Summer (Q3) 2024 Release

Secret Server on Platform

Entra ID Password Changing

  • Alternative to Azure AD PowerShell Modules: Introduced support for Microsoft Graph API to replace the retired Azure AD PowerShell modules.

  • MFA-Enabled Entra ID Account Passwords: Added functionality to change passwords for Entra ID accounts with MFA enabled.

  • New Secret Templates:

    • Entra ID Application Registration: Allows for containing and mapping an Entra Application as a privileged account for password changing, using the new OAuth Application Registration extended mapping.

    • Entra ID User Account: Enables password changing for an Entra ID account, even with MFA enabled, using the Application Registration.

Remote Access Service (RAS)

  • Rebranding: Remote Access Service (RAS) has been rebranded to Privileged Remote Access (PRA).

  • Dark/Light Mode Themes: Now supports dark and light mode color themes, matching the preferences applied to the platform.

  • RemoteApp Assets (Private Preview): Introduced desktop applications as a first-class inventory object for providing just enough access.

  • File Transfer Usability improvements: Multiple file uploads and downloads and background file transfers to ensure users can continue to work uninterrupted remotely.

  • Accessibility support: All PRA menu operations can be accomplished using keyboard controls.

  • Clipboard masking: Copy confidential information into the PRA clipboard minimizing exposure of sensitive data.

Connection Manager (CM)

Available in Connection Manager 2.5.2 Release

  • Vault Auto-Reauthentication Configuration: Users can now configure the vault reauthentication behavior. Options include maintaining the existing behavior that automatically restarts the authentication flow or forcing a fresh login when vault session/refresh tokens expire. This feature is especially beneficial for users with longer session/refresh lengths configured through an external identity provider.

  • Machine Field Display: Connection Manager now displays a "Machine" field from Secret Server, helping users identify the correct target when the secret name is not self-explicit. This field will show in both the Secret Server and Connection Manager grid views.

  • Session Status Popup: The Session Status popup window, which appeared every time a user signed out of a vault, is now disabled by default. Users can re-enable this pop-up if they encounter memory leak issues.

  • Memory Leak Resolutions: Addressed various memory leaks to improve performance.

Identity & Federation

  • MFA for Federated Users (now GA): Federated users can now be challenged for additional MFA within the Platform, including Platform user logon and browser-based step-up MFA such as secret access.

  • Identity Policies Administration: Significant UX improvements for creating and managing identity policies, including better handling of default values and the flexibility to apply policies globally or to specific groups.

  • Bulk Invite Users: Administrators can now invite users in bulk from various identity directories, including Delinea and Active Directory (AD). This feature covers AD users who have not yet logged into the platform.

  • New Connector v6.1.350: Improved the Delinea Connector with a job to refresh “EnvironmentInfo”, periodic updates for AD Topology, adjusted refresh intervals based on user changes, and a fix for AD master node syncing issues. Note: Upgrade to v6.1.350 or later by August 31, 2024, to avoid downtime due to major API changes.

  • New Documented Identity Providers for Federation: Added support for AD FS, Entrust, and OneLogin.

Audit

  • Audit Logging: Audit logging now supports audit events from various services including Identity, Inventory, and Tenant Profile (tenant customization).

  • Deep Linking: Added support for deep linking within audit events to easily access users and session recordings.

  • Session Recording Comments (Private Preview only): Users can now add and reply to comments on each session recording and flag risks.

  • AI-Driven Audit (Private Preview): Improved AI-driven audit with streamlined call-to-action to run the analysis and a progress indicator.

Permissions

  • Consistency Across Platform Services: Improved consistency for a more intuitive user interface by leveraging the same Add Member component as Identity.

  • Case Insensitivity: Users can now search for permissions regardless of case sensitivity.

  • Enhanced Error Messages: Improved error messages to assist with better troubleshooting.

  • Service Resiliency: Enhanced resiliency to ensure more reliable performance.

Engine Management

  • Engine State Monitoring: The engine state is marked as Unknown if the engine management does not receive a heartbeat within a specified time.

  • Uninstall Process: The uninstall process now correctly displays the engine version.

  • Deleting an Engine: Deleting an engine now clears all associated folders and removes old heartbeats.

  • Default Settings for Workloads added.

  • All engine pool logs (including workload logs) now stored in: C:\ProgramData\Delinea Engine\log.

Marketplace & Integrations

  • New Certification Badge, Delinea Trusted: Indicates an integration maintained by a third-party vendor. While Delinea confirms its compatibility, ongoing support should be sought from the vendor's documentation or support channels.

  • Integration Configuration: Simplified launch into configuring native integrations with a Configure button directly from the integrations themselves. This feature is utilized by various integrations, including identity providers for setting up federation providers, among others.

  • ITP/PCCE Integrations: Introduced new integrations pertaining to Identity Threat Protection and Privilege Control for Cloud Entitlements.

  • New and Updated Integrations:

    • All ServiceNow integrations certified for the Washington DC release.

    • MID Server Release 4.5.1

    • JDBC Proxy Driver 3.1/3.2 updated to utilize a new encryption method using hardware details to encrypt credentials.

    • Rapid7 Insight VM RPC can now be used as RPC with added scripts available in the delineaxpm GitHub repo.

    • SCIM Release 4.5.1 for Secret Server only

    • RabbitMQ Helper 10.5.0

    • Okta and ServiceNow OOB RPC in Secret Server

    • MS Sentinel AMA Connector Release for Secret Server

  • Security Upgrades: Upgraded several packages to resolve security vulnerabilities, including:

    • SCIM Release 4.5.1

    • Terraform 2.0.6

New Authenticator mobile app

  • New Authenticator Mobile App (Private Preview): Introducing a dedicated mobile app for authentication.

  • QR Code Registration: Users can scan a QR code to register.

  • Push Notifications: Easy-to-use push notifications.

  • Authenticator Tab Renamed to Passcodes: The passcode function remains unchanged.

  • New Registration Workflow: Implemented for all mobile applications on the Platform.

Other updates

  • Updated User Profile: Enhanced user profile management to include account, security, and application preferences in one place, offering an improved user experience.

  • Global Platform Search (GA): The global platform search feature is now generally available.