Introduction

This document provides information on the updated features and the fixed issues in the Sectona PAM version 4.2.0

What’s New

Vault Storage

  • [SPSL-2441] - Upgraded MySQL core engine from version 8.0.25 to version 8.0.28.

Session Management

  • [SPSL-2709] – Support for key based management account in case of Just-In-Time session for Unix based assets.

  • [SPSL-2697] – Support for live session monitoring in SSHD proxy-based sessions with live session termination.

  • [SPSL-2688] – Option to enable Windows server wallpaper in RDP over browser (v4).

  • [SPSL-2683] – Option to customize the session window title (in the browser tab) for over browser access types.

  • [SPSL-2666] – Centralized live session monitoring and collaboration support in case of multiple application and application proxy nodes configured.

  • [SPSL-2650] – Option to filter/view sessions based on session review status.

  • [SPSL-2637] – Support to play and export session video logs from the archival location.

  • [SPSL-2633] – "No Preview" screen when a live session monitoring snap is unavailable.

  • [SPSL-2560] – Improvement in the overall performance of the SSHD Proxy session.

  • [SPSL-2546] – Improved session video playback quality.

  • [SPSL-2488] – MFA (user interactive) support for SSH and SFTP-based sessions.

  • [SPSL-2428] – Option to configure MFA for every new session in asset security settings when connecting to any account of a specific asset.

  • [SPSL-2413] – Added file size in session metadata for files being uploaded and downloaded.

  • [SPSL-2412] – Option to configure user access policy wise restriction for upload and download a file based on file size.

  • [SPSL-2300] – System will transfer video logs to the Primary P1 node once the user session is completed on Primary P2/application proxy nodes.

  • [SPSL-1770] – Support to capture and display application node (P1/P2/Application Proxy) details in session view from where the user logins to the system and initiated a session.

  • [SPSL-1202] – Asset wise option to bypass session proxy and web proxy for an asset specific session.

Asset Management

  • [SPSL-2708] – Support for IPv6 on Primary and Secondary IP address fields.

  • [SPSL-2696] – Provided ADSync support for the Unix-based operating system.

Password Management

  • [SPSL-2681] – Added filter "Out of Sync Accounts" in the New Job section of Password Manager.

  • [SPSL-1279] - Feature for multiple password change sequences based on account name for specific asset version.

System

  • [SPSL-2610] - Run option in App Services for started services on non-primary application nodes.

  • [SPSL-2629] – Support multiple host names in application node hostname for cluster configuration.

  • [SPSL-2619] + [SPSL-2663] – Notifications type for Session Reviewed, User Group Created, User Group Modified and User Group Deleted.

  • [SPSL-2617] + [SPSL-2607] – Trails for tag details, asset discovery (for active directory), user group mapping, account group mapping and user role management in system trails and respective UI.

  • [SPSL-2532] - Instance name in Asset Direct Access email notification.

  • [SPSL-2481] – New system defined access type as "RDP (Admin Console)" to get the direct admin console of Windows Server.

  • [SPSL-2426] – Option to configure custom Java scripts to support the SSO process in browser-based access type.

Reporting

  • [SPSL-2537] – Added “User Status” in the “User & User Group” base data for customized reports.

  • [SPSL-2472] – Added "Asset Version" in the Asset(s) base data for customized reports.

  • [SPSL-2471] – Added "Comment" and "Ticket No." in the session-related reports, such as Session metadata (last 24 hours), Session activities (last 24 hours), Session metadata – Blocked (last 24 hours) and Collaborated sessions (last 24 hours).

User Management

  • [SPSL-2702] – Added column "Account Group" in the user’s View Entitlement option.

Workflow

  • [SPSL-2549] - Option to revoke (cancel approval) workflow request, which has already been approved in workflow all requests (administrative option).

Fixed Issues

Session Management

  • [SPSL-2716] – Fixed issues where the Risk view graph was not working as per the instance and did not display sessions of the current day.

  • [SPSL-2689] – Fixed an issue where the system was throwing an error for session collaboration when the session was enforced through the jump server (RDP + SSH).

  • [SPSL-2678] – Fixed an issue where the SCP file upload, download, and make directory functionality was not working as per the User Access Permissions given in the User Access Policy.

  • [SPSL-2651] – Fixed an issue related to high CPU utilization while using SSH Over a Browser session.

  • [SPSL-2601] – Fixed an issue of syntax error while calculating the Risk Score if the Account Name and User Name contain a single quote (').

  • [SPSL-2536] - Fixed issues in Windows Monitoring Service (WMON) regarding hostnames with more than 15 characters.

  • [SPSL-2533] - Fixed an issue where the file gets copied into the wrong directory in SFTP Over browser session in case of a special character in the directory name.

  • [SPSL-2351] - Fixed an issue where certain Keyboard keys were not working as expected in Session Collaboration.

  • [SPSL-2527] – Fixed an issue regarding validation for the email field on the session collaboration pop-up.

  • [SPSL-1079] - Fixed an issue where the screen is visible and accessible using the keyboard but not with the mouse under Collaborated Session.

Asset Management

  • [SPSL-2723] – Fixed an issue where “Job Name” was blank in Asset Discovery History in Asset Discovery View.

  • [SPSL-2622] - Fixed an issue where the system did not allow to take a session if the Account Name and Host Name contained a single quote (').

  • [SPSL-2496] - Fixed an issue where the filter was not working as expected in the Account Lifecycle.

Workflow

  • [SPSL-2548] – Fixed an issue where workflow-based approved access was not shown in reports and user entitlements.

Dashboard and Reporting

  • [SPSL-2613] – Fixed an issue where the "User Activity Analysis” was showing incorrect and partial data in the dashboard.

  • [SPSL-2531] - Fixed an issue where the search box values disappear once search results in Analytics are selected.

System

  • [SPSL-2739] - Fixed an issue where the user was unable to receive a notification email for “user group deleted” and “account group deleted.”

  • [SPSL-2706] – Fixed an issue in the notification email where the system displayed zero accounts when the user ran the password management job.

  • [SPSL-2662] – Fixed issues in the View Sectona Authentication Lockout Policy Trail and Sectona Authentication Password Policy Trail, where a new record was not created for any update in the policy.

  • [SPSL-2661] – Fixed an issue related to an incorrect username in the notification email of account group update/modify.

  • [SPSL-2578] – Fixed an issue where the trails were not visible for asset type in configuration.

  • [SPSL-2461] - Fixed an issue related to incorrect data getting highlighted on the view trails page when the user bulk updates Asset/Account/User.

Task Management

  • [SPSL-2498] - Fixed an issue where the task was not executed through the task manager if the output was less than 8000 characters for SSH and Powershell.

Password Management

  • [SPSL-2691] – Fixed an issue where the system was unable to rotate the key of the key based account without a passphrase (for Unix based).

  • [SPSL-2612] – Fixed an issue where the Password status icon was showing unverified for all accounts on the account view page due to missing configuration.

  • [SPSL-2602] – Fixed an issue where if the password change sequence is marked inactive but still system was considering the same sequence for password change of account.

User Management

  • [SPSL-2679] – Fixed an issue where the user was prompted to reconfigure MFA while login in even if MFA reset was not performed by the administrator

  • [SPSL-2673] – Fixed issues related to user role management where the system allowed saving a new user role with no read / write access permission.

  • [SPSL-2603] - Fixed an issue where the last registration date for Google Authenticator was shown as blank.

  • .[SPSL-2501] - Fixed an issue where SCIM “User Update API” allowed users to update the username, which is not allowed from PAM.