This site requires JavaScript to be enabled

Notifications

External Customer KB > General > May 2020 Release Notes
May 2020 Release Notes
Article: KB0011479 Published: 05/08/2020 Last modified: 05/08/2020

Our May release provides numerous enhancements that improve the admin experience by simplifying processes, feature enhancements, and improved messaging. You'll find a simpler process to assume owner privileges in Sandbox, consolidated OneLogin Desktop activation pages, added compromised credential info in the Password Change Event, and expanded macro capacity that includes manager fields.

We added an API that returns average risk scores by category for EUBA enabled accounts and improved the end-user experience when they click an app, added 3 new SCIM connectors, and fixed customer reported bugs.

Without further ado, here's what happened in May at OneLogin!

  1. Security & Authentication
  2. Manageability & Reliability
  3. API
  4. Early Preview

Security & Authentication

Convert App ID URLs to App UUID URLs

We added a Convert button for older apps on the SSO tab. The button converts SP URLs from an integer to a UUID or GUID format. 

When a user opens an app, Salesforce for example, with an Integer ID in the Issuer URL field, the user sees Connecting to Application. Once you Convert, that same app displays Connecting to Salesforce.

Note: Apps added before June 2018 are eligible to Convert, or if the Issuer URL displays an Integer App ID.

company apps

Important Note: saving this app after you convert will cause downtime until the SP has been updated.

For more information, see Convert App ID URLs to App UUID URLs.

Macros

We added the following Attribute Macros:

 manager_name  User Manager's Full Name
 manager_firstname  User Manager's first name
 manager_lastname  User Manager's last name
 manager_email  User Manager's email address
 manager_username  User Manager's username
 manager_samaccountname  User Manager's sAMAccount name
 manager_userprincipalname  User Manager's Userprincipalname

Note: If the user doesn't have a manager, then these macros provision empty strings.

To learn more about Macros, see Attribute Macros.

OneLogin Protect

We added the OneLogin Protect version requirement for Biometric verification. When you add OneLogin Protect as a factor, the text now reads: Require biometric verification (requires 4.4).

To learn more about OneLogin Protect for iOS, see OneLogin Protect for iOS.

To learn more about OneLogin Protect for Android, see OneLogin Protect for Android.

Events/User Policies

If a user changes their password and its flagged by the compromised credential check, we now include Compromised credential check passed: true in the Password Change Event.

You must enable Compromised Credentials in User Policies for this to be included in Password Change Event.

company apps

To learn more about Events, see Events.

OneLogin Desktop

The OneLogin Desktop activation pages were merged. Administrators can now enable or disable OneLogin Desktop for both PCs and Macs from the same page. Copying the installer token is no longer necessary, so it has been removed from the merged administration page.

company apps

To learn more about OneLogin Desktop, see Introduction to OneLogin Desktop & Desktop Pro.

Applications

NetSuite now expects an account-specific URL to access their API. To accommodate this change, complete the steps below. 

  • In the NetSuite UI, go to Setup > Company > Company Information. Locate & copy your domain on the Company's URL tab under SUITETALK (SOAP AND REST WEB SERVICES).

    company apps

  • In OneLogin, go to Applications > Applications > NetSuite > Configuration tab and paste your domain in the WSDL Domain field and click Save.

    company apps

    To learn more about provisioning users to NetSuite, see Provision Users to NetSuite.

New SCIM Connectors

We added the following SCIM connectors:

  • Harness
  • Peakton
  • Codesignal

Search Apps > Add Apps to locate the new connector.

To learn more about Applications, see List of Supported Provisioning Apps.

Manageability & Reliability

Sandbox

We simplified the process to assume owner privileges for Enterprise Sandbox. Owners and super users are now presented with an Assume Sandbox Owner button on the Sandboxes page of their admin account. In addition, cloning a sandbox no longer automatically locks out every user.

To learn more about Enterprise Sandbox, see Enterprise Sandbox.

Account Settings

We upgraded the granularity of i-framing protections for OneLogin administrative pages. Now you can create a whitelist of websites that you trust to embed your OneLogin admin console and create a fallback plan for browsers that disallow i-frame protections. We will apply this granularity to end users in a future release.

To learn more about Account Settings, see Account Settings for Account Owners.

API

We made the following enhancements to our APIs.

  • OIDC now supports CORS for PKCE requests.
  • We added a new Risk Insights API endpoint that returns average risk scores by category in the last 30-90 days. You must have EUBA enabled to use this endpoint.  See Risk Insights API for reference documentation.

Early Preview

New User Profile

We are happy to announce an Early Preview for the redesigned user profile page. If you are interested in this, please sign up Here.

In addition to optimization and bug fixes, highlights include:

  • A URL structure that allows direct links to different portions of the profile. Previously, all portions of the profile were housed at /profile.
  • A countdown visible to users of how many days remain until a password change will be forced.
  • A new-user registration experience that shares a user experience with the new OneLogin Portal app.

company apps

To learn more about the New Profile, see New User Profile Guide.

 


Expand/Collapse Comments
: