22.2 Release Notes

This update includes the following features, fixes, and other changes. Please also read the 22.2 Release Notes.

New Features

Delinea and Centrify

We have updated the look and feel of the Cloud Client installer to reflect the new Delinea logo and colors. All files, folders, directories, settings, and registry keys and so forth remain as Centrify, as does the Admin Portal for PAS.

For more information about Delinea, see Delinea Announcement

Documentation

You can find the documentation at the Delinea Doc Portal, under the following sections:

We no longer provide a separate PDF for HS-PAS. Instead, the information is available in the Deploying Customer-Managed (On-Premises) PAS section.

Notice of Discontinuation

None

Resolved Issues and Changes in 22.2

Here are the resolved issues and behavior changes in this release:

  • Updated the bulkSystemDelete API to be more efficient.

  • CVE-2018-1285 for log4net fixed with an upgrade to library version 2.0.14 in the Connector package.

  • When checking for duplicate LDAP configurations, we now check both versions of LDAP so that we don't accidentally override LDAP1 configs with LDAP2.

  • Fixed an issue with authenticating against a Radius server. Redirection will now use the correct user when attempting to authenticate.

  • The optional "scope" field has been added in the partner management area. This field allows for integration with Azure Active Directory.

  • Fixed an issue with the login screen in the iOS mobile app where it wasn't visible after updating the device to iOS 15.4.

  • Fixed an issue that could cause ldap directory services to disappear from the list of directory services.

  • When deleting systems, the email will now include information about failed deletions as well as successful ones.

  • Updating LDAP and Google Directory Services configurations will now generate 'Modify' events that can be used to build reports and log changes.

  • There is now a setup_certauth.ps1 script that you can use to add certificates (such as for smart cards) to your HS-PAS installation.

Resolved Issues and Changes in 22.2 HF1

Users can choose to delete previously pushed configuration files from PAS by navigating to Settings -> Resources -> Config files. Note that deleting config files from PAS does not revert the configuration files from the systems where those configuration files are.

For details about deploying configuration files, see Viewing or Deleting Configuration Files.

Resolved Issues and Changes in 22.2 HF6

Google released an update to Chrome that made users unable to handle copy and paste actions within RDP sessions. We have adjusted the permissions so that copy and paste are accessible to users again.

Resolved Issues and Changes in 22.2 HF7

  • Added a new API to improve the performance of periodic password rotation.

Supported Platforms

Centrify Connector

  • Windows Server 2012r2, Server 2016, Server 2019, Windows 2022

Hyper-scalable Centrify Privileged Access Service

  • Windows Server 2016, Server 2019, Windows 2022

Windows PAS Remote Access Kit

Windows 10, Server 2012r2, Server 2016, Server 2019

Centrify App for Android

Android 5 (API level 21) and later

Centrify App for iOS

iOS 12 and above

Databases

  • Microsoft SQL Server (versions 2008R2 and later)
  • Oracle (versions 11.2.0.4, 12.1.0.1, 12.1.0.2)
  • SAP ASE (version 16.0)

Network Devices and Appliances

  • Check Point Gaia (versions R77.30, R80.10)
  • Cisco AsyncOS (versions v10 and v11)
  • Cisco IOS (versions IOS 12.1/IOS 15.0)
  • Cisco NX-OS (version NX-OS 6.0)
  • F5 Networks BIG-IP (versions v11, v12, v13)
  • HP Nonstop OS (J06.19, H06.29)
  • IBM i (versions IBM i 7.2, IBM i 7.3)
  • Juniper Junos OS (version JunOS 12.3R6.6)
  • Palo Alto Networks PAN-OS (versions 7.1, 8.0)
  • VMware VMkernel (versions 5.5, 6.0, 6.5 and 6.7)
  • Generic SSH

Desktop Apps

Privileged Access Service provides templates for the following Windows applications in the Desktop Apps feature. Privileged Access Service supports any versions of these applications that are compliant with the requirements for Windows Server 2012 R2 / 2016 Remote Desktop Services and RemoteApp. These applications must accept and process the command line strings pre-defined within the Desktop Apps templates. We have officially tested the following versions:

  • SQL Server Management Studio (versions 13.0.15600.2, 2016 and 12.0.4522.0, 2012)
  • TOAD for Oracle (version 13.0.0.80)
  • VMware vSphere Client (version 6.0.0)
VMware vSphere Client supports VMware VMkernel systems with a VMkernel system version below 6.5
Custom user-defined templates are also available for additional desktop applications.

Known Issues

MFA Known Issues

  • Ensure required data for each selected authentication factor is present When selecting the use of a secondary factor (SMS, phone, email, etc) you should ensure that the data is present in Active Directory for all users otherwise it is possible that users with missing data may be locked out. You can specify a preferred factor and if not present an alternative factor will be used. For example, if a user has no phone number in AD and SMS was the preferred factor, Verify Privilege Cloud Suite will fall back to another selected factor (for example, email). If there is no phone number or email in AD in this case, the user would effectively be locked out.

  • Email as an MFA mechanism is subject to spam / junk filters Be aware that using email as an MFA mechanism may be affected by users' email providers' spam or junk filters.

  • SMS / phone are only attempted once a password is validated This prevents spam and billing issues if an attacker attempts to brute force passwords to gain entry.

  • For FIDO2 and On-Device Authentication options you will need to login from the tenant specific URL .

Additional Information and Support

In addition to the documentation provided with this package, see the IBM Security Knowledge Base for answers to common questions and other information (including any general or platform-specific known limitations), tips, or suggestions. You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone.

The IBM Security Resources web site provides access to a wide range of information including analyst report, best practice brief, case study, datasheet, ebook, white papers, etc., that may help you optimize your use of IBM Security products. For more information, see the IBM Security Resources web site.

You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone. To contact IBM Security Support or to get help with installing or using this software, send email to support@delinea.com or call 1-202-991-0540. For information about purchasing or evaluating IBM Security products, send email to info@delinea.com.