privacyIDEA Credential Provider Version 3.7.0 is now available
The privacyIDEA Credential Provider enables you to reliably secure login to any Windows desktop. We are pleased to announce the release of privacyIDEA Credential Provider version 3.7.0.
New features have been added and existing functions have been improved.
New Features
The new features include passkey login for username-less FIDO authentication and the option to register passkeys directly during authentication using the enroll_via_multichallenge-policy. Passkeys can also be used offline, and there is an option to exclude certain user groups from authentication.
From now on, the standard query when logging in is in the order of username, multi-factor authentication, and finally password. This adjustment enables a sensible, passwordless login using a passkey, although the password is still required at present. However, the credential provider is already prepared for future solutions where password entry will no longer be necessary.
Alternatively, it is still possible to configure the process so that the username and password are requested first, followed by MFA. The option to enter the username, password, and OTP in a single step has been removed in favor of the passkey process.
Another change affects the configuration of texts: All texts that could previously be customized via registry entries are now managed centrally via the translation system. If you have used your own texts, you will find information on the changeover and an assignment of the old registry entries in our updated configuration documentation. Registry entries that are no longer needed are automatically deleted during installation.
In addition to the existing excluded_account feature, an excluded_group can now be specified.
Smartphone containers can be rolled out in the Credential Provider using the enroll_via_multichallenge policy.
Rolling out tokens and containers with the enroll_via_multichallenge policy can be made optional starting with privacyIDEA 3.12, so that the rollout can be postponed and no incompletely rolled out tokens remain in the system. The Credential Provider already supports this feature.
Enhancements and Fixes
FIDO authentication now works in RDP scenarios via Windows Hello.
HTTP requests now use the system language by default or can alternatively be configured with a custom language.
If the primary privacyIDEA instance is unavailable, a fallback URL can be used for the duration of the authentication.
The installer has been updated tosupport the new configuration options.
Finally, bugs that occurred when pre-filling the user name and supporting push authentication from privacyIDEA version 3.11 onwards have been fixed.
All changes can be found transparently in the Changelog on Github.
You would like to learn more about the Credential Provider?
Would you like to secure your Windows environment with privacyIDEA or learn more about our support level agreements?
If so, please fill out our contact form or contact us via sales@netknights.it.
