With release 22.1, CyberArk Identity supports the following new features:
Store shared business application credentials in CyberArk self-hosted vault
CyberArk Identity allows administrators to deploy username and password applications when all users share the same login credentials. Previously, shared credentials for these business applications could only be stored in CyberArk Identity. With this release, administrators can now securely store these credentials in their existing CyberArk self-hosted vaults. For example, administrators can share access to a cloud storage service that uses a single set of credentials with multiple users by storing these credentials in the CyberArk on-prem vault. As an additional security measure, end users cannot view, change or share vault-stored credentials.
UI for sharing business application credentials
To learn more about Workforce Password Management and storing business app credentials in your vault, please see here.
Transfer ownership of shared application credentials stored in CyberArk self-hosted vaults
CyberArk Identity enables application owners (end users who have added a username and password application to their user portal) to securely manage shared access to their business apps. For example, a marketing team lead can share access to a social media application that uses a single set of credentials with their team members by storing the credentials in the on-prem vault. With this release, administrators can configure CyberArk Identity to transfer ownership of a specific shared application to another user if the original application owner is deprovisioned from CyberArk Identity. This ensures uninterrupted access to username and password apps even when the user that initially added and shared the application leaves the company.
UI for setting ownership transfers for shared apps
To learn more about setting up ownership transfers for shared applications, please see here.
Authentication profile scoring based on NIST AAL standards
The National Institute of Standards and Technology (NIST) provides guidelines for managing and securing digital identities in public networks. As part of the special publication (SP) 800-63, NIST defines Authentication Assurance Level (AAL) standards to help you gauge the relative strength of various authentication methods. With this release, CyberArk Identity automatically displays the range AALs of your multi-factor authentication profiles to help you choose the right authentication approaches for your business. For example, selecting Password as your only authentication method results in the lowest assurance level, AAL1. However, pairing Password with a Mobile Authenticator raises the assurance level range to AAL2. You can now quickly identify and strengthen the least secure policies based on your organization’s risk tolerance using this feature. In addition, you can review the Authentication Assurance Level of all successful logins based on the authentication methods used.
Authentication profile showing minimum and maximum AAL
Please refer to create authentication profiles for more details on using Authentication Assurance Levels for your MFA profiles.
Updated user interface in the User Portal
CyberArk Identity User Portal now features an updated design for application tiles. The new tiles are larger and include an updated notification area. Icons in the notification area alert users if the application is recently added, any user action is required, the application uses shared credentials or if CyberArk Identity Secure Web Sessions protect the application. In addition, CyberArk Identity users will now see updated CyberArk Identity logos in the navigational menus as well as in the browser tab.
New User Portal UI
The new app tiles with notification icons are available as a preview in this release and will be generally available in the CyberArk Identity 22.3 release. Please reach out to your account manager to request access to preview features.
CyberArk Identity Mobile App landing screen configuration
You can now configure the landing screen of the CyberArk Identity Mobile App for all iOS and Android users. For example, you can set web apps, passcodes, QR code authenticator or push notifications screens as a home screen. In addition, you have an option to always open the CyberArk Identity Mobile App on the push notifications screen when a valid push notification is available. This feature streamlines end-user experience and reduces the number of steps users need to access the most frequently used features.
Policy setting for specifying the landing screen for CyberArk Identity mobile apps
Restrict details captured for enrolled mobile devices
You can now restrict the collection of personally identifiable information (PII) shared by mobile devices enrolled into CyberArk Identity SSO by default. Specifically, you can prevent iOS and Android smartphones from sending model names, model numbers and battery levels to CyberArk Identity. This ensures that you comply with local regulations protecting PII and only collect information essential for the secure operation of CyberArk Identity services.
Policy for restricting the collection of mobile device information
To learn more about the policy setting to restrict sharing of mobile device details, please see here.
For more information on the 22.1 release, please see CyberArk Identity release notes.