Version 3.6.0.19403 and older

Information

This section contains all the updates before Major Release version 4.0.0.20464.

Version 3.6.0.19403

Features

• Added Authentication for RSA
• Added Authentication for Radius
• Added Authentication for Safenet
• Added Korean as new Language
• Added support for further types of SmartCards
• Added more control to the SAP admin page to control SNC/JAVA UME types etc.
• Added minor translations that were missing in HelpDesk and Duo Authentication

Fixes

• Password Expiry would keep sending Password Expiration messages to disabled users in AD. This has been fixed
• A few buttons in French and Turkish had characters that would block button operation in some browsers. These where fixed
• Sending Notification using SMS has been fixed

Other Changes

• Interceptor now holds an option to allow only certain users/deny users
• Change the length of the FPC-Manager key to hold very long OU names

Version 3.6.0.19142

Features

• Added support for additional Smart Card PKI setup types
• Added hourly statistics depending on Reginal settings (May require rebuild of statistics to get corrected old stats based on UTC time)
• Language dropdown now automatically hides when only one language is enabled
• Added number of users Identified/Enrolled in cleartext in ADAM and Registry to support better monitoring
• Added new menu feature “Pull Single-item menus into a mixed menu page” that will enable the front-end to display the lower level button, skipping the display of a single button in the next level
• Added support for SmartCard authentication when enrolling
• The Authentication Profile lists the basic menu display settings. Added details Display: True/False and Category
• Changed Persistent IP checking to false by default, and added the setting to Administration Client for FastPassClient and HelpDeskClient
• Some Password Complexity features was not working correctly under special conditions.
• Dummy.html file has been added to fix problems when reverse proxies report it missing and redirects to other pages that may result in user warnings and errors

Fixes

• Fixed Issue with UPN resulting in reset failure due to configuration settings.
• Fixed KMD connector page design
• MyPass/MyPass/FastPass services generated tracelogs, named XXX-System.logs over time, this issue was fixed.

Other Changes

• Expanded character limit from 4000 to 65500 in notifications
• Expanded Menu Arguments used under authentication profiles from 100 to 250 characters
• Some reporting pages queried past 1000 rows per default – limited to 1000 rows.
• Aborted Sync Transaction would not show in the sync reporting page by default, corrected.
• Many minor adjustments to design.
• Password Expiration Emails was being sent to disabled users.
• When a user was locked in AD for a GPO specified time, MyPass/MyPass/FastPass would still report the user as AD locked even after the locking time was surpassed
• When resetting password, if a user would hit enter after typing the first password field, MyPass/MyPass/FastPass would correctly jump to the next field, however the top field password would change.
• Discover process might end up in a long loop if a timeout occurs during the initial phase of discovery. Timeout has been raised and the loop protected
• Statistics did not generate correctly for 0-1 UTC time
• Users not allowed to use any reset profile would get an empty page in some setups
• Services are now set to Automatic(Delayed start)
• Design adjustments when using EEC to Enroll, under some OS'es a scrollbar was missing.

Version 3.6.0.18514

Features

• Smart Card Authentication. PKI Smart Card based on the PC/SC standards https://www.pcscworkgroup.com. The feature enables users, typically using the Smart Card for logging into Windows to reset password using their Smart Card
• New and rebuilt HTML and design, offering responsive HTML and easy to brand and maintain.
• New SAP connector and SNC support
• New OpenLDAP/eDir support.
• The HelpDesk masking option is now extended to verification also, and present under Feature Settings->HelpDesk Client in the Administration client. Masking with verification ensures that the HelpDesk user will not get to know the users answers to questions.
• SQL engine can now be changed with regards to timeout/NoLock to enable adjustments in large environments.
• AD discovery process optimized, approx. 2-8 times faster discovery of users (Please note that this behaviour will only be default on new installations)
• Sign and Encrypt Emails with new SMTP connector
• Added Editable texts for SMSPin and Email Pins, The texts now editable under the Client Text settings in the Admin Client. Please note that the texts are locale specific
• Added support for sending notifications and invitations to all contacts, SMS and email.
• Added enhanced throttling/limitation controls for handling requests from/to all clients - especially with focus on requests from the EEC client (Large environments)
• Added new variables in the Notification and Enrollment services.
• Added support for using UPN as username instead of SAMaccount name
• Send Notification to Manager in AD for Notifications has been added
• Changed the way the EEC client examines if the user is enrolled or not. Now the user only needs to fulfill one profile to be enrolled to enable dynamic use og profiles
• Added the following languages: Czech, Estonian, Greek, Hebrew, Hungarian, Indonesian, Latvian, Lithuanian, Russian, Thai and Turkish
• Language settings has been added to the administration part to limit the number of languages available on other pages lige text editing.
• The FastPassClient can now lock the remote IP from either header or variable configured using a number of parameters in order to log the proper IP address of an end-user
• By default MyPass/MyPass/FastPass will now demand that a user IP address from within a session is not changed.(defaut behavior was change in the next later version)
• When using hashing for Challenge/Response answers or when hashing passwords for password history checks MyPass/MyPass/FastPass now users PBKDF2 instead of MD5. The system will still support users who already enrolled using MD5, next time a user Enrolled/next password to be hashed will be using the new algorithm.
• Upgraded to newer jquery version
• IP address must now be persistent through the users track per default.
• New Hardening package
• Notes for the release notes, due to the way AD behaves, if the Domain Users group is inherited in a group that is member added to MyPass/MyPass/FastPass, the user will not get discovered in MyPass/MyPass/FastPass by default. This is due to the fact that the Domain User group by default will be the user Primary user group. When a query is made for users who are members of a group AD does not return users return users that are in the primary group.

Fixes

• SMS Gateway issue with Basic Authentication fixed
• Many minor bugfixes throughout the product.

Other Changes

• TOTP Authentication. Based on RFC6238 these Time changing pin codes cn now be used for authentication. Ideal for end-users with Smart phones, simply scanning the QR-codes while enrolling in eg. Google or Microsoft’s Authenticator apps, will allow end users to reset password.
• DUO Authentication. Customers using DUO security for MFA, may now take advantage of using DOU for authentication in MyPass/MyPass/FastPass.
• Bitlocker. Using MyPass/MyPass/FastPass end-users can unlock their Bitlocker device, providing access to resetting their Pin/Access code.
• Users can now be prompted to enter their username before selecting the user’s available authentication type or even operation. MyPass/MyPass/FastPass will present the users possible operations to them
• Menu is customizable and adapts to users rights/enrollments and network presence.
• Many settings has been moved to the database from XML config files and registry simplifying operation and configuration significantly.
• All server parts in 3.6 now requires at least .Net version 4.5.2
• FastPassClient Frontend EEC(OpenService) - now has multiple throttle options to ensure not to ask users to Enroll when there is no "room" for the user
• Statistics per operation now includes graphs for better oversight.
• Multiple destinations (SMS Email), Ability to send multiple SMS’es or emails to a user.
• SMTP connector now allows connections via TLS/SSL
• Fetch Log files from remote gateway (Requires 3.6 version on remote gateway)
• Password Policy indicator for end users now reflects ADs Complexity Password Policy in detail
• Password Policy indicator for end users now has a dictionary of weak passwords
• Default texts will not need to be loaded into the database any more
• IOS/Mobile - mobile site deprecated users are redirected to the website
• Verifying SMS and Mail gateway in MSP mode defaulted to using the wrong gateway server
• Changed the design of the HelpDesk Client
• Changed the design of the Administration Client
• Remote Gateway files can now be retrieved, demands 3.6 gateway and server version
• Database Connections towards AD LDS are now being reused for services.
• Optional Popup windows can be opened in the HelpDesk Client enforcing the HelpDesk User to acknowledge the chosen action.
• HelpDesk Client is now available in all languages
• When users Enroll using Semi-private private challenge/response questions the question chosen in the first dropdown is automatically removed from other list with questions to help the user.
• Better performance by Improved caching of internal structures.
• Helpdesk random generator of passwords now has its own registry setting
• All server parts in 3.6 now requires at least .Net version 4.5.2
• (Multi organization) Save operations will now not save all remote gateways
• Scheduling of Password Expiration emails did not handle hour of day correctly
• In combination with specific Windows settings Statistics service would not generate statistics and would end up failing
• Notification service would not send notification on some events
• For some languages User Registration would fail because of special characters
• Group checking/loading in HelpDeskClient for Service Providers would sometimes prevent HelpDeskUsers accessing the client.
• Cookies are now per client and the Sessionid will change per request
• Cookies now separate for FastPassClient/HelpDesk etc. and SSL only
• AntiXSS libraries has been enforced in both front-end and backends for more general protection against XSS

Version 3.5.1.7

Features

• Added Editable texts for SMSPin and Email Pins, The texts now editable under the Client Text settings in the Admin Client. Please note that the texts are locale specific
• Added support for sending notifications and invitations to all contacts, SMS and email. Session Cookie path is now specific to the Client in question
• Added minor security features Gateway will now only save to the choosen
• Added enhanced throtteling/limitation controls for handling requests from/to all clients - specially with focus on requests from the EEC client
• Added varialbes in the Notification and Enrollment services.

Other Changes

• Gateway in MSP installation - not all. This make saving much faster when handling many gateways

Version 3.5.1.5

Features

• Added the ability to use User Principal name in AD as the login name. This feature is now supported throughout the product, Self-Service, Synchronization, Selective Password Reset and Windows Client
• Send multiple email/SMS'es if the user has multiple addresses/mobile numbers
• Added Script to remove old Notifications from AD LDS/ADAM to save Space
• Password Complexity will now be enabled by default Old "Entry" customers may now use the new design.
• The old design and old "Entry" feature accessing the HelpDesk Tool through the main web-page has been deprecated
• Removed TAG line in Authentication setting to avoid users accidentally adding data in it. Reg key will open the field – users patching up will get the field shown. New installations will need to enable it (Instruction in the FAQ)

Fixes

• Fixed minor spelling issues
• Fixed bug in the SSH connector

Other Changes

• .Net 3,5 is no longer needed to install MyPass/MyPass/FastPass Password Manager server – it will run on .Net 4
• Enrolled user count was not counting users being Enrolled automatically by Email/Mobile number
• Enrolled user count was not accurate. Every 24 hours it was corrected
• Changed the way daily License count was handled, when having many users this took down performance
• Changed the way user get their user account locked and unlocked in MyPass/MyPass/FastPass. Event naming changed as well.
• Removed .Net 3.5 requirement for the Server installation components. Only 4.0 or higher is now needed
• Sync Engine could under very rare conditions end up in a halt due.
• Deprovisioning did not properly delete users if multiple Usercontexts were targeting the same AD
• Users Enrolling with only "User Information"(Mobile and/or email) would get locked in MyPass/MyPass/FastPass when the HelpDesk Client looked at their account
• Updated Examples in the API connector

Version 3.5.1.3

Features

• Added Japanese and Chinese (Mandarin) languages
• Enrollment Service would under certain circumstances run indefinitely due to a logic error. The result is added load to the server – this has now been fixed.
• Register User Information page did not by default set the focus on the input field Mobile Web site now feature the Unlock account feature Register user information did not work in a few languages
• Minor layout fixes When adding the IOS client the first ever request would fail on the server.
• The load of new languages Challenges/Response Questions are now automatic

Fixes

• One of the Default error messages when registering for a User Defined question was wrong
• Security fixes

Other Changes

• Servers not being connected to the internet would sometimes timeout trying to contact the Certificate Singeing CRL server, hence the Windows Services might timeout during service start. By default the CRL check has been disabled (This is also done be default in the patch)
• Complexity Indicator missing text customization. These texts were not editable.
• Verify Mobile Number did not work correctly in Italian and French
• Blocking Layer did not work correctly with User Information Registration page
• The Configuration page for the Client Configuration targeting the mobile part required the port number :443 to be present.
• The installer now warns that the last step takes approx. 20 min. to complete
• Adjusted misc database field in adam to allow more space

Version 3.5.1.2

Features

• Password Change operation would not display an error message when typing to new different passwords and submitting using the mouse.
• added Enrollment Service notified users even if the user were part of the Enroll Profile Deny group (This error was introduced in v.3.5.1 ).
• SAP SNC Communication is now supported
• In some situations it was possible to add more users that the License prescribed

Fixes

• The users would have to be a member of both allow and deny group for this to happen and the user would eventually not be able to Enroll. (This error is not present with the Windows Client)

Other Changes

• Nem ID Authentication
• Password Complexity texts could not be edited
• Password Complexity design would sometimes break, displaying half a line
• Password Complexity in the mobile site was not controlled by the correct settings file
• All files are now signed

Version 3.5.1.1

Features

• In certain situation the user would loose entered mobile or email address using the Register User Information feature, this would only happen for mandatory fields where the user had verified the same number/email as already present in AD
• HelpDesk Client now shows user contact data entered using the User Registration Feature
• New feature supports more intelligent handling of mobile number and email. Multiple REGEXP filters are allowed for validation, view, and output(eg. to the SMS gw). This will ease handling eg. () in numbers and eg. missing country codes.
• End-users using Firefox when making use of the User Registration Feature where able to proceed without typing any email/phone number

Other Changes

• HelpDesk Client now indicates the primary choice of the users mobile number when used for SMS pin and HelpDesk pin
• The installers ServerInit part will now note more clearly that it takes time to finish, and will not appear to be hanging
• Organization name was empty on the initial page in the web client

Version 3.5.1.0

Features

• Added Code Card feature. This lets the end-users, use a printable card to authenticate. The Card holds numbers/characters. For more information please consult the Administration guide
• Added EmailPin feature. The end-user can use an Email Pin for authentication in MyPass/MyPass/FastPass. Works as the SMS pin feature but simply using Email instead.
• Added the ability to notify an end-users Manager in AD. This option is generally available in Notification Service.
• Added Blocking layer feature to prevent end-users from resubmitting forms which is not allowed. The setting is now visible in the OrgSkinConfig file and disabled by default.
• Added the ability to configure in detail what the HelpDesk user roles should be able to view(Configurable in the registry)
• Added settings to controll HelpDesk and Mobile Client logs
• SAP Connector now supports alternative naming of the Function Module
• Changed standalone installers to be default enable .Net 4.0

Other Changes

• Changed the defaults for the settings controlling the behavior of the Windows Client for the UserEnrollmentEnforcementMethod_UserMustEnroll from FullScreen to Window. You should check this setting in the registry as the default change may result in a change if the value is not specified.
• The gateway did not properly write the status of the gateway repository at all times, resulting in the automatic failover in the gateway to use a none working object.
• Minor changes to the way User Registration of user Information now behaves.
• The end-user will now be forced to verify email/Mobile number to complete enrollment.(Before AD values in these areas where by default trusted)
• The default appearance is now registration of
• Minor design enhancements
• Enrollment Service: Recurring emails starting on Days 0 did not allow a eg. Day 2 action to be sent
• Minor adjustments is aspx/js files and texts
• Display of an end-users manager has been improved
• Locked Password Manager users are now treated as unenrolled in Enrollment Service meaning they will be asked to Enroll as the default is also in the EEC client.
• Selective password reset columns had switched place.
• Password Sync server registered sync transactions to the users primary AD user repository in Events. Now it sticks to the actual target instead
• Remote gateway - Administration Client would when re-saving the Gateway Settings truncate the remote gateway.

Version 3.5.0.0

Features

• Added support for new Challenge types
• Changed the backend operation to support the new Challenge types Added AT support for new Challenge types
• Added new events for new Challenge types
• Added new mobile client to be used with Windows Phone, Android, iPhone Added new Mobile APP for iPhone
• Added support for changing all messages, labels, error messages Changed text loading adding intelligent cache
• Added new texts on all pages to be used for customizations
• Error messages has been translated Welsh is now fully supported
• Performance optimizations for all web-parts Added IE10, IE11 support in the FastPassClient both skins.
• Added IE10, IE11 support in the Admin Client.
• Added feature for the mobile client to force use of a specific authentication profile
• Added Password Complexity feature MustStartWith feature
• Added client type noted in events etc.
• Added Password Complexity indicator to the Change Password operation
• Register User Information (Mobile number and or Email address) had errors when used in different combinations
• Added feature to disable the MyPass/MyPass/FastPass Aware CanNotChangePassword feature from AD. Fetching this particular property has proven to be slow in around 3% of AD environments. As the feature is seldom used, and consequences are few this feature can be disabled by registry.
• Added pull feature to the client, to service automatic updating of texts at the all clients(Only Mobile client supported in this version)
• Added reoccurring Enrollment Messages

Fixes

• Fixed spelling in various areas
• Fixed issue with authentication settings not updating when a profile for a track got deleted
• An error in the Backend-service prevented the HelpDesk part to increase session time above 32 mins
• Changed regional settings definition of time/dates to fixed ones.

Other Changes

• Private Challenges
• Semi-Private Challenges (can be visible to the ServiceDesk)
• User defined Challenge Questions
• Changed backend to allow for flexible enrolment. Users may authenticate with one or more challenge types depending on network and/or group membership
• Performance enhancement of reports, especially User Status report has been speed wise significantly improved. Does not reload when opening filter tools.
• Backend would create a user and take up a license event if the user was not in a group allowed to use MyPass/MyPass/FastPass.
• Moved Menu control in old skin to the Admin client
• Performance optimizations for all Services
• Changed AD LDS/ADAM schema to have the database keep any deleted data, making better use of the built-in undelete functions in the database
• Changed Enrollment Service behaviour to treat users locked in MyPass/MyPass/FastPass as not enrolled
• RACF over LDAP connector is now embedded in the installation
• In the Administration Client the Specification of groups to notify would sometimes be empty when reloading several times
• Request Password function in the HelpDeskClient now handles special characters
• Divided “Users must change password on next login” into 3 different settings to allow for absolute control in various scenarios:

Version 3.4.3.5

Features

• Administration Client needs some enhancements for better Service Provider support.
• The Security Settings in Administration Client does not feature a edit function.
• Self-Service Client shall support Welsh.
• The Password Complexity Indicator shall support configuration of minimum and maximum counts being set to 0.

Other Changes

• Group discovery might delete group registration if the gateway call times out.
• AdministrationClient does not show values for all user attributes in the User Details report page.
• The Random Password Generator fails on ResetPassword from the HelpDeskClient when no special characters are desired.
• HelpDeskClient does not show values for all user attributes.
• ConnectorMSSQL does not use its configured UnlockAfterReset setting.
• ConnectorOracle does not use its configured UnlockAfterReset setting.
• Custom Texts from the Backend Server are not loaded by the Self-Service Client when InitiateTrack.aspx is used.
• The UserDetails page used by the UserStatus report always fails to load.
• Password Sync does not always detect generated (temporary) passwords from Connector and/or Help Desk Client.
• ConnectorRACF does not allow exclusion of a character group.
• Help Desk Client does not implement correct domain level authorization.
• ConnectorSMSByMail has a too low and hardcoded timeout.
• The "View Enrollment Data" in the Help Desk Client doesn't make correct use of the "Help Desk User" and "Help Desk Supervisor" roles.
• When running from Windows Client Challenge/Response information falsely cached after reenrollment.
• The GetUserInformation method needs to call the same set of backend methods as the normal client
• Privileges of the HelpDeskClient roles needs to be configurable.
• The Password Complexity Indicator shall prevent progression as long as the password is invalid to its rules.
• The "Basic" Password Policy Type shall have a "Password must start with a letter" rule.
• The Password Complexity Indicator shall have a "Password must start with a letter" rule.
• SelfServiceClient and HelpDeskClient shall sort domain lists by name.

Version 3.4.3.4

Other Changes

• The ConnectorAD doesn't use the Random Password Generator correctly and the Random Password Generator has some defects in its use of parameters.
• Events of type PasswordSyncTransactionFailed are sometimes stored with the UserContextId of the primary user account instead of the one of the target.
• The TransactionRetryCountMax setting in Password Sync is not taken into account for Selective Password Reset transactions.
• Password Reset operation fails when a password does comply to AD policy and the lockout duration policy is set to 0.

Version 3.4.3.3

Other Changes

• Password history registrations used by Password Policy are sometimes "double encrypted".
• The SAP Connection Settings page fails to display with defaults if no languages are listed in IE language settings.
• When having a slow group list load, discovery service would start yet another thread to harvest AD groups resulting in too high resource usage
• Session handling improved to avoid halt when under high load
• Authentication using AD password for none-AD password resets shall be allowed.

Version 3.4.3.2

Features

• Added AT support for Zoomtext, Jaws and Dragon. These changes affect server and client components. On the server side these changes where added to the new optional skin. • Fixed bug in the group discovery service part which on large system could cause the discovery service to consume memory and cpu.
• Added Password Complexity indicator functionality to help end-users get direct feedback (requirements shifts from red to greem when a requirement has been passed)
• Combined with the new design it is not possible to target resets for a specific target type (To add this feature contact MyPass/MyPass/FastPass support)
• The Selective Password Reset feature shall support use of the Password Complexity Indicator.
• The Selective Password Reset feature shall support some display filtering based on the option the user has selected in the Wizard interface.

Fixes

• Fixed password change issue, that in some cases, would not redisplay the Password Change dialog if a user entered a password not allowed by AD password history.
• Fixed bug where group names with "::" in it was not being handled correctly

Other Changes

• Remove hardcoded mpdefault.master page
• The maximum execution time for deprovisioning is not configurable but hard coded as 6 hours.
• The Backend Server will cause the Help Desk Client to fail when trying to display a user with invalid sync account references.
• The Selective Password Reset page is not AT compliant and is not nicely styled for defaultV2 skin.
• Help Desk Client fails when trying to display a user with invalid sync account references.
• Partial visibilty (masking) of Challenge/Response data shall be implemented in the Help Desk Client.

Version 3.4.2.6

Features

• Added new features that will enable the administrator to limit the access to the client. This way it is possible only to allow Windows Client access - normal browsers will not be able access the site.
• Added Italian language
• Added the ability to add custom information when MyPass/MyPass/FastPass discovers a user. The feature can be used to e.g. add phone numbers to users when not being present in AD.

Fixes

• Fixed bug that would result in disabled AD users not being rediscovered and therefore not being deprovisioned within a group deletion rule

Version 3.4.2.4

Features

• Mail-server verification now has a "Sender" email address used for verification

Fixes

• Email REGEXP internally was changed in 3.4.2.3 in the Server nit installer. It was shortly in the normal install package. A bug was found in the REGEXP, the patch fixes this

Other Changes

• SMS gateway by HTTP(S) is now more robust, and configurable
• Improved performance for HelpDeskClient and HelpDeskSPEClient.

Version 3.4.2.3

Features

• Enrollment Profiles now require registration of contact settings prior to be enabled.
• Notification Profiles now require registration of contact settings prior to be enabled. • Email format checking for Enrollment Profile Contacts is done using standard format stored in ADAM.
• Mail Server Add/Edit pages now contains a Check button that checks the full mail flow and validated with a PIN before being saved.
• Added Portuguese as new language.
• Added KMD connector to be build-inn. Is a user gets locked in MyPass/FastPass the user will automatically be re-invited.
• Added support for downloading reports in CSV format. Deprovisioning can now be executed on demand.
• Added Password Expiration Notification that can email users before the users’ password expires. E.g. 10,5 and 1 day before. It can also send emails after the password has expired.

Fixes

• Fixed issue that would display "Password Could Not be set" when a user would try to reset the password. Only got displayed on 2003 DCs, when users did not have a username in AD and the was not set because of the History Policy.
• Fixed error in Reporting tools that made the page crash.
• Fixed Errors regarding statistics numbers on the User Audit Report.

Other Changes

• Email format checking for Notification Profile Contacts is done using standard format stored in ADAM.
• Email format checking for Organization Contacts is done using standard format stored in ADAM.
• Email format checking for AD Admin Account when using SSL is done using standard format stored in ADAM.
• Mail Server Main doesn't any longer have a Check button.
• Enrollment Service now looks for sender in Profile Contact, then Organization Contact and then Mail Server Contact if this is valid Email.
• Notification Service now looks for sender in Profile Contact, then Organization Contact and then Mail Server Contact if this is valid Email.
• Common Message Panel CSS now contains a definition for neutral information (WHITE) in R07 and R08.

Version 3.4.1.1

Fixes

• SAP connector mishandled error conditions from some systems leading to the one/two-byte error message in the log.

Other Changes

• The FastPassClient and HelpDesk Client main page would not display custom texts if the browser did not already have a valid session.
• Text emails was sent as HTML under some condition.
• Deprovisioning would not delete users who’s MyPass/FastPass data is old.

Version 3.4.1.0

Features

• New authentication for HelpDesk users automatically authenticates the using Windows NTLM
• Password Policy feature has now been added for Selective password reset. This enables the administration to define custom password policies in MyPass/FastPass.
• Checkpoint user was required to have a mobile phone number to use the unlock feature – fixed

Fixes

• Changed design and navigation lets the admin double-click User repositories, profiles etc. easing the navigation in the administration part Multiple CSS style issues fixed in the Administration Client
• Fixed issue with Swedish
• Fixed collation issue in the Sync installer sometime complaining.

Other Changes

• Single Enrollment Profiles was limited to run 255 times - limit has been raised dramatically
• A maximum 100.000 users could be discovered in MyPass/FastPass – limit has been raised dramatically
• Reporting part showed the Wrong IP number column in the Events
• Statistics in the Reporting part are now browse-able on year/month/date - making it possible to quickly get a view of the activities.
• The Welcoming screen in the FastPassClient did not show the correct text when the user did not have a session
• The notification Service variable $(UserAccountID) falsely had the content of the FullName AD attribute
• Users having deleting targets could not be deleted in MyPass/FastPass Under certain time formats the Calendar used in reporting/scheduling pages would fail
• Events can now be placed in SQL for better performance and control.
• Time and dates can now be displayed in the admins time zone under regional settings page. This will cause all times in the administration client and HelpDesk client to be displayed in the chosen time zone and format.
• User Self-Registration of Email/Mobile and mobile phone number Interval based search in the reporting page
• Got Locked event did not show in the HelpDeskClient

Version 3.4.0.3

Features

• The SPE Helpdesk version is now part of the normal client (and has the new features of the normal Help Desk Client)
• Google API connector added – you can now sync your password to users Google account.
• CheckPoint connector added Menu texts are now editable
• Added warnings when license expires

Fixes

• 64 bit SAP issue fixed (caused MyPass/FastPass to fail if the SAP end was not correctly configured)

Other Changes

• Discovery profiles may now be pointed to a specific OU limiting the time and resources needed to perform the discovery

Version 3.4.0.2

Features

• Each target now has groups controlling which users can sync and which can do Selective target password reset – this also enables the possibility to mix the two.
• Support for custom tracks (E.g. Reset Access card pin code)

Other Changes

• Windows client/Password Manager combination now let the users reset their password even offsite (using a hidden vpn-connection)

Version 3.4.0.1

Features

• Selective Password Reset and Synchronization is now profile based. Targets can be selected dependant on group membership. This enables you to combine the 2 methods amongst others.
• A new action “Register User Information” is available along with the Enroll option. This option will let users enter their mobile and email address in MyPass/FastPass (defaults are picked from AD) – this is a separate track as well – there’s no verification other than regular expressions in the first release
• Notification Service Queue view enables the admin to see which emails has been sent
• New HelpDesk Client
• Support for custom tracks (E.g. Reset Access card pincode)
• Added support for setting the length of the temporary Password
• Automatic detection of local IP addresses has been added, the MyPass/FastPass gateway will now always accept connections from local IP addresses.
• Added MSSQL connector directly in the package
• Added check of e-mail address so that a user is no longer marked as invited if he doesn’t have a valid email address.
• Administration Client: Added Refresh button to the Report page.
• Notification Service: Added the following events: "User Created", "User Updated", "User Deleted", "
• Administration Client: Audit Report is now using new data modules to extract data more efficient and is using the report style of v3.3.4.
• Password Sync Server: Problem with Password Interceptor v3 causing rejection of request is not solved. Backend: Support of new improved Event/Audit data modules. •Enrollment Service: Now only includes AD User Repositories in searches.
• SAP Connector now supports SAP unlock.
• MyPass/FastPass now supports Nested groups in all functions Mail Server config now supports multiple SMTP servers and automatic failover
• Notification can now be sent to users, the users Manager or a contact - sync events has been added
• New Statistic Service informs of user actions
• The documentation included in the installation was old - new documentation is in the package.

Fixes

• Reporting pages detail boxes now work better – had problems with certain data elements.
• Fixed AD account names check bug resulting in account names with "$" being rejected FPCADAM:
• Fixed memory leaks. Enrollment Service:
• Fixed memory leaks. Discovery Service:
• Fixed memory leaks.
• ISeries connector - fixed problem using $ and & in passwords Enrollment Service:
• Administration Client: Fixed bug in Audit Report that could prevent it from showing "old" events and give problems on large data amounts for some sorting.
• Administration Client: Installations based on v3.3.0.4 or earlier versions had issues with identifiers of Mail Servers and SMSGateways.
• Notification Service: Problem causing events of none primary targets to be invalid for notification is now solved.
• FPCADAM: Problem with delete and Deprovisioning of users having sync accounts linked to the primary account is now solved.
• ConnectorIBMSystemI: Problems with identification of the temporary directory and file access rights are now solved.
• SAP Connector fixes (uppercase/lowercase/none, SAP Admin Login, ...).
• Multiple bug-fixes in Notification Service.
• Skinning errors on error pages.

Other Changes

• Menus are controllable from within MyPass/FastPass administration client.
• The icon in the upper left corner can now be replaced in the administration client
• Selective password reset is now a selection on the authentication profile page, enabling the possibility to present different pages for users depending on their group member ship and network location
• Generate password and send via SMS
• Watch user status, user Challenge/Responses (if setup) Watch sync targets and their stat
• Selective target password reset page displays the progress in real-time for the users.
• The admin part can now configure the remote gateway
• Notification and Enrollment emails can now be in HTML format.
• Language selector is now present in the MyPass/FastPass Client Version

Version 3.3.2.12

• Administration Client GUI changes in Multiorg - now more information is shown
• Administration Client now shows the icons you have access to according to the license.
• MyPass/FastPass would fail to let a user enroll, without a user principal name and display name in AD.
• Enrollment service now looks at the Enrollment configuration to determine if a user should have an invite sent. In the case that the user has no access to any Enrollment Profile the user will not get an email.
• Sync: If a MyPass/FastPass Identity has been synced to a user context - and the context has been deleted, then deletion of the user would fail.
• API/CLI/SSH connectors are now built into the solution
• MSSQL connector - when resaving connection data the "encryption option" would automatically jump to Encrypted if saved without any changes
• MSSQL connector would not create a MSSQL user in MyPass/FastPass even if the return was "User not found"
• Administration Client: Audit Report now also contains "User Created", "User Updated", "User Deleted", "User Locked in PM", "User Invited"
• User Locked in PM", "User Invited"
• Discovery Service: Can now filter out groups containing invalid characters.
• Discovery Service: Searches for group names of all groups for a user is now perfomed in one query instead of one by one. Connector AD: The properties of the temporary random password used in password reset can now be configured through registry values.
• FPCADAM: Definition of counters increased.
• Administration Client: Sync Transactions now also includes status "INVALID" in the "OTHER" group.
• Administration Client: Now also writes configuration for disabled User Repositories.
• SAP Connector now checks password login after password reset to verify the ultimate status.
• ISeries Connector now includes Secure connection over SSL as default
• License Server implements shared certificate to prevent locked file situations.
• Administration Client writes correctly the track configuration for AllowSelectiveReset.
• Administration Client now implements correct MaximumNumberOf* settings for User Reposities.
• Selective Password Reset option allows to reset passwords on multiple systems using MyPass/FastPass, and having different passwords on each system
• Enrollment Service: The GUI now allows smoother operation when creating emails
• Administrative GUI has been changed to reflect sync
• Discovery service now heals itself after a restart in the middle of a discovery process Discovery services schedule can now be locked to a specific day.
• Faster and more robust communication with AD
• License load has been moved into the Administration client
• Sync targets are now created within the Administration client
• The user map can now be handled in the Administration client
• Group loading has been rebuild providing smoother operation when loading big group lists.
• The Certificate store is now kept, and shared along services and web
• Version 3.3.0.4 to 3.3.0.6
• Multiple performance enhancements regarding communication with AD.