New updates and improvements to idemeum
Sep 29, 2022
Fixes and improvements
- Change counter for MFA applications in the dashboard to include all MFA app types (IDP, Wi-Fi, VPN, and Desktop)
- Fixed counter issues for admin dashboard
- Fixed documentation links for remote web app and remote server applications
- Fixed the issue of scroll bar not visible on applications tab
- Remote client and server certificate links from Radius applications
Sep 28, 2022
- Added PowerShell command to O365 application for easier federation set up
- Introduced ability to automatically send invitation emails to users who are added in the local user directory
- Introduced functionality to manually invite users when they are created in local user directory
Fixes and improvements
- Remove legacy links from login page to make it cleaner
- Correctly render Google Workspace provisioning errors in audit trail
- Alphabetically sort user sources in dropdown menu
- Fixed issue when editing password for remote web application was not immediately reflected in the user portal tile
- Automatically disable provisioning if the user source and provisioning connector are the same
- Resolved Google Workspace provisioning errors in production
- Allow only one application to be configured – O365 or Azure AD
- Automatically onboard first admin user in local directory to avoid required logout
Jun 10, 2022
Oftentimes employees do not have a phone nearby or do not want to use mobile device every single time they access applications. What is more most laptops today offer what is called platform biometric authenticators. For example an Apple MacBook will have a local fingerprint reader that can be used to authenticate employees.
That is why idemeum offers an option for employees to use these platform authenticators, which we call local biometric sensors to access applications and company resources without passwords from laptops, tablets, and desktop devices.
Application auto update
Auto detect mobile app upgrade and notify the user. Feature allows forced upgrade of the mobile application as well if the new version is available.
Fixes and improvements
- Admin UI security settings to configure onboarding, local biometrics, and session duration
- Automatically refresh the user portal on installation of browser extension
- Reduce page zoom to 80%, increase viewport size, fix column padding and minor UI fixes
- Fix critical and high CVEs found in the 3rd party libraries
- Show alert to save QR code to the photo gallery when permission is denied for apple iCloud
- Allow password applications to be added without user explicitly adding https scheme
- Disable native HTML autocomplete in search fields
- Improved product documentation and integration portals
Jun 1, 2022
Password Manager for any application
Previously we were supporting only certified applications with idemeum password manager. Right now we opened it up, so that users can add any password application they like. Simply create an app, provide URL, enter credentials and you are good to go. You can learn more here.
May 25, 2022
Admin controlled user recovery
We have now added support for another recovery method with admin approval. Today we support two options:
- User self-service recovery – this option does not require any admin actions. User can self-recover using recovery QR-code that they store offline or in Cloud storage.
- Admin controlled user recovery – this option is useful when users no longer have access to recovery QR-code. Users can request recovery from new device, and admins can approve the recovery request from admin portal.
Learn more in our documentation portal.
May 20, 2022
TOTP support for password applications
Our Passwordless Password Manager now support Time-based one-time password (TOTP) algorithm. If an application you are using supports TOTP, you can now add it as a second factor. For instance, you can login to GitHub by auto-filling credentials and also autofilling TOTP code as a second factor.
May 15, 2022
SOC2 Type 1 compliance
We have achieved a milestone of becoming SOC2 Type 1 compliant. We are committed to our highest level security practices, and we continually improve our security posture, including penetration testing, compliance, and mode. You can always refer to our security page and security white-paper.
May 10, 2022
Billing and tenant management
We have updated our pricing that you can check on our website. Right now you can navigate to idemeum pricing page, choose the license that you would like to try and immediately start playing with idemeum. We have enabled 2-week trial for all licenses, no credit card required. Once you make a decision you can easily sign up for license right from idemeum admin portal Billing section.
What is more, we introduced Admin notifications, that admins will be able to receive when billing / subscription events happen, such as trial expiring, account suspended, subscription cancelled and more. Notifications can be accessed from the admin portal page by clicking on the bell icon in the menu.
Mar 14, 2022
- Certify 85+ new password applications to a total of 175+ business password applications
- Support for SAML single sign-on from Android native apps that use webview
- User management feature extended to passwordless SSO and MFA solutions
- Added support for admin approval in the recovery flow when user changes or loses a device
Fixes and improvements
- Add show button to view sensitive data like passwords on the user interface. Default is masked data until show button is clicked
- Added support for URL redirect after logout for MFA solution
- Do not autofill on non-TLS password applications
Jan 24, 2022
Passwordless Password Manager
We are excited to share that we released first version of our Passwordless Password Manager. You can now have your employees easily store, autofill, and share passwords across organization using browser, extension, or mobile app. We have iOS and Android mobile apps that support password applications, as we all Chrome and Safari browser extensions to auto fill passwords on desktop.
- User management support added in admin portal for password manager
- Admin can manually promote / demote user role and trigger user off-boarding
- Add support for requesting new password application in web portal and mobile app
- Add biometrics check for credential provider extension in android and iOS
- Certify 80+ applications for password manager
- LIVE chat integration in the user portal and idemeum website
- Integrate with Okta as a source for verifying user identity and retrieving user attributes for single sign-on and automatic provisioning
- Integrate with Google workspace as a source for verifying user identity and retrieving user attributes for single sign-on and automatic provisioning
Fixes and improvements
- Implement CSRF defense in depth techniques like SameSite cookie, double submit cookies, custom request headers
- Added support for Shamir’s Secret Sharing (SSS) cryptographic algorithm for securely storing data in client local storage
- Android bundleId support in password manager credential provider extension
- Password autofill fix for Samsung S21+ device
- iOS app crash fix when searching for application to add
- Speed up safari extension for large number of password applications
- UI fixes in safari and chrome extensions
- Improve autofill algorithm to address single and multiple page flows
- Portal and mobile app enhanced to add Help Link in the password application catalog
- Welcome email sent to the tenant admin after onboarding
- Strong password criteria for adding new password application
- Improved domain matching algorithm to protect user accounts on service provider login
Jan 18, 2022
- Self-service licensing on the website. Trying the product now offers an option to choose what license of the product to try for 14 days. You can navigate to https://idemeum.com/try to try idemeum for free.
Fixes and improvements
- Implemented cross origin resource sharing restrictions
- Addressed security CVEs and updated to latest stack (Java, AL2, libraries etc.)
- Sandbox login flow to prevent session highjacking
- Implemented static code analysis for additional security
- Fixed logout error when session is timeout
- Various admin portal UI fixes
Dec 7, 2021
- Certificate fingerprints in metadata – introduced the option for admin to download SHA1 or SHA256 certificate fingerprint from idemeum metadata section. Some apps require fingerprint values instead of actual certificate.
- Support for jailbroken Android devices – idemeum offers the flexibility to allow employee onboarding with jailbroken Android devices. idemeum MFA is build with security first principles, and we employ various checks before even allowing idemeum mobile app to install on an Android device. Now we offer a flexibility for admins to choose whether to allow jailbroken devices or not.
- Microsoft 365 (Office 365) – idemeum now supports passwordless SSO for Office 365. idemeum can automatically provision users, assign licenses, and delete user accounts when employees are off-boarded. We also give admin flexibility to choose how to remove user accounts (disable, revoke license, or delete user account completely).
- YouTrack Jetbrains – idemeum now supports passwordless SSO integration with YouTrack.
- Metabase – idemeum now supports passwordless SSO with Metabase.
- Google Directory – idemeum now supports ability to onboard users using Google Workspace directory as a user store.
- Okta passwordless SSO – idemeum now integrates with Okta to enable passwordless onboarding and login experience. Customers who have Okta deployed can simply enable idemeum passwordless MFA on top of existing infrastructure.
Fixes and improvements
- Fixed the issue with dropdown misaligned in entitlement section
- Introduced ability to remove entitlement rules when all groups are removed from that rule
- We added support for custom variables in provisioning section to simplify provisioning configuration for admins
- Added documentation link for every app pointing to the detailed step by step integration guide
- Introduced automated domain discovery for Zendesk integration
- Fixed custom SAML app icon and simplified configuration section
- Fixed first user provisioning error for all custom provisioning connectors
- Enhance SAML metadata parsing to enable EntitiesDescriptor parsing
- Enhanced oAuth module to support client credentials in authorization header
- Fixed refresh token issue with Box provisioning connector
- Fixed issue of entitlement UI not showing display values
Nov 23, 2021
- Group provisioning – idemeum can now provision groups into target applications and assign users into appropriate groups. Admins can define groups in admin portal and use those groups in entitlements to define what groups need to be pushed into target application. We support group provisioning for applications that support SCIM 2.0 protocol.
- Dynamic configuration attributes – introduced a new concept of automatically pulling configuration information from application when admin authorizes API access. For instance, once API access is authorized, idemeum can pull information about what account to use for provisioning to offer that configuration option to admin on the fly. This simplifies the admin application configuration experience.
- HRMS connection test – introduced ability to test HRMS connection when it is first enabled. If connection can not be established, admin will be informed with appropriate error message.
- Direct user entitlement – we now support entitlement of applications directly to users. Admins can now have a flexibility of assigning an application to a group or a user directly.
- Docusign – idemeum now offers passwordless SSO and automated provisioning for Docusign.
- Gitlab – we now support passwordless SSO and automated provisioning with Gitlab.
- Workplace from Meta – idemeum now supports passwordless SSO and automated provisioning with Workplace from Meta.
- AWS SSO – idemeum now supports group provisioning into AWS.
- Atlassian – idemeum now supports group provisioning into Atlassian.
Fixes and improvements
- Fixed the issue of entitlements being restored for deleted users
- Fixed the issue of deleted app not being handled correctly
- Updated recovery error messages to be more descriptive and user friendly
- Updated error messages related to app deletion to make them more descriptive
- Added search capability to user entitlement table (for admin portal as well as idemeum browser extension)
- Fixed the circular issue of login approval on mobile device when QR code is expired
- Introduced SCIM 2.0 configuration options to support lookup by external ID or username, update user via PATCH or PUT call, and delete user via DELETE or PATCH call
- Fixed the issue of failed user update with Slack SCIM 1.1
- Fixed the issue of not automatically creating corporate email address when it is missing in PeopleForce HRMS
- Introduced entitlement rules validation in admin portal: non-empty name, at least one resource id, etc.
- Introduced the capability to deprovision the user from application when entitlement is removed
- Fixed the issue of local storage clean up after user logout
- Added search capability to My applications section in the admin portal
Nov 9, 2021
- Recovery for mobile identity– if mobile device is lost or stolen, we allow employees to preform self-service recovery process that does not involve any admin support. When idemeum mobile app is installed, users are asked to store secure recovery code. There are two options:
- Store recovery code to cloud storage (iCloud or Google Drive). When device needs to be recovered, all users needs to do is to allow idemeum mobile app to access recovery code.
- Store secure recovery QR code in photos so that it can be printed. When device needs to be recovered users scan the recovery QR code with idemeum mobile app.
- PeopleForce – idemeum now integrates with People Force HRMS for user onboarding and entitlements.
- Humaans – idemeum now integrates with Humaans HRMS for user onboarding and entitlements.
- Zendesk – idemeum now offers Passwordless SSO and automated provisioning for Zendesk.
- Datadog – idemeum now offers Passwordless SSO and automated provisioning for Datadog.
- PagerDuty – idemeum now offers Passwordless SSO and automated provisioning for PagerDuty.
Fixes and improvements
- For additional security we allow users to onboard into a tenant with the same claims only once
- When HRMS is configured we automatically onboard and verify admin information against HRMS data
- Enhanced SAML configuration to support expression syntax across all field, including custom mappings
- Centralized error messages configuration to make error messages more friendly and easier to update
- Fixed issues with provisioning after the entitlement rule is deleted
- Introduced warning prompt for sensitive actions such as deleting an app or entitlement rule
Oct 26, 2021
- Simplified SAML and provisioning configuration – we significantly simplified how admins configure SAML and provisioning integrations. We hid all advanced fields and made sure admins only need to input the minimal set of parameters. For some apps we truly preconfigured them where nothing needs to be manually entered.
- Simplified HRMS integration – we simplified and enhanced the UI for how to connect idemeum to your HRMS systems. All systems come preconfigured, and all that is needed is to enter an API key or Authorize idemeum to access HRMS APIs.
- SCIM 1.1 support – we added support for SCIM 1.1 protocol as some apps are still not supporting version 2.0.
- Cloud staging environment – we creating staging environment so that we can seamlessly test new features, launch beta programs, and ensure stability and reliability of our production environment.
Fixes and improvements
- Fixed HRMS connectors returning group attributes with external names
- Enforced only fully onboarded users to have entitlements evaluated
- Ensured entitlement rules get disabled when HRMS in not configured
- Fixed the issue when switching to admin portal was visible to non admin users
- Fixed issue of oAuth provisioning pop up not working on Safari and Firefox
- Fixed Google Workspace provisioning for initial admin user
- Fixed logos missing for staging environment
- Fixed the issue of misaligned idemeum icon in the admin portal
- Added additional log messages for HRMS troubleshooting
- Made entitlement errors for users more friendly
- Added the ability to onboard admin in the background when HRMS is first configured
- Implemented Amazon SQS for asynchronous entitlement evaluation
- Implemented Amazon SQS for asynchronous provisioning
Oct 25, 2021
New idemeum integrations portal
We are excited to share that we updated our integrations catalog.
Now it can be accessed via separate URL – https://integrations.idemeum.com
We have improved styling, navigation, search, and discoverability of idemeum integrations. With top bar counters you can easily see how many and what types of integrations we are supporting today. We are constantly adding new integration across various categories.
Oct 11, 2021
Rule based entitlements
With Rule Based Entitlements you can assign application to certain groups of users and have granular control for who has access to what. idemeum integrates closely with HR system of your choice and will pull information such as role, department, or country. You can use this information to assign applications to employees.
The rules are organized based on if/then statements for ease of creation and maintenance. For instance, you can create a rule that entitles every Operations Manager to certain set of applications.
idemeum stays in sync with HRMS system, and if the information in your HR system changes (new departments, updated employee records, etc.) idemeum will automatically readjust and recalculate entitlement rules, and conduct all necessary provisioning / deprovisioning.
Oct 4, 2021
Launch integration catalog – 30 first integrations
We are launching our first iteration of integrations catalog. To start with, we certified 30 integrations across various categories, including passwordless SSO, HRMS, and automated account provisioning. In addition to a summary table with all integrations that we support, we will be providing detailed step by step instructions on how to configure certain integration.
You can access out integration catalog here.
Aug 5, 2021
End to end Passwordless Single Sign-On
At idemeum we envisioned SSO to be simple. To configure SSO you will need to do 3 simple steps: connect idemeum to HR system, set up SAML apps, and enable account provisioning.
Therefore, as part of this release we are launching:
- HR system integration – connect your HR system to idemeum in order to automate provisioning and account management. You will be able to automatically create SaaS accounts when employees join and remove accounts when they leave.
- Single Sign-On SAML support – integrate idemeum with SaaS applications that support SAML for one-click centralized access..
- Application provisioning – connect idemeum with SaaS applications that support SCIM in order to automatically create, update, and delete employee accounts.
And of course our SIngle Sign-On access works closely with Passwordless MFA. All application access is performed with biometrics instead of any passwords.
Jun 1, 2021
Meet idemeum Passwordless MFA
We are excited to share that we released our Passwordless MFA product. idemeum Passwordless MFA allows you to truly eliminate passwords across your organization. Instead of having to login with credentials and type in cumbersome one time codes, idemeum allows your employees to access any application with biometrics instead.
- Unlike any existing solution, idemeum MFA is easy to set up – it literally takes 2 mins, and can be done without any IT admin involvement.
- All logins are very secure and are protected by asymmetric cryptography and protocols such as FIDO2.
- When your employees login into applications they will simply scan the QR code or approve a push notification. No passwords. No codes to generate or type.
if you want to learn more, please take a look at the demo here.