Winter (Q1) 2025 Release

Secret Server (SS) on Platform

  • Platform Integration Center (in private preview): Designed to provide a path for existing Secret Server Cloud tenants to fully integrate with the platform, from standalone tenants through to fully unified. Learn more about this update here.

  • Event-Driven User and Mapping Updates: Secret Server now supports near-real time updates for user mapping changes through event-driven processing.

  • Entra ID Discovery Enhancements:

    • Account Type Filtering: Added the ability to filter Entra ID account types during Discovery, including options to exclude External Accounts and Synchronized On-Premises AD Accounts.

    • Heartbeat and MFA Enrollment: Heartbeat checks now support accounts pending MFA enrollment, with improved error handling for reliability.

    • Role Assignments via Groups: Entra ID Discovery now identifies role members assigned through group memberships.

  • Improved Search Performance:

    • Resolved performance issues during secret searches by optimizing internal logic to limit searches to user-accessible secrets.

    • Enhanced database handling by eliminating deadlocks and significantly improving performance.

Continuous Identity Discovery (CID)

Continuous Identity Discovery was previously referred to in Delinea Platform as Cloud Identity Discovery.

  • Continuous Identity Discovery (CID) (in GA) helps discover privileged cloud identities, including admins, shadow admins, and privileged non-human identities that are not vaulted in Secret Server and suggest vaulting them in a click of a button. Learn more about this new service here.

    • Continuous, Out-of-the-Box Discovery: Discover privileged accounts, including shadow admins, admins, and both local and federated accounts, without the need for custom scripts.

    • Detect PAM Bypassing: Identify users accessing cloud applications directly, bypassing the vault.

Identity Threat Protection (ITP) and Privilege Control for Cloud Entitlements (PCCE)

  • Workday integration (in GA) - leverage Workday as a source of truth for better visibility and posture.

    • Gain a comprehensive view of your workforce with enriched identity-level information.

    • Use Workday as a trusted source-of-truth to discover partially off-boarded users and external accounts.

    • Enhance identity merging by leveraging diverse account properties like email and employee ID.

Learn more about this new integration here.

  • Introducing Cases (in GA): Incidents are being replaced with a new layer for security findings in ITP and PCCE, designed to reduce noise by grouping alerts based on predefined logic, such as attack patterns or entities. Cases are now the central location for customers to access actionable, security-relevant items. Learn more about this update here.

Analytics

  • Introducing Analytics (in Private Preview), enabling organizations to gain deeper insights into user behavior and risks while maintaining their security posture.

  • Know Your User Risk: Monitor and identify your riskiest users with automatically calculated risk scores based on behavioral patterns and authentication threats, making it easy to spot anomalies.

  • Recognize Behavioral Change: Detect deviations from normal activity, with baseline behavioral indicators so you can identify and respond to potential threats with efficiency and precision.

  • Proactively Protect Accounts: Protect all accounts from attacks by recognizing when there is a potential threat in progress and investigate in near real-time before they get in and cause damage.

  • Customize Risk Parameters: Adjust scoring weights and alert thresholds to align with your organization’s specific needs. Customization is key to making security work for you by ensuring you set the rules to avoid false alerts and irrelevant workflows.

Learn more about this new service here.

Privileged Remote Access (PRA)

  • PRA Workloads (in Public Preview): Unified deployment of PRA capabilities on the Delinea Platform Engine and a centralized Engine Management interface. Available for both Windows and Linux. Learn more about this new capability here.

  • Kerberos Support (in GA): PRA users can now securely access target machines within Windows Domains that utilize Kerberos authentication.

    • Enhanced Security: Kerberos mitigates risks associated with NTLM, including Pass-the-Hash, DC Sync, NTLM-relay, and other attack techniques. Refer to Microsoft's NTLM deprecation announcement for more details.

    • Seamless Integration: For customers using both Kerberos and NTLM, the "fall back to NTLM if Kerberos fails" approach ensures uninterrupted access and flexibility. Learn more about this update here.

  • New Disconnect Remote App Session: A new Ctrl+Alt+Delete shortcut added to the Disconnect menu in PRA to prompt users to sign out from their session. Learn more about this update here.

Connection Manager (CM)

  • Connection Manager 2.5.4 Release

    • Simplified Authentication Flow: Users can now authenticate to Secret Server via an external browser without needing to click on a Secret Server page to launch Connection Manager.

    • Preconfigured Vaults for Administrators: Administrators can preconfigure multiple vaults, eliminating the need for users to create connections when opening Connection Manager for the first time.

    • Additional Updates: More updates and enhancements are detailed in these release notes.

Privilege Control for Servers (PCS)

  • Run As Service Account or Domain Group. This feature is part of the Granular Commands capability (in GA) allows applications to run as an Active Directory user or domain group, eliminating the need to log in as a specific user to complete tasks. Learn more about this new capability here.

  • Multi-Factor Authentication (MFA) for Server Suite (in GA). Server Suite customers can now integrate with the Delinea Platform as an MFA source. Learn more about this new capability here.

Inventory

  • Collections (now in GA): This new capability allows computers to be grouped by shared attributes for easier management. Policies can now be streamlined and applied to collections, minimizing manual effort. Additionally, collections automatically update as new computers meet the defined criteria, enhancing scalability and ensuring that asset management remains efficient as the environment grows. Learn more about this new capability here.

  • Permissions on Collections (in Private Preview): You can now assign detailed permissions to computer collections, controlling which computers an end user can view and interact with. This capability currently applies to computer collections, with more asset types to be added in the future. Learn more about this new capability here.

Identity & Federation

  • Enhanced Security with Duo Integration (now in GA): Customers can enable Duo MFA for an extra layer of security during login and authentication, strengthening their security posture while ensuring a seamless user experience. Learn more about this new integration here.

  • Native Entra ID Integration (in Private Preview): The Delinea Platform introduces a direct API integration with Microsoft Entra ID, offering seamless SSO login and MFA using Entra ID credentials. This integration enables direct usage of Entra ID groups without the need for local mapping or user claim mapping. It also provides a streamlined experience for browsing Entra ID groups and users within the platform, while supporting the pre-assignment of users to roles and permissions prior to their first login. Learn more about this integration here.

  • Federation Automated Group Mapping (in Private Preview): This feature dynamically creates and assigns groups based on group claims received from the IdP during user authentication, eliminating the need for manual configuration. This enhancement saves time, reduces effort, and minimizes the risk of human error when group mapping at scale. Learn more about this feature here.

  • Platform Service Account Creation Improvements: We've enhanced the service user creation workflow, making it easier to set up non-interactive, programmatic access for API integrations and automation scripts. These improvements streamline the process, reducing setup time and complexity. Learn more about this update here.

  • Integrated Windows Authentication (IWA) Host Certificate (now in GA): In addition to the option to import your own certificate, you can now generate a self-signed certificate with a single click, making setup and management of IWA more efficient. Learn more about this update here.

Engine Management

  • At a Glance view:

    • Users can view the 'at a glance' summary of the site, including the Engine and its Workloads.

    • Easily check the status of Workloads with fewer clicks.

  • Auto update maintenance window:

    • Users can choose site-level settings to automatically update their engines.

    • Schedule updates for specific times and days.

Learn more about these updates here.

Marketplace & Integrations

  • Download Center (now in GA): Now have ability to download up to 3 previous versions of the software packages. Learn more about this capability here.

  • Marketplace Quick Filters - ability to use Quick filters to filter top integrations. Learn more about this update here.

  • New and Updated Integrations:

    • Microsoft Defender for Identity Integration with Secret Server (in Private Preview). Learn more about this new integration here.

    • ITP/PCCE: GCP Integration GA

    • MFA: Cisco Duo native in Platform GA

    • Splunk Cloud Integration via Webhooks

    • Direct Entra ID API Integration

    • Workday ITP/CID Integration GA

    • RabbitMQ Helper 12.0.0

    • Terraform SS Integration upgrade 2.0.10

    • Jenkins Release 1.1.0/1.1.1

    • SCIM on prem 4.7.0

    • Secret Server SDK support

    • Terraform 2.0.10

    • ServiceNow Xanadu certification for all Delinea ServiceNow Integrations

Other Updates

  • Webhooks Security (now in GA): Use webhook secret to verify the legitimacy of the webhook request and protect against man-in-the middle attacks. Learn more about this new feature here.

  • Combined Discovery (in Public Preview): You can now create and manage both Identity Threat Protection (ITP) and Secret Server (Vault) discovery sources. The two "Sources" pages have been combined under Discovery for a more streamlined experience. Learn more about this update here.