Skip to main content

Changelog

New updates and improvements to idemeum

Windows Desktop Client 1.2.6

Bug fixes

  • Fix the bug where shared account was disabled when desktop app was not installed for MSP tenant
Application automation
idemeum offers a feature to automatically launch an application once the user signs into the workstation with an RFID badge. You can launch any application, including RDP shortcuts, browsers, native applications, etc.
idemeum documentationNik Pot

Elevated access to computers

Automatic admin account creation

In the previous model we needed you to create local admin accounts manually, and then when the desktop client was installed, you were required to specify a local admin account for each workstation.

Now we automatically create shared local admin accounts when technicians access customer workstations. What is more, we automatically disable them, and rotate passwords when technicians log out. This way we reduce the attack surface and only enable local admin accounts when necessary.

To make this new model possible, we have released the new desktop client, updated our cloud service, and released new iOS and Android mobile applications. Please make sure you update to the latest software to try new features.

Updated quick-start guide

Quick-start for MSPs - Passwordless Elevated Access for MSPs
In this guide we will set up Passwordless Elevated Access for MSPs. Technicians can access any customer workstation or elevate with admin account without passwords.
idemeum documentationNik Pot

Assign domain shared account for elevated access

While we automatically create, enable, and disable local admin accounts, we have heard from you that sometimes it might be beneficial to leverage existing domain accounts for elevated access (for domain-joined workstations).

For this purpose we allow to override the automatic local admin account creating with domain account of your choosing. For example, if I have domain-joined Windows workstation, and I want my technicians to login into this workstation with existing domain account, I can configure that.

Passwordless MFA

Ability to disable native Windows login

We now allow you to disable native Windows login with username / password so that idemeum login is enforced. For example, if you set up idemeum Passwordless MFA for local workstations, you can now disable the native login so that login with mobile device is enforced.

Windows Desktop Client 1.2.5

  • Support for automatic account creation for elevated access
  • Ability to automatically enable and disable local admin shared accounts
  • Ability to manually assign shared domain admin account for elevated access
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.2.4

Bug fixes

  • Fix to tackle reader responsiveness during unplug/plug of the device
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.2.3

Bug fixes

  • Keystroke reader auto submit on sign-in screen before process complete is fixed
  • Effective utilization of system resources wrt reader polling when display is off/when system in sleep
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.2.2

Bug fixes

  • Fixed username / password login screen related to auto logon feature
  • Fixed offline access issues for users and technicians

New features

  • Support for elevated technician access from lock screen
  • Support for certificate distribution to desktop client
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Cloud portals

Send credentials over email

We introduced the option to automatically send the username and password to new user over email. This is optional feature, and it is disabled by default. When the new user is created, and the password and username are specified, you can choose to send the credentials to user's email address.

Windows Desktop Client 1.2.1

New features

  • Local account takeover for MSP elevated access to workstations
  • Support for desktop username password login using our cloud directory (local and domain workstations)
  • Support for Passwordless MFA desktop login (local and domain workstations)
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.2.0

New features

  • RFID: Autofill domain credentials in RDP and native app clients
  • RFID: User Enrollment supported from local workstation by validating domain credentials connecting to remote domain
  • RFID: Local workstation - support to login to local shared account
  • Master encryption key is made mandatory during install / upgrade
  • Advanced settings added to enable/disable credential provider and autofill features
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Bug fixes

  • Handle auto recovery request after recovery prompt
  • Add SSM parameters for UI deployment to store hashes
  • Transition the auto recovery status for admin controlled recovery
  • Fixed the NPE in the google hrms adapter
  • Initiate Auto Recovery when user is already onboarded
  • Support Reserved custom attributes in HRMS
  • Evict user claims cache on update of Local user
  • Bulk update API for autofill settings

New features

  • Support google workspace for RFID badge onboarding. Now you can connect Google Workspace and onboard users by looking up a RFID badge ID in your Google directory.

Fixes

  • Optimize user desktop entitlement evaluation logic

Fixes

  • Bug: Entitled Apps API not setting shared
  • Publish entitlement request when user onboarded via badge
  • use webauthn4j-core 0.13.0.RELEASE
  • MSP customer tests to validate desktop entitlements
  • Upgrade bouncy castle lib to jdk 1.8

New features

  • Support to configure autolaunch app on startup. Now when you login into desktop with RFID badge, idemeum client can automatically launch desired application.
  • Add built-in groups for customer MSP tenants

Fixes

  • Entitlement evaluation service fixes for desktop
  • Part2 suppress CVE for tomcat-embed-core lib
  • Publish entitlement request message on desktop changes
  • Implement onUserChange onUserDelete and onDesktopChange for
  • Fixed tenant user item concurrent update issue
  • Represent customer as web app in user entitlements
  • upgrade jackson-databind to 2.15.3
  • fixed org.json vulnerability
  • upgrade tomcat to 9.0.82 to fix CVE-2023-42794
  • Bug: TenantNameId cache isn't getting cleared on Tenant deletion
  • Fixed NPE when signing in to expired tenant
  • MSP user status change in customer tenant should trigger entitlement evaluation
  • Add All Admin group during Desktop app creation wrt knob settings
  • Handle the case where the signin has expired
  • Validate the inputs for the user auto-enroll REST API and throw proper error
    IDEM-3322: Entitlements response to return shared account configured state

New features

  • Ability to assign a service account information to multiple workstations. We built a new bulk edit capability for assigning a service account to a set of workstations.
  • Ability to assign a local or domain service account to a workstation. Domain account is assigned as a logon name, and local service account is assigned as a logon name and password.

You can learn more about shared account configuration in our documentation portal.

New features

  • Return DC name if configured when request to enroll
  • Return master keys as part of customer by id api
  • Enhance userroleassigner api for customer
  • Added the audit event entries for admin managed password apps

Fixes

  • Fixed an issue where entitlements fetch reporting duplicate key
  • If cannot find the stack name, then do not throw an exception
  • Fix swagger docs
  • Fix Schema name typo for DesktopLoginAppSharedAccountMedia

Windows Desktop Client 1.1.9

New features

  • Enhancement for how offline mode functions for a workstation where a service account is assigned. When the workstation is offline, idemeum desktop client will prompt for credentials. Once user enters personal credentials idemeum desktop application will still log the user into workstation with a service account.
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

New features

  • Added a devops API to trigger entitlement calculation on demand
  • Tenant master key share with users API
  • Add MSP elevated access enabled state to settings response
  • Clear encrypted dek of master key for admin controlled recovery
  • Clear encrypted dek of master key during recovery complete
  • Remove server side encryption and have a domain model support
  • Rest api to get encrypted master keys
  • Added rest api to add tenant master key
  • Added the autofill attributes to the admin managed apps entitlements
  • Added the autofill attributes for admin managed apps
  • Add support for All admins built-in group

Fixes

  • Prevent the deletion of the built in group
  • Return local admin account credentials as part of Lookup
  • Update role assigner api to save encrypted DEK of master key
  • Remove radius references from app management yaml file

Fixes

  • Filter out Radius applications if feature is not enabled
  • Associate AppId to the session token and remove implicit old token
  • Added an API to search entitlements by the windows identifier id
  • Rest API for user source connector metadata crud
  • Exposed mspElevatedAccessEnabled flag in user info
  • Added an api to get the user's credentials
  • Provide an API to save rotated credentials for local admin accounts
  • Enhance desktop entitlement fetch API to return
  • Return DC name if configured as part of RFID lookup API
  • Enhance the existing Shared Account Configuration
  • Support to configure Domain controller name
  • Move hrm-rest api to rest module
  • Add another attribute to the managed pass app to save native windows app id
  • Enhance user token API to return user session
  • Group edit functionality is broken when custom attribute is no longer exists
  • Remove the check for feature flags as all of them are enabled
  • Clean up the previous entitlement api call for admin managed password apps
  • Fixed typo in schema name
  • Enhance existing API to search only entitlements for the app types
  • Rename built in all users group
  • Added a feature flag for desktop native autofill
  • Rename all users group
  • Fix TenantSettings save RFID properties
  • Remove the /promote API
  • Apply default flags for Desktop on Tenant creation
  • Enhanced customer resource to honor the mspElevatedAccess

Browser Extension - 2.9.4

Fixes

  • In case of admin managed app, if a browser tab is open for more than expiry of the token, token isn't refreshed
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

New features

  • Do not display the edit and delete actions in the group list for All Users group
  • Filter out the All Users group that is manually added to the groups listed to the security policy
  • If only one user (the admin) is onboarded allow the changing of the user source
  • Provide chips of non existing groups

Fixes

  • upgrade tslib from 2.5.0 to 2.5.3
  • upgrade ng-apexcharts from 1.7.4 to 1.7.6
  • upgrade ua-parser-js from 1.0.33 to 1.0.35
  • upgrade apexcharts from 3.37.3 to 3.41.0
  • upgrade tslib from 2.5.0 to 2.5.3
  • Username not visible for admin managed apps

Windows Desktop Client 1.1.8

New features

  • Daily password prompt for RFID extended to support validation of domain user credentials despite domain users being in logon deny policy

Fixes

  • Improvements to handle offline desktop status from lock screen
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.1.7

New features

  • Added link in the client UI to force manual update to the latest version
  • Enhanced token expiry check from managed password applications
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

New features

  • Desktop applications can now be shared with all admins on when they are promoted, or when the user recovers from a new device

Fixes

  • Remove the 2 boolean params for enabling/disabling the password app owner
  • Allow desktop to use /passwordmanager/users api
  • Admin managed password apps messes up desktop sharing
  • Do not save username if expression is used
  • Resolve the username for remote web apps
  • Remove the log messages for timing the requests

Windows Desktop Client 1.1.6

Fixes

  • Fix to support legacy rf IDEAS readers on Windows IoT by efficiently handling memory
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.1.5

New features

  • Support for launching managed password applications
  • Auto detection of domain password change (by user or domain admin) to update domain credentials in the vault
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

New features

  • Support to save domain credentials post enrollment

Fixes

  • Return username always in user entitlements api for admin managed app
  • Added the metric for the time it took for user search based on user onboarding attribute
  • Do not allow saving the admin password credentials when app uses domain credentials

Windows Desktop Client 1.1.4

New features

  • Introducing tap out mode to support Sign out or Lock. For Sign out users are signed out when the tap out. For Lock the computer is locked and the session is preserved when the user taps out. The mode can be configured in the cloud tenant.
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.1.3

New features

  • Support for native messaging for Chrome extension to support Admin managed password apps

Fixes

  • Fix to run silent installer with or without branding details
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.1.2

Fixes

  • Fix added to support compressed images
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.1.1

Fixes

  • New SDK function call to support both keystroke & non-keystroke RFID readers
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot

Windows Desktop Client 1.1.0

New features

  • Support to add custom tile (logon UI) image in RFID mode
  • Password based enrollment for users leveraging cloud directory. Tap the badge, enter domain password, and get automatically enrolled.
Download idemeum software
Desktop client iOS mobile application Android mobile application Safari browser extension Chrome browser extension
idemeum documentationNik Pot