With release 21.7, CyberArk Identity supports the following new features:
Single Sign-On
CyberArk Identity Password Generator
CyberArk Identity SSO enables companies to securely store and manage password-based credentials in CyberArk Cloud or optionally self-hosted CyberArk Vault and enforce robust controls over business application access. The included CyberArk Identity Browser Extension automatically recognizes when new password credentials are entered and securely stores and replays them when apps are accessed again. With this release, you can use the CyberArk Identity Browser Extension to easily generate secure and unique passwords for use with business applications. This reduces password-related security threats by removing the incentive for users to reuse weak (but easily remembered) passwords while simplifying application access user experience.
Please see Generate strong passwords with the CyberArk Identity Password Generator for more details.
Custom URL Domains (Preview)
CyberArk Identity now supports creating custom domains and mapping them to your tenant's URL. This allows you to create a tailored sign-in experience for your users, make URL for CyberArk Identity easy to remember, and align URL structure with your company's brand. For example, you can create the custom domain login.example.com and map it to your default tenant URL.
Please note: this feature is currently in preview. Please contact your CyberArk account representative to enable the Custom Domains option on your tenant.
Identity Verification with Ekata (GA)
The integration between CyberArk Identity and Ekata is now generally available. Ekata provides identity verification (IDV) service by applying pattern recognition, predictive analytics and machine learning to the key consumer data attributes, such as email, phone, name, physical address and IP. This enables you to assess the overall risk of an applicant for a new account and ensure that synthetic or stolen IDs are not used for account creation. With this release, the Ekata IDV service is now integrated into the CyberArk Customer Identity account sign-up workflow. Using this integration, you can easily identify high-risk sign-ups and take appropriate actions to prevent identity fraud. For example, you can require a user to obtain approval from a designated person before they can create a profile in the CyberArk Identity-protected application or website.
To learn more about this integration, please see here.
Multi-Factor Authentication
Self-Service Password Rest and MFA Factor Compliance Reporting
Forgotten passwords is one of the main drivers of Help Desk calls and costs for many organizations. With this release, you can now run an out-of-the-box report to identify users who do not have a self-service password reset option set up. This allows you to proactively reach out to these users and ensure they can reset their forgotten passwords without submitting Help Desk requests.
In addition, you can now configure reports that show all MFA factors configured for specific users or user groups, as well as users who have not configured specific MFA factors. For example, you can create a report that lists all users who have not set up the OATH OTP authentication method. Using these reports, you can establish authentication compliance with your organization's MFA policies or with third-party guidelines such as those provided by NIST.
Refer to Create authentication profiles and Establish authentication compliance documents for more details.
Lifecycle Management
Standards-based Interfaces to Manage Privileged Objects in CyberArk Privilege On-Premises
You can now use CyberArk Identity's System for Cross-domain Identity Management (SCIM) server interface to manage privileged accounts and objects in CyberArk Privilege On-Premises. Previously, you could use CyberArk Identity SCIM interfaces to manage users and groups in CyberArk Cloud Directory and CyberArk Privilege Cloud. Now, you can use the SCIM endpoints to integrate with third-party SCIM-compliant Identity Governance and Administration (IGA) platforms to manage PAM objects hosted on-premises. For example, you can now use any SCIM-enabled IGA solution to create a Safe inside your CyberArk Privilege On-Premises Password Vault and authorize user access to the accounts stored in the Safe. The SCIM interface leverages CyberArk Password Vault Web Access (PVWA) to manage objects in CyberArk Privilege On-Premises and does not require a VPN connection.
For more information on the 21.7 release, please see CyberArk Identity release notes.