With release 21.9, CyberArk Identity supports the following new features:
Single Sign-On
Custom URL Domains
CyberArk Identity now supports creating custom domains and mapping them to your tenant's URL. This allows you to create a tailored sign-in experience for your users, make URL for CyberArk Identity easy to remember and align URL structure with your company's brand. For example, you can create the custom domain login.example.com and map it to your default tenant URL.
This feature was previously in preview and is now available to all CyberArk Identity customers.
Multi-Factor Authentication
Helpdesk caller identity verification
CyberArk Identity now supports a secure user verification option for helpdesk-assisted support requests. With this feature enabled, CyberArk Identity administrators on the helpdesk team can send an SMS with a one-time passcode to the user's enrolled mobile device. Once the code is validated using the new Identity Verification workflow in the CyberArk Identity Administrator portal, the helpdesk team can proceed with assisting the user. For example, you can require helpdesk managers to perform identity verification for all password rest requests placed over the phone. This ensures that users calling the helpdesk are securely verified using multi-factor authentication, and the risk of cybercriminals using social engineering techniques to gain unauthorized access is reduced. Additionally, users who do not have a mobile device enrolled with CyberArk Identity can continue to use self-service support options and validate their identity via other available MFA mechanisms.
User Identity Verification Workflow
To learn more about user verification workflow for helpdesk admins, please see here.
QR code authenticator SDK for Android
CyberArk Customer Identity allows you secure access to your apps and websites with a broad range of secondary authentication methods. With this release, you can now use a software development kit (SDK) to add QR code authenticator to your Android applications. This enables you to embed risk-based authentication workflows into your web applications and provide end users a fast, secure and convenient authentication experience. For example, you can use QR codes to allow users to access your web applications without entering usernames and passwords, set up QR codes as a secondary authentication mechanism or require end users to scan QR codes with their Android devices before allowing them to perform high-risk activities. In addition, the mobile application with the embedded QR code authenticator can be protected with username and password or on-device biometrics authentication mechanisms, such as facial recognition cameras or fingerprint readers, to validate the user scanning the QR code.
Sample app with QR code authenticator functionality
To learn how to integrate Identity Services in Android applications using the CyberArk Identity SDK, please see CyberArk Identity Android SDK in CyberArk’s Developers Guide.
Additional enhancements in the 21.9 release
- Auto-login to CyberArk Identity on Android devices: you can now set up a policy to control whether users who have successfully signed into their CyberArk Identity app can access the CyberArk Identity User Portal via Android browser without additional authentication. The default behavior is to require users to reauthenticate into CyberArk Identity User Portal
- Authentication Assurance Level rating for login attempts: you can now see the strength of the authentication factors used to login to CyberArk Identity. The factors are rated against NIST SP 800-63B guidelines and are classified from AAL1 (weakest) to AAL3 (strongest) rating.
For more information on the 21.9 release, please see CyberArk Identity release notes.