CyberArk Identity 22.5 Release

June 2, 2022 Laura Balboni

CyberArk Identity 22.5 Release

With release 22.5, CyberArk Workforce Identity supports the following new features.

Multi-Factor Authentication – Granular Controls for RADIUS Server Authentication

Administrators can now select specific RADIUS servers used for multi-factor authentication. Previously, all available servers were shown to end users who selected the RADIUS authentication method. Now, administrators can configure the RADIUS server options users may select within authentication profiles. For example, global organizations can now ensure that only local RADIUS servers are used for authentication at each of their locations to reduce latency and session delays. This provides admins with granular, policy-based control over the RADIUS authentication method and improves the user experience.

Workforce Password Management – Non-AD User Credential Storage in CyberArk Self-Hosted Vault

CyberArk Workforce Password Management is an enterprise-focused password manager that provides a user-friendly solution for storing and sharing business application credentials and secure notes in a centralized vault. With this release, all enterprise users can securely store credentials and data in the CyberArk PAM Self-Hosted Vault. Previously, only Active Directory (AD) users could store credentials in the Self-Hosted Vault, while non-AD users could store credentials in the CyberArk Identity Cloud. Now all users, regardless of where their identity is stored, can leverage the Self-Hosted Vault. This provides organizations with CyberArk PAM solutions additional flexibility for deploying Workforce Password Management and ensures that all business credentials can be protected and securely shared. Refer to Store Secured Items and Business Application credentials in the PAM Self-Hosted Vault  for more information.

Lifecycle Management – Enhancements to Outbound Provisioning

The outbound provisioning process is an integral part of the CyberArk Identity Lifecycle Management solution, enabling companies to provision access from CyberArk Identity to external applications. With this release, you can now use two additional outbound provisioning capabilities:

  • Obtain a list of all Active Directory (AD) groups for a specific user. Using this new capability, you can now use scripting to discover all AD groups to which a particular user belongs.
  • Deprovision users based on specific group membership. Using this capability, you can remove users from one or more apps based on their AD group membership.

The combination of these new capabilities provides companies with additional flexibility to control application access. For example, you can now provision users to groups or roles in an application only if the user is part of a specific AD group. You can also deprovision access when the user ceases to be a specific group member. Please refer to Script Capabilities in Provisioning for more information.

Mobile Authenticator – UI Enhancements to the Passcodes Menu

The passcode menu of the CyberArk Identity Mobile App contains time-based one-time passwords (TOTP) used for secondary authentication. With this release, the mobile authenticator TOTP has moved from the App Menu section to the Passcodes section, where all TOTPs can be viewed in a single location.  In addition, each code now displays the logo of the app they are associated with for easy identification.

CyberArk Identity Mobile Authenticator – UI Enhancements to Passcodes Menu

 

Secure Web Sessions – Bookmark Sessions and Events

With the 2022.4.17 release of Secure Web Sessions, customers can now flag both sessions and events. These flags can identify suspicious sessions or events that need additional review. They can also act as bookmarks, allowing customers to filter their views and see all flagged items in one place.

Secure Web Sessions – Bookmark Sessions and Events

 

Secure Web Sessions – Continuous Authentication

CyberArk Identity Secure Web Sessions now supports the continuous user authentication security layer to ensure that no session is left unattended and that the user who started the session is the one using it. With the Continuous Authentication security layer, you can now set an idle timeout for specific high-risk applications and require users to reauthenticate using CyberArk Identity Adaptive Multi-factor Authentication (MFA). For example, you can configure the idle timeout for your financial apps to five minutes, after which the app session locks up. Users who walk away from the active session for more than five minutes will need to reauthenticate to continue using the app. CyberArk Identity MFA supports a wide range of authentication mechanisms, including passwordless factors such as QR codes and biometrics, making reauthentication seamless.

Secure Web Sessions – Continuous Authentication

 

Secure Web Sessions – Vendor Access Now Protected

This release offers an integration between CyberArk Vendor Privileged Access Manager and Secure Web Sessions, extending protection to vendor user sessions. When vendor users log in via the Vendor Access Portal, they will now have access to CyberArk Identity applications, according to their role. Remote Access provides vendors with just-in-time (JIT), biometric authentication-protected, VPN-less access to company resources. Vendors can be invited through Remote Access to CyberArk Identity web applications, including both Remote Access, Identity Single Sign-On and Secure Web Sessions capabilities: JIT provisioning, strong authentication, single sign-on, recording, continuous authentication and session protection. During the invitation, vendors will be assigned identity roles to control the apps allowed for access, and will be deprovisioned on Remote Access timeframe expiration. See Vendors’ Access to Identity Web Apps  for more information.  

Secure Web Sessions – HIPAA Compliance

Secure Web Sessions is now compliant with the United States Health Insurance Portability and Accountability Act (HIPAA), and can be leveraged to protect web sessions for healthcare applications. Since Secure Web Sessions records and stores data about web sessions that could contain patient information, it’s important that data handling complies with all necessary regulations. To learn more, please visit Health Insurance Portability and Accountability Act (HIPAA) – CyberArk.

With release 22.5, CyberArk Customer Identity supports the following new features.

Customization of Text in Authentication Widgets

Customers can now edit and customize the text in the authentication widget. Previously, editing was limited to only three fields. Now, admins can edit the script directly to modify all text instructions and labels included in the widget. With the option to customize these labels and the style of text, customers are able to create a better end-user experience to fit their organizational needs, and to tailor the wording to their brand and style. To learn more, please see Customize the Login Form.

CyberArk Identity Customization of Text in Authentication Widgets

 

For more information on the 22.5 release, please see CyberArk Identity Release Notes.

 

Previous Article
Why It's Critical to Secure Application Secrets Across Your Enterprise
Why It's Critical to Secure Application Secrets Across Your Enterprise

Kurt Sand, general manager of DevSecOps, shares his perspective on why it’s critical to secure application ...

Next Article
Step Away From the QR Code and Read These 7 Safety Tips
Step Away From the QR Code and Read These 7 Safety Tips

This post is authored by Len Noe, a technical evangelist and white hat hacker at CyberArk. You can listen t...