With the 22.11 release, CyberArk Identity supports the following new features:
Multi-factor Authentication
Access Orchestrator
CyberArk Adaptive Multi-Factor Authentication supports a wide range of authentication factors enabling stronger access controls and a frictionless user experience. With this release, it now includes Access Orchestrator — a visual authentication workflow builder that allows you to simplify decision-making for complex authentication processes. You can also use the Access Orchestrator to create dynamic authentication profiles to achieve desired compliance levels.
Previously, administrators created access policies and defined corresponding authentication profiles for each of the authentication scenarios. In these policies, administrators selected authentication mechanisms applicable to specific apps and resources. This rigid process was time-consuming, and end users could use any combination of authentication mechanisms allowed within corresponding authentication profiles to pass authentication challenges.
Now, you can use Access Orchestrator’s intuitive, no-code interface to rapidly build custom authentication workflows, define the conditions for invoking specific authentication profiles and require authentication using specific combinations of MFA factors in a particular order to meet compliance requirements. For example, you can require users logging into the CyberArk User Portal with a username and password as a first challenge to authenticate with a physical token for their second challenge. On the other hand, users who select a QR code as their first challenge can pass secondary authentication by approving an MFA push notification. This provides you with additional controls and flexibility, while ensuring that your authentication policies meet the desired Authenticator Assurance Level (AAL).
An example of building an Authentication Request Flow in Access Orchestrator
To learn more about Access Orchestrator, please see here.
MFA Fatigue Report
CyberArk Identity provides a comprehensive suite of built-in reports to improve visibility into access activity and reduce the risk of security breaches. With this release, you can now use the new MFA Fatigue Report to gain insight into the number of approvals and denials of CyberArk MFA push notification requests. This allows you to identify MFA fatigue patterns and targets of potential MFA prompt bombing attacks. For example, you can use this report to spot users that received a significant number of MFA push notifications during a short period of time, indicating a potential attack. With this knowledge, you can take proactive steps to investigate access activity and minimize the risk of breaches.
An example of the MFA Fatigue Report
To learn more about CyberArk Identity reporting, please see here.
Secure Web Sessions
Summary View of Active Security Layers
CyberArk Secure Web Sessions is a cloud-based service that enables organizations to monitor, record and audit end-user activity within web applications. In addition, Secure Web Sessions enables companies to enforce continuous authentication and session protection controls for high-risk web sessions. With this release, you can now view currently active security layers for a specific application or browser tab using the Secure Web Sessions browser extension. This provides transparency into active protections enabled for specific applications and improves the user experience. For example, users can easily see if the Step Recording and Continuous Authentication layers are active for their high-risk applications or that Session Protection layers are disabled for apps not protected by Secure Web Sessions.
To learn more about Secure Web Sessions protection layers, please see here.
Customer Identity and Access Management
Navigate to Custom Apps from User Portal
CyberArk Customer Identity allows external users to manage their personal profiles and enrolled devices in their User Portals. With this release, external users can navigate back to their web applications from the User Portal after updating their profiles. Previously, users making updates in the User Portal had to manually type the application URL in the browser to get back into their apps. Now, users can simply click a customizable button directly in their User Portal to be redirected to their web application.
Displays the “Back” button which redirects to the Acme web application
Insert your Back button link and Back button label to customize and add to your user portal
For more information on the 22.11 release, please see the CyberArk Identity release notes.