Breadcrumbs

Version 6.0.0

Introduction 

This document provides an overview of the new features, enhancements, and resolved issues in Sectona PAM version 6.0.0. It highlights key improvements in functionality, performance, and security. 

What’s New? 

API 

[SPSL-4360] - Added support to view management API logs in Platform Configuration for multiple APIs across PAM and instance-level operations. 

[SPSL-5358] - Added support to terminate user session via API. 

[SPSL-5366] - Enhanced Get Account, Asset, and User APIs to return detailed user meta data in response. 

[SPSL-5587] - Added support for create and modify operations in management APIs for asset, account, user group and account group. 

Account & Asset Management 

[SPSL-5454] - Added support for new security options in “Update Bulk Assets Security Settings” import for Assets. 

  • Enabled bulk update for options such as Unvaulted Account, Allow Keyboard, and UNIX-specific settings. 

[SPSL-5496] - Enhanced audit trail to track updates for Certificate and Secret-based authentication. 

  • Displays change status for all credential types within a unified credentials field. 

  • Replaced Password field with Credentials and removed redundant key columns. 

  • Improved audit visibility across all update flows (UI, API, workflows, AD sync, JIT). 

[SPSL-5597] - Added support for the “Asset Category” attribute in “Attribute-Based” account groups. 

[SPSL-5604] - Added new asset security setting “Prefer Interactive Authentication” to set SSH connection authentication preference. 

Discovery 

[SPSL-5397] - Added support for Certificate based authentication for Google Cloud discovery configuration under Manage Discovery Asset. 

[SPSL-5552] - Added support for discovery and onboarding of Azure Entra ID privileged accounts. 

  • Improved onboarding efficiency and account visibility. 

[SPSL-5602] - Enhanced Discovery Map with improved layout, zoom/pan, and search capabilities. 

  • Enabled node highlighting, filtering, and better visualization for large discovery data view. 

Event, Monitoring & Notification 

[SPSL-5319]- Added dedicated SIEM log events for Product User Assigned, Modified, and Revoked actions. 

  • Triggers events on user assignment, policy changes, and status updates (active/inactive). 

  • Enhances audit visibility across the product user lifecycle. 

[SPSL-5488] - License Information in Notification Emails 

  • Added default tag in notification emails to display product types and vault count. 

[SPSL-5528] - Added dedicated SIEM log event for Exclusive Mapping. 

  • Triggers when exclusive access is assigned to a user. 

  • Enhances audit visibility for privileged access assignments. 

 [SPSL-5529] - Added dedicated email notifications and SIEM logging for status changes of users, assets, and accounts. 

  • Generates alerts when status updates occur across objects. 

  • Ensures improved visibility and audit tracking of status changes. 

[SPSL-5531] - Added dedicated email notifications and SIEM log events for user role changes. 

  • Ensures accurate triggering of alerts when user roles are updated. 

[SPSL-5567] - Added support for filtering login success and failure notifications based on time span. 

  • Supports configurable rules using attributes like Login Time, Source IP and Username. 

[SPSL-5594] - Improved the Notifications interface with unread count indicators, preview dropdown, filtering tabs (All, Read, Unread), and a dedicated detail view for better notification management and visibility. 

Policies & Workflow 

[SPSL-5325] - Added support for automatic workflow bypass during password checkout when Exclusive Checkout is enabled which requesting user belongs to the No Approval Users group. 

[SPSL-5596] - Added workflow delegation to let delegated users approve or reject requests. Only administrators can configure workflow delegation across the instance. 

Password Management 

[SPSL-2889] - Added new status “Terminated” for jobs stopped by user. 

  • Added “Processing” status for jobs initiated by system or manual actions. 

  • Improved status visibility across all password manager job creation flows. 

[SPSL-2892] - Added support to synchronize password rotation across dependent accounts. 

  • Automatically triggers password updates on linked accounts upon successful rotation. 

  • Ensured consistent password updates across assets with centralized job tracking. 

[SPSL-4637] - Enhanced Password Status page to display detailed reconciliation information. 

  • Includes timestamps for reconciliation attempts and out-of-sync events. 

  • Corresponding log for status changes from reconciled to out of sync. 

[SPSL-5344] - Added support to assign account-specific password rotation policies independent of asset policies. 

  • Enabled password rotation and reconciliation after every session for service-based accounts. 

  • Supports password checkout via UI and workflow-based requests. 

  • Maintains default behavior with inherit from Asset option unless overridden. 

[SPSL-5348] - Added automatic password manager job creation for newly onboarded accounts via AD Sync. 

  • Improved immediate password management for newly created local accounts. 

[SPSL-5570] - Removed Change Password option from Account Management option. 

  • Added role-based permission under Account Management to control reset credential access. 

Report & Dashboard  

[SPSL-2938] - Added From Date and To Date filters to Analytics reports, enabling users to view and export report data for a specific date range across user logins, session activities, password activities, and other report categories. 

[SPSL-4752] - Added Session Analytics Report under Analytics section in PAM. 

  • Provides insights into session activity, user behavior, access patterns, risk scores, and authentication trends. 

[SPSL-5331] - Improved overall performance of User Entitlement Report.  

[SPSL-5359] - Added new default report for User Access Policy in PAM. 

[SPSL-5390] - Added Account Analytics Report under Analytics section in PAM. 

  • Provides consolidated insights into account usage, access behaviour, authentication trends, and security posture across assets. 

[SPSL-5391] - Added User Analytics under Analytics section in Platform Configuration. 

  • Provides insights on user behaviour, access patterns, authentication activity, session usage, and risk indicators. 

[SPSL-5393] - Added support to export compliance reports in ZIP format. 

Satellite Vault 

[SPSL-2409] - Added support for multiple account group selection per instance-user entry. 

  • Enabled duplicate functionality to replicate configurations across users. 

[SPSL-4497] - Optimized Satellite Vault sync process between PAM and Satellite Vault. 

Session & Task Management 

[SPSL-1162] - Enhanced and added support for session collaboration with multiple users in one collaborated session. Currently supported for Launcher based sessions. 

[SPSL-2520] - Added support to restrict file upload and download based on configured file size limits in User Access Policy. 

  • Applicable for SCP, SCP Over Browser, and browser-based sessions. 

[SPSL-2521] - Added metadata logging for file transfers including file size and path for SCP, SCP Over Browser, and browser-based sessions. 

[SPSL- 4384] – Introducing SFTP based direct proxy to access target FTP or SFTP assets without login into PAM. This proxy can be accessed from any endpoint operating system and supported clients. Currently, file permissions and Owner/Group view /changes features are not supported. 

[SPSL-4567] - Improved support for “sudo su” during user switching in SSH sessions. 

  • Improved compatibility with AD authentication. 

  • Enabled user switching across supported environments. 

[SPSL-5047] - Added support for Console-Only Access accounts in SSHD-based sessions. 

  • Added accounts appear in SSHD Proxy session account selection. 

  • Improved flexibility for database console access without GUI dependency. 

[SPSL-5310] - Added out of box 40+ access types for various asset types with pre-configured parameters. 

[SPSL-5313] - Added SSO support for iframe-based login pages in Sectona Client. 

  • Enabled SSO functionality for URLs using iframe based page rendering method. 

  • Supported in Chrome and Microsoft Edge browser types. 

[SPSL-5333] - Added (Optional) SSH Over Browser terminal session with clipboard support. 

  • Enabled scrollable terminal history (up to 999 lines). 

  • Improved font consistency in collaboration mode. 

[SPSL-5338] - Added direct proxy for MySQL, MSSQL, and MariaDB databases as inline proxy. 

[SPSL-5350] - Added support for unvaulted accounts in RDPD sessions similar to launcher-based sessions. 

[SPSL-5523] - Added slab-wise risk score filtering in Session View. 

  • Enabled filtering of sessions based on selected risk score ranges for improved analysis. 

[SPSL-5534] - Added option to suspend and resume live sessions from Live Session View. 

  • Supported for Launcher-based sessions, RDP/SSH over Browser, SSHD, RDPD, and JumpHost sessions. 

  • Enabled session termination, suspend and resume with default and customizable message. 

[SPSL-5544] - Added support to route Jump Server sessions via Session Proxy for launcher-based RDP sessions when Use Launcher for RDP Direct is set. 

  • Routes connections through configured session proxy when enabled in Jump Server settings. 

  • Automatically selects the proxy with the lowest load for optimal performance. 

[SPSL-5599] - Added enforcement of command restriction policies for Kubernetes sessions via Jump Shell and ensured restricted commands are blocked as per Server Access Policy across all. 

[SPSL-5600] - Added support for RDP Direct Proxy access using “Connection URI” to start new instant session towards target asset. 

  • Connection URI Format : <EndUser>$<IPORHostname>$<AccountName>$<InstanceNameOrInstanceShortName> 

[SPSL-5669] - Added Kerberos-based NLA and SSO support for RDP over browser access and RDPD. 

[SPSL-5683] - Improved RDP display quality for launcher-based sessions, delivering clearer and sharper screen rendering with reduced pixelation. 

[SPSL-5684] - Added support for double-digit account selection in SSH Over Browser sessions, allowing users to switch directly to double-digit accounts using the

“Sudo Su” command. 

System & General Configuration 

[SPSL-29] - Added support for Hardware Security Module (HSM) integration (Physical and Cloud) and Cloud Key in Sectona Security Platform to secure Sectona Vault encryption key. 

  • Supports Utimaco, Thales, AWS Cloud HSM, and Azure Cloud HSM etc. 

[SPSL-1249] - Implemented maintenance mode to allow active sessions to continue until client disconnection, while blocking new or reconnected sessions during maintenance. Sessions attempting to reconnect receive an access denied message. Idle timeout and maximum session duration handling have been refined for active sessions.  

[SPSL-5314] - Updated MySQL Server engine to v8.4.8 version (released in Jan 2026). 

[SPSL-5316] - Upgraded JavaScript dependencies to available latest library version. 

[SPSL-5473] - Added system trail logging for Incoming (POP3) changes. 

[SPSL-5526] - Added restriction to prevent modification of inactive Users, Assets, and Accounts. 

  • Inactive Users, Assets, and Accounts can’t be modified without being active in system. 

[SPSL-5537] - Added Start/Stop controls for services on non-primary application, fallback, remote site, and application proxy nodes. 

  • Enabled management of services such as WebAppHighAvailability, SystemCache, SystemLogManagement, SessionManagement, and SystemHighAvailability. 

  • Improved operational control and flexibility across distributed deployments. 

[SPSL-42], [SPSL-5582] - Added support for Spanish and Turkish languages. 

User Interface 

[SPSL-1993] - Enhanced navigation with a Search capability that allows users to search across key PAM objects and configuration areas, with direct redirection to the corresponding page from the search results. 

[SPSL-5334] - Added support to export Access Type configuration including Plugin Process. 

  • Added support for uploading XML files to import Access Type configurations from exported files. 

[SPSL-5510] - Enhanced the User Profile interface with improved visibility through profile images/initials and layout featuring dedicated sections for user details, login information, system node details, and password management. Added system node information such as hostname, IP address, port, role, and priority, along with quick access actions for Settings and Logout. 

User Authentication & Management 

[SPSL-2544] - Enabled delegation of read and/or write permissions. 

  • Applicable to users within the same instance. 

  • Supports delegation for a defined time duration. 

  • Restricted to administrative rights only (excluding workflow approval). 

[SPSL-2686] - Added MFA flag in User Logins (success, failed and active) history to identify if user login using MFA. 

  • Added MFA flag in Session View to identify if session initiated using MFA. 

  • Enhanced visibility of MFA usage across user activities. 

[SPSL-5015] - Added SAML authentication support for launcher-based client login and session unlock. 

  • Enabled redirection to be configured SAML IdP for secure authentication. 

  • Ensured session unlock only after successful SAML re-authentication. 

[SPSL-5330] - Added bulk unlock functionality for locked users in Windows Active Directory. 

  • Enabled administrators to unlock multiple users simultaneously, improving operational efficiency. 

[SPSL-5335] - Enhanced Thin Client ID validation for load-balanced deployments. 

  • Introduced distributed validation of Thin Client ID via any node. 

  • Improved consistent authentication across multiple application and application proxy nodes. 

[SPSL-5495] - Added support for custom attribute properties (custom attributes 1 and 2) in user group attributes.  

[SPSL-5578] - Introduced Linked Directory Store to integrate SAML authentication with Active Directory and Azure Entra ID. 

  • Enables automated user onboarding, dynamic group mapping, and user status validation via linked directories. 

  • Supports seamless interoperability between multiple directory stores while maintaining SAML-based authentication. 

Other Components 

[SPSL-5551] - Sectona Windows Monitoring Agent now supports Active Directory Forest environments across cross-domain sessions. 

[SPSL-5586] - Added Sectona Launcher for Mac and Linux in Download Utilities tab and added UMON in About->Component menu. 

Privileged Access Governance (PAG) 

[SPSL-2035] - Added support to export user access and entitlement reviews data to CSV. 

  • Added “All” filter option for improve review visibility. 

Fixed Issues 

API 

[SPSL-5436] - Upgraded Okta API to release version of Jan 2026 for Multi Factor Authentication integration. 

Account & Asset Management 

[SPSL-5477] - Fixed IP Address column to always display IP instead of hostname regardless of FQDN setting. 

[SPSL-5481] - Enhanced bulk import to support certificate, key-based, and secret-based authentication with passphrase handling, key replacement, and complete credential mapping. 

Event, Monitoring & Notification 

[SPSL-5470] - Added visibility of “Enforce Rotation After Every Session” and “Exclude Account” options in rotation policy notifications. 

[SPSL-5472] - Added support for “%WorkflowRequestIPAddress%” tag across all workflow notification templates. 

License Management 

[SPSL-5446] - Fixed incorrect validation message when licensed user limit is exceeded (In manual and bulk operations). 

  • Displays a clear and consistent message: Exceeded maximum number of licensed users”. 

Policies & Workflow 

[SPSL-5453] - Added audit trail support for “Enforce Host Name for Connection” in Maker-Checker workflows. 

[SPSL-5502] - Added Service Desk workflow requests to Analytics reports. 

[SPSL-5539] - Added support to view users linked to a specific Logon Policy from Platform Configuration. 

[SPSL-5547] - Added workflow approval enforcement for user unlock actions to maintain correct status handling in single and bulk operations. 

Password Management 

[SPSL-5442] - Restricted minimum password age policy to prevent early password changes. 

[SPSL-5585] - Improved job processing to execute all accounts once without skipping or duplicate execution. 

Report & Dashboard 

[SPSL-5580] - Fixed scheduled reports to continue triggering across year changes. 

Session & Task Management  

[SPSL-2494] - Improved cursor behaviour in RDP over browser sessions for correct display in applications like Notepad on Windows Server 2022. 

[SPSL-2738] - Fixed an issue where keyboard input did not function correctly during session collaboration. 

  • Resolved problems with key combinations such as Ctrl, Alt, and Shift + Arrow keys in RDP sessions. 

  • Improved overall keyboard inputs process for near zero latency. 

[SPSL-4429] - Added session collaboration support for SSH Over Browser with live activity visibility for invited users. 

[SPSL-5362] - Added support for AllowPorts, AllowSmartCard, AllowPrinters, and AllowAudio permissions in thick client applications. 

[SPSL-5394] - Fixed file sorting and multiple file operations in SFTP and SFTP-to-SFTP sessions with sorting and bulk action execution. 

[SPSL-5448] - Resolved issue preventing session routing via FQDN when using Jump Server with RDP Direct and Launcher. 

[SPSL-5535] - Fixed blank screen issue when opening VMware Web Client (vSphere) console in a new Window via SSO. 

[SPSL-5549] - Fixed an issue where commands allowed by Server Access Policy were incorrectly blocked when entered in multi-line format within terminal sessions. 

[SPSL-5678] - Fixed an issue where numpad keys were not functioning correctly in RDP Over Browser sessions. 

System & General Configuration 

[SPSL-5533] - Fixed process server role synchronization during failover and prevented incorrect video log movement and deletion. 

User Interface 

[SPSL-5423] - Added validation to require selection of at least one security setting in bulk update. 

[SPSL-5456] - Updated delete confirmation message to reflect correct account defaults context. 

User Authentication & Management 

[SPSL-5442] - Enforced minimum password age policy to prevent early password changes by Sectona Authentication users. 

[SPSL-5516] - Enabled Active Directory browsing without requiring prior AD asset configuration, allowing listing of domains, users, and groups. 

[SPSL-5536] - Fixed issue where Source OS details were sometimes not captured in User Login Success information for users authenticated through the SAML authentication. 

Other Components 

[SPSL-5219] - Improved asset identification in WMON to consider only active instances for accurate direct access logging.