Identify 5.1.1 Update
What is new in Identify 5.1.1?
Support for more services
Version 5.1.1 increases the support of even more popular cloud services. Identify now support popular services like Office 365, Google Suite, Zendesk, Dropbox, AWS, Amazon Web Services and many more.
Extending NameID support
We have added a few updates for NameID and NameID transformation support:
- Support for the “None” option to NameID transformation rule.
- Get the Subject.NameID value in an external transformation.
- NameID transformation support for WSFederation connection.
- Create NameID for a token using Scripting transformation.
Revocation checks for OCES certificate using downloaded CRL files in conjunction with using our CRL downloader tool. The result is that you can run Identify with full OCES certificate revocation checks with neglectable impact to load capacity.
We have added three new features to the Identify Configurator:
- It is now possible to specify an Administrator’s username and password when creating a new tenant.
- You can now use the Identify Configurator to change the signing certificate for an Identify tenant even if the certificate has expired.
- It is now possible to reset passwords when you forget the password of a user account or the account has been locked out due to too many wrong login attempts.
SafeNet Blackshield support
Identify 5.1.1 has support for SafeNet Blackshield (https://safenet.gemalto.com/data-protection/cryptocard-blackshield/) which means you now can use SafeNet Blackshield as a second authentication factor for your users.
With Identify 5.1.1 it is now possible to automatically send emails out to newly created users. Querying users from Identify SCIM’s GET filter API is another feature that we have focused on. Due to the flexible nature of SCIM’s GET filter and the large amount of user data, the GET filter API didn’t perform very well in previous versions. In 5.1.1, we optimized it to make use of database indexes to speed it up significantly.
In previous versions, Identify was not able to process SLO requests when its login session had expired and would show an error message. While that was technically correct, the user experience was not good. In version 5.1.1, Identify will respond to the requester when it receives a logout request, which creates a better user-experience.
Support for relative uri entity ids
According to the SAML 2.0 specification, entity ids must be absolute URIs. However, in practice, many popular services such as Zendesk and Google Suite use relative URIs for their entity IDs, which were rejected by previous versions of Identify. Version 5.1.1 allows relative URI entity IDs in order to support a wider range of popular services.
New Admin UI
We have in version 5.1.1 updated the look and feel of Identify with a new Admin UI. The new UI will make it considerably easier to work with Identify, while keeping all the many functions you are used to work with.
New Domain-based Home Realm Discovery rule
This new HRD rule will provide Identify the ability to route users’ login request to a specific Identity Provider based on the input user identity (can be either email address or UPN follow the format name@domain).