With release 21.3, CyberArk Identity supports the following new features:
Single Sign-On
Enhanced Delegated Administration with CyberArk Identity Organizations
CyberArk enabled support for delegated administration (a mechanism for providing management privileges to users in non-administrative roles) in CyberArk Identity 21.1 release. In this release, we are introducing the concept of Organizations – a collection of user identities representing a subset of the global user population. Organizations enable you to group users by specific attributes and manage access to enterprise resources in a structured, hierarchical way. For example, if your company operates in multiple regions, you can create separate Organizations that correspond to each of the regions. You can then delegate administration responsibilities over these Organizations to specific non-admin users. Users with delegated admin rights can only manage users, roles and apps in the assigned Organization. This type of delegated administration allows you to spread administrative duties and segregate administrative capabilities so that no administrator has too much control.
The Organizations feature is currently in PREVIEW and is not enabled by default. Customers can test this feature on their tenants by reaching out to CyberArk Support.
Multi-Factor Authentication
Integration with Duo for Multi-Factor Authentication
You can now configure Duo as a Multi-Factor Authentication (MFA) option in CyberArk Identity. When enabled as a factor, CyberArk Identity delegates secondary verification of credentials to your Duo account. Users authenticating with CyberArk Identity will see Duo Push in the dropdown of secondary authentication factors and can verify their identities using push notification-based approvals on their smartphones or smartwatches. For example, a user accessing a web application secured by CyberArk Identity can provide a username and password as a primary authentication factor and select Duo Push for the secondary authentication challenge. When selected, the user will receive a push notification on their smartphone and can approve the access request in the Duo app.
The integration with Duo MFA is currently in PREVIEW and is not enabled by default. Please review the setup documentation and contact CyberArk Support to have the Duo MFA option enabled for your account.
Passwordless authentication on Windows Workstations and Servers for AD users
Active Directory users can now log in to workstations and servers secured by CyberArk Identity Windows Cloud Agent (IWCA) using passwordless authentication mechanisms. Previously, passwordless authentication was only available to CyberArk Idaptive Cloud Directory users. Now, Active Directory users can access IWCA-protected windows workstations and servers using any of the supported authentication factors, including passwordless factors such as push notifications, emails, and SMS messages. For example, a user can access a Windows server without entering a password by selected Mobile Authenticator at the login screen and approving the login request using the CyberArk Identity app. AD users will still be required to provide passwords for the initial login or if their AD password was changed. All subsequent access attempts can be completed using passwordless factors. Refer to CyberArk Documentation to learn more about passwordless authentication on Windows endpoints.
General
We are making several changes to our solution names to reflect our evolving vision and capabilities for securing identities in modern IT environments. Starting with this release, CyberArk Identity will become the new brand name for CyberArk Idaptive products. Branding changes included in the 21.3 release include Admin Portal, User Portal, User Behavior Analytics Portal, Connector, and Internet Browser Extension. To learn more about these changes, please see CyberArk Identity release notes.
For more information on the 21.3 release, please see CyberArk Identity release notes.