22.2 Release Notes
This update includes the following features, fixes, and other changes. These release notes cover information specific to Verify Privilege Cloud Suite; be sure to read the 22.2 Release Notes too.
New Features
Delinea and Centrify
We have updated the look and feel of the Cloud Client installer to reflect the new Delinea logo and colors. All files, folders, directories, settings, and registry keys and so forth remain as Centrify, as does the Admin Portal for PAS.
For more information about Delinea, see Delinea Announcement
Documentation
You can find the documentation under the following sections:
Notice of Discontinuation
None
Resolved Issues and Changes in 22.2
Here are the resolved issues and behavior changes in this release:
-
Added a new API
SetFeatureState
to update the state of a feature on an enrolled system. Only a sysadmin can call this API. In a single call, multiple features of a single enrolled system can be enabled/disabled. You can find more information about APIs at ourDeveloper Portal. -
Changed Privilege Elevation Commands to update the Display Name when the Name was changed.
Resolved Issues and Changes in 22.2 HF 1
- Fixed an issue with the Privilege Elevation Command screen where the page wouldn't load after clicking the Add button.
Supported Platforms
Be sure to read the 22.2 Release Notes for more supported platforms for the Connector and so forth.
Clients for Linux
Client for Red Hat
- Red Hat Enterprise Linux 7.9, 8.3
- CentOS 7.9, 8.3
- Fedora 33, 34
- Oracle Linux 7.9, 8.3
- Amazon Linux 2 Latest Version
Client for Red Hat (ARM architecture):
- 7.9, 8.3
Client for SUSE
- SUSE15-SP3
Client for Debian
- Debian 9.13, 10.9, 11.2
- Ubuntu 18.04LTS, 20.04LTS, 21.04
Client for Alpine Linux
-
Alpine Linux 3.14
Before you uninstall the Cloud Client for Linux from an Alpine Linux system, you must unenroll the system first. The Alpine Linux package manager doesn't allow the service to verify that the client is unenrolled from IBM Security PAS before uninstalling. If you uninstall the client without unenrolling first, you won't be able to log in to the system anymore.
Clients for Microsoft Windows
Windows 10 LTSB/LTSC, Windows Server 2012r2, 2016, 2019 LTSC, Windows 2022
Known Issues
Client Known Issues
-
When you log in to an enrolled system and your account is set up to use MFA redirection, the service prompts you for your password, not the password for the MFA redirect user. This feature is available on systems that have the Cloud Client installed and enrolled.
-
For privilege elevation workflow activity, the events in the Activity log show that commands were run without an authentication challenge when in fact the user was challenged with additional authentication requests when running the command after the workflow request is approved.
MFA Known Issues
-
Ensure required data for each selected authentication factor is present When selecting the use of a secondary factor (SMS, phone, email, etc) you should ensure that the data is present in Active Directory for all users otherwise it is possible that users with missing data may be locked out. You can specify a preferred factor and if not present an alternative factor will be used. For example, if a user has no phone number in AD and SMS was the preferred factor, the IBM Security PAS will fall back to another selected factor (for example, email). If there is no phone number or email in AD in this case, the user would effectively be locked out.
-
Email as an MFA mechanism is subject to spam / junk filters Be aware that using email as an MFA mechanism may be affected by users' email providers' spam or junk filters.
-
SMS / phone are only attempted once a password is validated This prevents spam and billing issues if an attacker attempts to brute force passwords to gain entry.
-
For FIDO2 and On-Device Authentication options you will need to login from the tenant specific URL .