With release 21.8, CyberArk Identity supports the following new features:
Single Sign-On
CyberArk Identity Password Generator enhancement
CyberArk Identity SSO enables companies to securely store and manage password-based credentials in CyberArk Cloud or optionally self-hosted CyberArk Vault. The included CyberArk Identity Browser Extension automatically recognizes when new password credentials are entered, and securely stores and replays them when apps are accessed again. It also includes the Password Generator feature to help end-users create secure and unique passwords. With this release, you can access the Password Generator feature directly from any text input field using a browser context menu. For example, you can right-click on a password field in a website registration form and generate a strong password. This enables users to easily generate complex passwords and further removes the incentive for users to reuse weak (but easily remembered) credentials.
Password generator accessible directly in the browser tab
Please see Generate strong passwords with the CyberArk Identity Password Generator for more details.
A setting to reveal shared credentials to end-users
CyberArk Identity supports applications that require all users to log in with the same username and password. By default, these shared credentials are hidden from end-users. To access the application, users simply click on the application tile in their CyberArk Identity User Portal, and the system automatically performs the necessary authentication steps. However, in certain situations, end-users need to know the actual password. For example, end-users might need to provide an existing password to update passwords or to access applications directly. With this release, administrators can enable the option to display the shared credentials to assigned end-users. This setting is only available for shared credentials stored in the CyberArk Identity Cloud and does not apply to applications that store passwords in the CyberArk self-hosted vault.
Setting for displaying shared credentials to users with a “view” permission
Credentials accessible to users with a “view” permission
Please see the CyberArk Identity documentation to learn more about this option.
Multi-Factor Authentication
The ability to enable or disable Secure Zones
CyberArk Identity allows you to define Secure Zones — specific IP ranges within your internal and external networks. Secure Zones are used to define authentication requirements and enforce access policies. With this release, you can now easily enable or disable Secure Zones. This provides additional flexibility in enforcing access rules and simplifies temporary access to CyberArk Identity from specific IP addresses. For example, you can define a Secure Zone outside your corporate IP range to allow employees to access applications secured by CyberArk Identity at an offsite event. You can then enable this Secure Zone on a temporary basis without making changes to your corporate IP ranges. In addition, as part of this release, you can see the status of specific Secure Zones at a glance. To learn more about Secure Zones, see here.
At-a-glance status for Secure Zones
For more information on the 21.8 release, please see CyberArk Identity release notes.