Preview): Improved AI-driven audit with streamlined call-to-action to run the analysis and a progress indicator.

Permissions

  • Consistency Across Platform Services: Improved consistency for a more intuitive user interface by leveraging the same Add Member component as Identity.

  • Case Insensitivity: Users can now search for permissions regardless of case sensitivity.

  • Enhanced Error Messages: Improved error messages to assist with better troubleshooting.

  • Service Resiliency: Enhanced resiliency to ensure more reliable performance.

Engine Management

  • Engine State Monitoring: The engine state is marked as Unknown if the engine management does not receive a heartbeat within a specified time.

  • Uninstall Process: The uninstall process now correctly displays the engine version.

  • Deleting an Engine: Deleting an engine now clears all associated folders and removes old heartbeats.

  • Default Settings for Workloads added.

  • All engine pool logs (including workload logs) now stored in: C:\ProgramData\Delinea Engine\log.

Marketplace & Integrations

  • New Certification Badge, Delinea Trusted: Indicates an integration maintained by a third-party vendor. While we confirm its compatibility, ongoing support should be sought from the vendor's documentation or support channels.

  • Integration Configuration: Simplified launch into configuring native integrations with a Configure button directly from the integrations themselves. This feature is utilized by various integrations, including identity providers for setting up federation providers, among others.

  • ITP/PCCE Integrations: Introduced new integrations pertaining to Identity Threat Protection and Privilege Control for Cloud Entitlements.

  • New and Updated Integrations:

    • All ServiceNow integrations certified for the Washington DC release.

    • MID Server Release 4.5.1

    • JDBC Proxy Driver 3.1/3.2 updated to utilize a new encryption method using hardware details to encrypt credentials.

    • Rapid7 Insight VM RPC can now be used as RPC with added scripts available in the delineaxpm GitHub repo.

    • SCIM Release 4.5.1 for Secret Server only

    • RabbitMQ Helper 10.5.0

    • Okta and ServiceNow OOB RPC in Secret Server

    • MS Sentinel AMA Connector Release for Secret Server

  • Security Upgrades: Upgraded several packages to resolve security vulnerabilities, including:

    • SCIM Release 4.5.1

    • Terraform 2.0.6

New Authenticator mobile app

  • New Authenticator Mobile App (Private Preview): Introducing a dedicated mobile app for authentication.

  • QR Code Registration: Users can scan a QR code to register.

  • Push Notifications: Easy-to-use push notifications.

  • Authenticator Tab Renamed to Passcodes: The passcode function remains unchanged.

  • New Registration Workflow: Implemented for all mobile applications on the Platform.

Other updates

  • Updated User Profile: Enhanced user profile management to include account, security, and application preferences in one place, offering an improved user experience.

  • Global Platform Search (GA): The global Platform search feature is now generally available.