Our May release provides numerous enhancements that improve the admin experience by simplifying processes, feature enhancements, and improved messaging. You'll find a simpler process to assume owner privileges in Sandbox, consolidated OneLogin Desktop activation pages, added compromised credential info in the Password Change Event, and expanded macro capacity that includes manager fields.
We added an API that returns average risk scores by category for EUBA enabled accounts and improved the end-user experience when they click an app, added 3 new SCIM connectors, and fixed customer reported bugs.
Without further ado, here's what happened in May at OneLogin!
- Security & Authentication
- Manageability & Reliability
- Early Preview
Security & Authentication
Convert App ID URLs to App UUID URLs
We added a Convert button for older apps on the SSO tab. The button converts SP URLs from an integer to a UUID or GUID format.
When a user opens an app, Salesforce for example, with an Integer ID in the Issuer URL field, the user sees Connecting to Application. Once you Convert, that same app displays Connecting to Salesforce.
Note: Apps added before June 2018 are eligible to Convert, or if the Issuer URL displays an Integer App ID.
Important Note: saving this app after you convert will cause downtime until the SP has been updated.
For more information, see Convert App ID URLs to App UUID URLs.
We added the following Attribute Macros:
| User Manager's Full Name
| User Manager's first name
| User Manager's last name
| User Manager's email address
| User Manager's username
| User Manager's sAMAccount name
| User Manager's Userprincipalname
Note: If the user doesn't have a manager, then these macros provision empty strings.
To learn more about Macros, see Attribute Macros.
We added the OneLogin Protect version requirement for Biometric verification. When you add OneLogin Protect as a factor, the text now reads: Require biometric verification (requires 4.4).
To learn more about OneLogin Protect for iOS, see OneLogin Protect for iOS.
To learn more about OneLogin Protect for Android, see OneLogin Protect for Android.
If a user changes their password and its flagged by the compromised credential check, we now include
Compromised credential check passed: true in the Password Change Event.
You must enable Compromised Credentials in User Policies for this to be included in Password Change Event.
To learn more about Events, see Events.
The OneLogin Desktop activation pages were merged. Administrators can now enable or disable OneLogin Desktop for both PCs and Macs from the same page. Copying the installer token is no longer necessary, so it has been removed from the merged administration page.
To learn more about OneLogin Desktop, see Introduction to OneLogin Desktop & Desktop Pro.
NetSuite now expects an account-specific URL to access their API. To accommodate this change, complete the steps below.
In the NetSuite UI, go to Setup > Company > Company Information. Locate & copy your domain on the Company's URL tab under SUITETALK (SOAP AND REST WEB SERVICES).
In OneLogin, go to Applications > Applications > NetSuite > Configuration tab and paste your domain in the WSDL Domain field and click Save.
To learn more about provisioning users to NetSuite, see Provision Users to NetSuite.
New SCIM Connectors
We added the following SCIM connectors:
Search Apps > Add Apps to locate the new connector.
To learn more about Applications, see List of Supported Provisioning Apps.
Manageability & Reliability
We simplified the process to assume owner privileges for Enterprise Sandbox. Owners and super users are now presented with an Assume Sandbox Owner button on the Sandboxes page of their admin account. In addition, cloning a sandbox no longer automatically locks out every user.
To learn more about Enterprise Sandbox, see Enterprise Sandbox.
We upgraded the granularity of i-framing protections for OneLogin administrative pages. Now you can create a whitelist of websites that you trust to embed your OneLogin admin console and create a fallback plan for browsers that disallow i-frame protections. We will apply this granularity to end users in a future release.
To learn more about Account Settings, see Account Settings for Account Owners.
We made the following enhancements to our APIs.
- OIDC now supports CORS for PKCE requests.
- We added a new Risk Insights API endpoint that returns average risk scores by category in the last 30-90 days. You must have EUBA enabled to use this endpoint. See Risk Insights API for reference documentation.
New User Profile
We are happy to announce an Early Preview for the redesigned user profile page. If you are interested in this, please sign up Here.
In addition to optimization and bug fixes, highlights include:
- A URL structure that allows direct links to different portions of the profile. Previously, all portions of the profile were housed at /profile.
- A countdown visible to users of how many days remain until a password change will be forced.
- A new-user registration experience that shares a user experience with the new OneLogin Portal app.
To learn more about the New Profile, see New User Profile Guide.