Version 4.2.0
Introduction
This document provides information on the updated features and the fixed issues in the Sectona PAM version 4.2.0
What’s New
Vault Storage
[SPSL-2441] - Upgraded MySQL core engine from version 8.0.25 to version 8.0.28.
Session Management
[SPSL-2709] – Support for key based management account in case of Just-In-Time session for Unix based assets.
[SPSL-2697] – Support for live session monitoring in SSHD proxy-based sessions with live session termination.
[SPSL-2688] – Option to enable Windows server wallpaper in RDP over browser (v4).
[SPSL-2683] – Option to customize the session window title (in the browser tab) for over browser access types.
[SPSL-2666] – Centralized live session monitoring and collaboration support in case of multiple application and application proxy nodes configured.
[SPSL-2650] – Option to filter/view sessions based on session review status.
[SPSL-2637] – Support to play and export session video logs from the archival location.
[SPSL-2633] – "No Preview" screen when a live session monitoring snap is unavailable.
[SPSL-2560] – Improvement in the overall performance of the SSHD Proxy session.
[SPSL-2546] – Improved session video playback quality.
[SPSL-2488] – MFA (user interactive) support for SSH and SFTP-based sessions.
[SPSL-2428] – Option to configure MFA for every new session in asset security settings when connecting to any account of a specific asset.
[SPSL-2413] – Added file size in session metadata for files being uploaded and downloaded.
[SPSL-2412] – Option to configure user access policy wise restriction for upload and download a file based on file size.
[SPSL-2300] – System will transfer video logs to the Primary P1 node once the user session is completed on Primary P2/application proxy nodes.
[SPSL-1770] – Support to capture and display application node (P1/P2/Application Proxy) details in session view from where the user logins to the system and initiated a session.
[SPSL-1202] – Asset wise option to bypass session proxy and web proxy for an asset specific session.
Asset Management
[SPSL-2708] – Support for IPv6 on Primary and Secondary IP address fields.
[SPSL-2696] – Provided ADSync support for the Unix-based operating system.
Password Management
[SPSL-2681] – Added filter "Out of Sync Accounts" in the New Job section of Password Manager.
[SPSL-1279] - Feature for multiple password change sequences based on account name for specific asset version.
System
[SPSL-2610] - Run option in App Services for started services on non-primary application nodes.
[SPSL-2629] – Support multiple host names in application node hostname for cluster configuration.
[SPSL-2619] + [SPSL-2663] – Notifications type for Session Reviewed, User Group Created, User Group Modified and User Group Deleted.
[SPSL-2617] + [SPSL-2607] – Trails for tag details, asset discovery (for active directory), user group mapping, account group mapping and user role management in system trails and respective UI.
[SPSL-2532] - Instance name in Asset Direct Access email notification.
[SPSL-2481] – New system defined access type as "RDP (Admin Console)" to get the direct admin console of Windows Server.
[SPSL-2426] – Option to configure custom Java scripts to support the SSO process in browser-based access type.
Reporting
[SPSL-2537] – Added “User Status” in the “User & User Group” base data for customized reports.
[SPSL-2472] – Added "Asset Version" in the Asset(s) base data for customized reports.
[SPSL-2471] – Added "Comment" and "Ticket No." in the session-related reports, such as Session metadata (last 24 hours), Session activities (last 24 hours), Session metadata – Blocked (last 24 hours) and Collaborated sessions (last 24 hours).
User Management
[SPSL-2702] – Added column "Account Group" in the user’s View Entitlement option.
Workflow
[SPSL-2549] - Option to revoke (cancel approval) workflow request, which has already been approved in workflow all requests (administrative option).
Fixed Issues
Session Management
[SPSL-2716] – Fixed issues where the Risk view graph was not working as per the instance and did not display sessions of the current day.
[SPSL-2689] – Fixed an issue where the system was throwing an error for session collaboration when the session was enforced through the jump server (RDP + SSH).
[SPSL-2678] – Fixed an issue where the SCP file upload, download, and make directory functionality was not working as per the User Access Permissions given in the User Access Policy.
[SPSL-2651] – Fixed an issue related to high CPU utilization while using SSH Over a Browser session.
[SPSL-2601] – Fixed an issue of syntax error while calculating the Risk Score if the Account Name and User Name contain a single quote (').
[SPSL-2536] - Fixed issues in Windows Monitoring Service (WMON) regarding hostnames with more than 15 characters.
[SPSL-2533] - Fixed an issue where the file gets copied into the wrong directory in SFTP Over browser session in case of a special character in the directory name.
[SPSL-2351] - Fixed an issue where certain Keyboard keys were not working as expected in Session Collaboration.
[SPSL-2527] – Fixed an issue regarding validation for the email field on the session collaboration pop-up.
[SPSL-1079] - Fixed an issue where the screen is visible and accessible using the keyboard but not with the mouse under Collaborated Session.
Asset Management
[SPSL-2723] – Fixed an issue where “Job Name” was blank in Asset Discovery History in Asset Discovery View.
[SPSL-2622] - Fixed an issue where the system did not allow to take a session if the Account Name and Host Name contained a single quote (').
[SPSL-2496] - Fixed an issue where the filter was not working as expected in the Account Lifecycle.
Workflow
[SPSL-2548] – Fixed an issue where workflow-based approved access was not shown in reports and user entitlements.
Dashboard and Reporting
[SPSL-2613] – Fixed an issue where the "User Activity Analysis” was showing incorrect and partial data in the dashboard.
[SPSL-2531] - Fixed an issue where the search box values disappear once search results in Analytics are selected.
System
[SPSL-2739] - Fixed an issue where the user was unable to receive a notification email for “user group deleted” and “account group deleted.”
[SPSL-2706] – Fixed an issue in the notification email where the system displayed zero accounts when the user ran the password management job.
[SPSL-2662] – Fixed issues in the View Sectona Authentication Lockout Policy Trail and Sectona Authentication Password Policy Trail, where a new record was not created for any update in the policy.
[SPSL-2661] – Fixed an issue related to an incorrect username in the notification email of account group update/modify.
[SPSL-2578] – Fixed an issue where the trails were not visible for asset type in configuration.
[SPSL-2461] - Fixed an issue related to incorrect data getting highlighted on the view trails page when the user bulk updates Asset/Account/User.
Task Management
[SPSL-2498] - Fixed an issue where the task was not executed through the task manager if the output was less than 8000 characters for SSH and Powershell.
Password Management
[SPSL-2691] – Fixed an issue where the system was unable to rotate the key of the key based account without a passphrase (for Unix based).
[SPSL-2612] – Fixed an issue where the Password status icon was showing unverified for all accounts on the account view page due to missing configuration.
[SPSL-2602] – Fixed an issue where if the password change sequence is marked inactive but still system was considering the same sequence for password change of account.
User Management
[SPSL-2679] – Fixed an issue where the user was prompted to reconfigure MFA while login in even if MFA reset was not performed by the administrator
[SPSL-2673] – Fixed issues related to user role management where the system allowed saving a new user role with no read / write access permission.
[SPSL-2603] - Fixed an issue where the last registration date for Google Authenticator was shown as blank.
.[SPSL-2501] - Fixed an issue where SCIM “User Update API” allowed users to update the username, which is not allowed from PAM.