November 5th, 2024
Version 4.7.0 Cloud
- Security Codes: Support added for security codes as a backup MFA method across all authentication flows.
- Custom Provisioning: Authorization code grant now available in Custom Outbound Provisioning Apps.
- Strict ACS Validation: Strict ACS URL validation is implemented to make SAML authentication flow more secure.
- Provisioning Apps: Updated UI and improved documentation for provisioning apps.
- An issue where users are prompted to reset their passwords upon the first login, regardless of the admin's settings has been fixed.
- An issue regarding Google Workspace re-verification for provisioning has now been resolved.
September 12th, 2024
Version 4.6.0 Cloud
- Added ability to change subject of OIDC and JWT Subject Attributes.
- Added an Improvement to update users in miniOrange during SSO flows from external IDPs.
- Fixed a bug where SLO was not working when initiated from miniOrange user dashboard.
- Fixes for Blast RADIUS Vulnerability.
September 5th, 2024
Version 4.5.0 Cloud
- Password Reset Security: You can now customize settings to prevent users from reusing their last N passwords when resetting passwords, adding an extra layer of security.
- OAuth Support for Provisioning Apps: Custom Outbound Provisioning Apps will now support OAuth as an authorization method, providing more flexibility in integration options.
- Default MFA Method for Policies: Now you can configure the default MFA method in each application policy.
- Attribute Transformation Operations: Added support for operations like contains, split, lowercase, append, etc. in the JIT for IDPs.
- Group Membership APIs: APIs were added to add group membership to users.
- New UI for Configured Apps: We’ve redesigned the Configured Apps page with a fresh new interface to improve usability and navigation.
- Post-Logout URL Restrictions: We are enforcing restrictions on post-logout URLs that are not whitelisted for OAuth applications to increase security measures.
- Capability to Allow Manage License: Added a capability to allow superadmins to manage licenses.
- ID Token Validation: The introspection endpoint will soon support validating ID tokens, ensuring more robust security checks.
- Fixed an issue where SSO was not working for super-admin users when using customer admin's IDP.
- Fixed an issue where the super-admin could not update a customer's company name.
April 18th, 2024
Version 4.4.1 On-Premise
- Added pre-configured apps for provisioning: AWS Sync, Azure AD, Google Directory, Hubspot Sync, Thinkific Sync, and WordPress Sync.
- Introduced a new option to read "X-Forwarded-For and X-Real-IP" header when the server is hosted behind a proxy.
- We have added "SMSCountry" to our list of pre-integrated SMS gateways. This enhancement allows you to easily set SMSCountry as your custom SMS provider, streamlining the setup process and enabling you to use SMSCountry out of the box for your messaging needs.
- Added feature to define custom rules to assign roles and/or groups to users.
- Added Request IP Address in Push notifications during RADIUS flows.
- Bulk Operation Report and Notifications: A new report for bulk operation tasks has been added. Additionally, a toggle in product settings now allows users to enable or disable email notifications for these operations.
- Support for attribute transformation in the SSO flow has been added.
- Super admin will now have the capability to allocate and revoke licenses to customer admin.
- The frame-ancestors directive has been added to CSP headers, enhancing protection against clickjacking attacks.
- Upgraded Bootstrap from version 3.4.1 to 5.3.2
- Upgraded JQuery from version 3.6.0 to 3.7.1
- Improved the SMS Link MFA method with a new, user-friendly interface that allows users to easily accept or deny authentication requests.
- Improved TACACS Authentication & Authorization Reports.
- Added auditing for unsuccessful login attempts in all login flows.
- Improved user registration report for fast loading.
- Added URL validation for adding/editing OAuth/JWT applications.
- Security updates and improvements.
- Enhanced the UI and UX of Adaptive Authentication Policy configuration pages.
- Added Multi-Factor Authentication (MFA) and Risk Based Authentication (RBA) support during login to the miniOrange user dashboard via an external identity provider.
- Report Pagination: Pagination has been added to all reports in the report section for better navigation.
- MFA Method Audits: Detailed audits have been added for all MFA methods.
- Security Enhancements: Security fixes have been implemented for admin activities to improve overall system security.
- Added support for six date formats for user profile date fields.
- JIT mapping and attribute transformation can now be performed on the renamed Attribute Mapping page.
- Added an option to set abandoned cart attribute in BigCommerce during initial SSO.
- Fixed the issue in the Domain Mapping flow where it malfunctioned if multiple SAML Apps shared the same entity ID.
- Resolved the authentication failure in the OAuth Password Grant flow when the password contained special characters.
- Fixed error reporting on end-user registration page if the user account exists.
- Corrected the malfunction of push notifications within the TACACS flow.
- Custom Outbound Apps: Fixed issues related to editing custom outbound apps and creating them via superadmin.
- Push Notifications: Resolved an issue where push notifications would fail when the phone was offline.
- User Section: Corrected the display of the last logged-in date and time in the user section.
- OAuth Token Endpoint: Resolved the bad request error in the PKCE flow at the OAuth token endpoint.
- Authenticator Configuration Emails: Fixed an issue where Authenticator configuration emails were not sent to new users.
July 31st, 2024
Version 4.4.0 Cloud
- Support for attribute transformation in the SSO flow has been added.
- Super admin will now have the capability to allocate and revoke licenses to customer admin.
- The frame-ancestors directive has been added to CSP headers, enhancing protection against clickjacking attacks.
- Added support for six date formats for user profile date fields.
- JIT mapping and attribute transformation can now be performed on the renamed Attribute Mapping page.
- Added an option to set abandoned cart attribute in BigCommerce during initial SSO.
July 18th, 2024
Version 4.3.0 Cloud
- Bulk Operation Report and Notifications: A new report for bulk operation tasks has been added. Additionally, a toggle in product settings now allows users to enable or disable email notifications for these operations.
- Custom Capabilities: The "Capabilities" section now includes custom capabilities that can be sent to your configured applications as sign-in response attributes.
- Report Pagination: Pagination has been added to all reports in the report section for better navigation.
- MFA Method Audits: Detailed audits have been added for all MFA methods.
- Security Enhancements: Security fixes have been implemented for admin activities to improve overall system security.
- Custom Outbound Apps: Fixed issues related to editing custom outbound apps and creating them via superadmin.
- Push Notifications: Resolved an issue where push notifications would fail when the phone was offline.
- User Section: Corrected the display of the last logged-in date and time in the user section.
- OAuth Token Endpoint: Resolved the bad request error in the PKCE flow at the OAuth token endpoint.
- Authenticator Configuration Emails: Fixed an issue where Authenticator configuration emails were not sent to new users.
June 12th, 2024
Version 4.2.0 Cloud
- Added Multi-Factor Authentication (MFA) and Risk Based Authentication (RBA) support during login to the miniOrange user dashboard via an external identity provider.
- Added Request IP Address in Push notifications during RADIUS flows.
- Fixed the issue in the Domain Mapping flow where it malfunctioned if multiple SAML Apps shared the same entity ID.
- Resolved the authentication failure in the OAuth Password Grant flow when the password contained special characters.
- Fixed error reporting on end-user registration page if the user account exists.
- Corrected the malfunction of push notifications within the TACACS flow.
May 24th, 2024
Version 4.1.0
- Upgraded Bootstrap from version 3.4.1 to 5.3.2
- Upgraded JQuery from version 3.6.0 to 3.7.1
- Improved the SMS Link MFA method with a new, user-friendly interface that allows users to easily accept or deny authentication requests.
- Improved TACACS Authentication & Authorization Reports.
- Added auditing for unsuccessful login attempts in all login flows.
- Improved user registration report for fast loading.
- Added URL validation for adding/editing OAuth/JWT applications.
- Security updates and improvements.
- Enhanced the UI and UX of Adaptive Authentication Policy configuration pages.
- Added pre-configured apps for provisioning: AWS Sync, Azure AD, Google Directory, Hubspot Sync, Thinkific Sync, and WordPress Sync.
- Introduced a new option to read "X-Forwarded-For and X-Real-IP" header when the server is hosted behind a proxy. Only On-Premise
- We have added "SMSCountry" to our list of pre-integrated SMS gateways. This enhancement allows you to easily set SMSCountry as your custom SMS provider, streamlining the setup process and enabling you to use SMSCountry out of the box for your messaging needs.
- Added feature to define custom rules to assign roles and/or groups to users.
- Fixed issues where Super Admin was not able to create custom outbound apps.
Version 4.0.0
- Added support for TACACS Authentication and Authorization.
- Added support for Inline Hooks.
- Added support for Client Credentials grant flow in miniOrange as OAuth Source.
- A new Generic app has been added to configure API based Provisioning.
- miniOrange now supports AES-GCM encryption for SAML.
- Introduced detailed auditing for Push Notifications for better insights.
- Improvements in Vendor Specific Attribute Mapping for Radius Apps.
- Improved the error reporting when performing Test Connection on External OAuth IDP.
- Modifications to app policies are now more dynamic, allowing group changes with ease.
- Resolved an issue where older push notification was not getting invalidated upon initiating new push notification.
Version 3.8.3
- Introduced a new parameter for specifying preferred locale in Add & Update user APIs.
- Added a "Last Logged-In" column in the end-user list for better tracking.
- Removed required constraint for username & password fields in Custom Browser apps.
- Implemented support for group provisioning in BigCommerce integration.
- Fixed Arabic translations on the Sign-in and Registration pages.
- Fixed error forwarding from IDP to the application in OAuth broker flow.
- Fixed an issue with the Discovery Endpoint within the OAuth flow.
Version 3.8.2
- FIDO2/ WebAuthn devices support is added for the second-factor authentication for a more secure and convenient way to log in to applications.
- Added Fallback authentication between external directories. This will allow you to switch to another directory in case the primary one is unavailable or inaccessible.
- You can now enable and disable multiple users at once with a single click. This will save you time and effort when you need to update the status of your users.
- Password expiry date attribute is now available in the GetUserAPI response. This will help you manage your users’ passwords more effectively.
- Fixed the issue where an existing user is also redirected to the miniOrange registration page in broker flow.
- Fixed the issue where administrators were not able to use Sign out from all devices option.
- Fixed the issues around JWT SSO flow with inline user registration option enabled.
- Fixed the issue where users disabled in miniOrange were able to log in when using an external authentication source.
- The issue with SAML response not being posted to HTTP endpoints is fixed.
- Fixed the issue where user bulk upload through CSV was not working when “Enforce 2FA setup for end users” was enabled.
Version 3.8.1
- Added support for Provisioning from miniOrange to AWS Cognito.
- Added new filters in the end user list page to filter users based on their last login time.
- Added support for Relay State in BigCommerce app SSO.
- Added more details to the Push notification request such as Location and IP of the origin of the request.
- Fixed a blank screen issue during Progressive Profiling.
Version 3.8.0
- Introducing MAC Address-Based Restriction in Device Management, complemented by dedicated Windows and Linux Agents.
- Dashboard to view audit logs is now available.
- Administrators can now update the on-premise IDP license from the dashboard. Server restart or license file replacement is no longer needed.
- Added the ability to map attributes for each external SAML IDP for just-in-time user creation.
- Addition of the BrightSpace API Provisioning application in miniOrange. This application facilitates outbound provisioning(create and update operation) of users from miniOrange to BrightSpace.
- Addition of the Upbeat API Provisioning application in miniOrange. This application facilitates outbound provisioning of users from miniOrange to Upbeat.
- Addition of the Genius API Provisioning application in miniOrange. This application facilitates outbound provisioning and deprovisioning of users from miniOrange to Genius.
- Added support for Passwordless login to JWT apps SSO.
- Implemented auditing for Active Directory provisioning flows.
Version 3.7.1
- Added support for Self Service Password Reset in RADIUS connections.
- Fixed the profile mapping while provisioning user to Active Directory.
- Fixed the bug where combination of “dots” and “+” was not supported in end user signup via registration page.
- Fixed the bug where users were not getting deprovisioned from apps when deleted in miniOrange using csv bulk upload.
Version 3.7.0
- A personalized setup wizard to help with the onboarding process and get started in minutes.
- A dashboard to view specific admin operation audits is now available. You can now track the following operations/activities for any user with an Admin role:
- All end user operations (Create, Update and Delete).
- All user group operations (Create, Update and Delete).
- All application operations (Create, Update and Delete).
- All application policy operations (Create, Update and Delete).
- Added a Progressive Profiling feature where administrators can design forms and collect information from consumers in step-by-step manner.
- Added support for JIT (just in time) user creation in External OAuth Provider Flow.
- Added support for Authorization code grant flow with the Proof Key of Code Exchange (PKCE) is added for External OAuth Provider Flow.
- Added support for Password Grant flow for External OAuth provider Flow.
- Added discovery page for JWT apps where users can selected one of the configured IDPs.
- Added an option in adaptive policies which administrators can use to restrict SSO on mobile devices.
- Administrators now have option to remove the Password and Confirm Password field from the inline registration form when the user logs in from the External IDP.
- Added an option which allows end users to configure TOTP authenticators for 2FA via email during user onboarding.
- Added an option to create customizable email templates and bulk send custom emails to users.
- Added support for Password Sync from miniOrange to the Oracle EBS database.
- Added support for Just-In-Time User Creation in miniOrange when authenticating against Oracle EBS.
- Added Support for sending Custom Attributes of User or Groups in RADIUS Response.
- If a locked user tries to login, they'll now see time remaining till their account gets unlocked in the error message.
- Fixed issue with few cookies not having secure=true parameter.
- Added Internationalization support to User Registration pages when authenticating against Database as a user store.
- Fixed the issue where "Change Password in First Login" option was not working for Identity Broker SSO flow.
- Fixed Single Logout redirection for the Oracle EBS application, when used in combination with other application types.
- Added an API for administrators to change password for a user.
Version 3.6.4
- Introducing integration with ChargeBee, allowing the creation of portal sessions through Single Sign-On (SSO).
- Resolved an issue that was causing a user's MFA method to reset to the default configured MFA method when updating the user's email address.
- Fixed the functionality while exporting users, ensuring custom roles information is included in the export.
Version 3.6.3
- Added an option to set a static password for users during auto registrations.
- Matched the User Export CSV file format to the one required for Bulk Import via CSV.
- Added support for mobile application deep links as callback URL.
- Fixed an issue where 2FA was not working when 2FA method is "OTP Over Email and SMS" and the phone number is invalid.
- Fixed an issue where user logins did not work when developer console was open in Chrome.
Version 3.6.2
- Added Impersonated feature: Admins can take limited control of other user accounts as if you're signed in as that user. This allows you to look into their account settings in order to diagnose improper configurations and troubleshoot issues.
- Mailchimp API Provisioning: Added support to sync users from Miniorange to Mailchimp.
- Improvements for loading and searching of the Application List Page in the Admin Panel.
- Fixed a bug where users were previously prompted to set up their MFA and password separately on next login, even when both options were enabled. Now, both processes have been combined into a unified flow, ensuring a smoother user experience.
- Incorrect home page redirect for Additional Super Admins:
After login, Additional super admins are being redirected to a page which is not available for Superadmin Dashboard but for Customer Admin Dashboard. Hence, showing an empty page.
Version 3.6.1
- Implemented a new functionality that allows the sending of OTPs to alternate email addresses for all users.
- Added a feature to display OAuth apps in the user dashboard.
- Resolved an issue where the JWT app failed to retrieve the configured SLO URL.
Version 3.6.0
- Added support for Web3 as an authentication source.
- Integrated support for MSCHAPv2 in RADIUS/VPN using NPS/On-premise AD.
- Introduced Group Mapping, Domain Mapping, and User Registration for JWT as an authentication source.
- Included a Quick-Navigation sidebar to easily find relevant setup guides and videos.
- New Categorized interface for Product settings page.
- Added an option in RADIUS/VPN to restrict users based on their Time of access.
- Added support for creating multiple instances of Pre-Integrated OAuth Providers.
- Implemented email alerts for failed login attempts when the allowed IP is not used.
- Introduced the ability for admins to disable users for Windows MFA.
- Added an option to test connection for JWT as an external IDP, allowing the retrieval and verification of attributes received in the response.
- Fixed provisioning of users and groups when using AD LDS.
- Resolved a bug causing conflicts when creating a custom browser app with the same name as a pre-configured app.
- Fixed an issue where editing a browser extension app would overwrite the logo path.
- Enhanced support for bulk user provisioning, allowing importing users through CSV or from other provisioning enabled applications.
- Fixed an issue that caused failures when denying Out-of-band MFA methods (SMS and Email with links, Push Notifications).
Version 3.5.10
- An option is added to configure token expiry for JWT apps.
- Introduced a new feature to migrate password of users on first login using API as External Directory.
- Added capability that allows users to choose if they want to enable MFA.
- Fixed an issue where change password on first login was not working during bulk csv upload.
Version 3.5.9
- Added more options in password policy like having username, first name, last name in user password. Additionally, you can now disallow usage of common passwords.
- Added password expiry in password policy.
- Added support for sending external IDP Attributes in IDP Initiated flow when using Active Directory.
- Added a custom logout page that can be used to redirect users after logout. You can also add your custom branding to this page.
- Added an option for JWT and OIDC applications to control if “Single Logout” should be enabled.
- Added support for “Login with Domain” in browser extension app.
- Added pagination when importing users from BigCommerce to miniOrange.
Version 3.5.8
- Added parameter “isEnforce2faOnNextLogin” in APIs to get and update whether 2FA should be forced on the next login.
- Resolved the Office 365 Single Sign-On user not found issue for newly On-Boarded users when Create Users was enabled alongside the import operation.
Version 3.5.7
- Added support for OpenID (id_token) in OAuth Identity Provider.
- Added a new API to get the total user counts under the admin.
- Website Toolbox now supports SSO using OAuth authentication, enabling secure and streamlined login for users.
- Resolved an issue that previously hindered the activation of a disabled account in Active Directory after resetting the password via miniOrange IdP in the Active Directory. This bug has been fixed and users can now enable their account without any further obstacles.
- An issue preventing users of customer admin from SSO into a browser extension app created by super admin has been resolved.
Version 3.5.6
- Added support to add 2FA type during CSV upload.
- IE 11 based In-App browser based applications were causing issues during SSO due to unsupported HTML elements.
- Locked users for super admin were not showing in list.
Version 3.5.5
- Added Support for Multi Storefront SSO in BigCommerce.
- Added the ability to auto create users when using Apple as External IDP.
- Fixed an issue where alternate Email was not getting update on create user in bulk API.
- New user accounts were not being activated after a password reset, has been resolved.
- Bug fixed where an admin user couldn't enable MFA after enabling it for another admin.
- Fixed issue in external IDP integration where "phone is offline" functionality was not working.
- Fixed a bug where multiple search bases were not being used at the time of login.
Version 3.5.4
- Added logout support for WS-Fed apps.
- Fixed the issue where new user was not getting enabled after password reset.
- Fixed "Forgot Phone" option not showing in Broker Flow.
Version 3.5.3
- Improved Radius Reports.
- Added error reporting on change and reset password for user when using external directory. Users will see an error if their password is not changed in the default external directory.
Version 3.5.2
- Fixed an issue of user 2FA getting reset after re-importing users from GoogleApps.
- Fixed an issue of disable 2FA option not visible when creating policy for RADIUS app and switching to password less login method.
- Fixed an issue of AD Password change via self-service to support multiple search bases.
- Fixed an issue where enforce 2FA on first login was getting reset after user import.
- Fixed an issue where new user signup during SSO was not working when using multiple Identity Providers.
Version 3.5.1
- Added an option to enforce users to reset their password using alternate email.
- Added option to reset user MFA and enforce MFA on next login.
- Added option for Super Admin to allow users to add custom app.
- Fixed the error occurred while sending SMS to download authenticator app during user onboarding.
- Fixed redirection to WS-Fed app after authentication.
- Fixed last modified date time setting to empty after bulk updating users.
Version 3.5.0
- Added Password sync support in BigCommerce Provisioning.
- Allowing users to change their username by default if not capabilities are set by their admin.
- Source IDP for every EndUser.
- Ability to choose MFA during VPN Login.
- Provision support for custom attribute from any client to miniOrange SCIM server.
- New UI for end user dashboard, profile, setup 2FA pages.
- Resolved the issue of printing the Query String tab multiple times while saving the Database as IDP.
- Fixed bulk upload delete where user was not getting deleted sometimes due to timeout.
Version 3.4.15
- Added Test Configuration/Connection option for External OAuth Providers.
- Improvements in Roles and Capabilities with a brand new intuitive interface and more granular capabilities for various sections in the dashboard.
- Bulk Upload and Bulk Operation improvements through the product.
- Added an option to select a specific user store for RADIUS/VPN apps.
- UI improvements for VPN/Radius app setup page with easy-to-access setup guides and tabular layout.
- Added an option to Resend OTP in Broker-MFA flow when the 2FA method is SMS or EMAIL.
- Added support for user Provisioning with BambooHR.
- Added Support for Hardware token as an MFA method for VPNs and network devices which do not support challenge.
- Added domain mapping feature for JWT Apps.
- Added an option to Reset Password using the active 2FA method.
- Added an option to send an email notification to users on Password Reset via Forgot Password Link.
- Added an API to configure hardware token as a 2FA method.
- Added support for configuring SAML and OAuth external providers via remote Rest APIs.
- Support SSO into Super Admin Applications using Customer Admin’s Identity Sources.
- Fixes for miniOrange SMS/Email Gateway.
- Fixes for the Signup page related to branding.
- Fixes for Manage Cards Page in the Super-Admin Dashboard.
- Fixed minor issues related to End User Delete API.
Version 3.4.2
- Added support for JWT protocol under External Identity Sources.
- Initial Release of Admin Operation Auditing. The following operations are audited as of now:
- Enduser create, update and delete using the admin dashboard and admin APIs.
- Product settings update.
- Added support for multiple signing certificates for SAML external Identity Providers.
- Simplified App setup for popular SAML apps.
- Usability improvements around custom User Profile Attribute Mapping.
- Improvements around Time – Based restriction for Adaptive Authentication Policy.
- Security improvements around XML parsing for SAML and WS FED based SSO.
- Improved WS-Fed protocol to seamlessly support Dynamics 365 and Exchange Server.
- Improvements around AD/LDAP provisioning. Now AD account state is synced (enabled/disabled) in miniOrange.
- Added support for multiple Office 365 apps.
- Fixed SAML POST Logout Response signature issues.
- Usability improvements for Windows MFA. All configurations can now be done via cloud.
Version 3.4.0
- Added support for miniOrange as SCIM Server.
- A new option to filter the user’s list by enabled users.
- Added an API to delete groups.
Version 3.3.81
- New Modern Responsive Menus & Headers for easier navigation.
- Improved the UI of the overall Product.
- Added support for miniOrange as SCIM Server.
- A new option to filter the user’s list by enabled users.
- Added an API to delete groups.
- Reporting improvements in Auditing Broker Flows for OAuth app type.
Version 3.3.71
- Improved Auditing in MFA flows.
- Some bug fixes related to Customer Options.
Version 3.3.39
- Added support for Oracle DB as a user store.
- Test connection and Test bind account feature for AD as a User store.
- Added attribute mapping feature in OpenID/OAuth apps.
- App section UI/UX Redesign.
- Lockout features on incorrect password login attempts for the VPN use case.
- Added support for user sync with LDAP/AD (Active Directory).
- Group Provisioning/Deprovisioning support added for LDAP/AD (Active Directory).
- User Group Membership support i.e import LDAP Groups and Assign users to LDAP Groups.
- Added Desktop Apps support. e.g. Windows, Linux, Windows RDP, RD Gateway, RD web access, etc.
- Added list of pre-integrated applications for Mobile Authentication Apps / OAuth App / OIDC App section. e.g. AngularJS, ReactJS, Cordova, Firebase, Odoo, etc.
- In AD provisioning, Base DN instruction improvements.
- WordPress and Moodle as pre-integrated Apps in API as a User store.
- Fixed IDP Initiated flow for Office 365.
- Improved Implicit grant flow for external OAuth Provider.
- Fixed Google authenticator audit issues.
- Updated documentation links for Windows Apps and JWT/Mobile Authentication Apps.
Version 3.3.38
- Added the ability to disable the custom user profile attribute feature for end-users.
- Added the feature to send group attributes in radius applications.
- Improved the IDP Session Timeout feature. Added a configurable option under product settings for admins.
- Added support for Importing LDAP / AD Groups and Memberships.
- Added the ability to configure multiple External OAuth providers.
- Added Location Restriction feature.
- Added new User Capabilities:
- Allow/Disallow end users to Change their Email Addresses.
- Allow/Disallow end users to have access to edit profile and Change Password sections.
- Added support for IMIS Applications as Identity Provider.
- Added support for Microsoft authenticator as an MFA Method.
- Added configurable option to ‘Force 2FA on each login attempt’ during SSO or login.
- Usability improvements for LDAP Gateway.
- Better error messages during LDAP Test Connection.
- Fixes around failed password attempts. Now the attempts remaining persist across sessions and browsers.
- Fixes around SAML SSO when branding is not set.
- UI improvements for custom attributes page.
- SMTP Improvements:
- Added an option to choose encryption type.
- Better error messages during testing.
- Fixes in API/external JWT apps for policy name.
- Usability improvements for DB TestConnection.
- Fixed password reset link for the branded account during SSO with external IDP/database.
- Enable/disable miniOrange Admin Login from specified LDAP User Stores.
- Fixes for end user login from self-service console with LDAP gateway.(Cloud only)
- Improvements around http post calls.
- XXE Injection fixes during SAML SSO.
- Authenticated Reflected XSS Via URL Parameter – RelayState.
- Improvements for override relay state functionality. Now RelayState will only be. overridden when this option is enabled which wasn’t the case earlier.
- Support for TLS 1.2 during SMTP connection.
Version 3.3.35
- Ability to prevent concurrent logins for users.
- Added support for Basic Authorization while configuration SMS Gateways.
- Added support for 2FA for JWT and OAuth applications.
- Edit Email for Customers and End-Users.
- Support for Vendor Specific Attributes for VPN Servers.
- AutoProvision users to BigCommerce during SSO.
- Ability to Download the License files from Admin Portal. Only Cloud
- Usability improvements for configure 2FA Methods.
- Improved the default search filters available during LDAP Configuration.
- Login with a username for 2FA/Adaptive Authentication flow using External IDP.
- Fixes for Test Attribute Mapping when Gateway is used.
- Fixes for IdP policy check during broker flow.
- Fixes for radius authentication with miniOrange users when Multiple LDAP with domain mapping is set.
- In AD Set the default country code for users not having one while importing.
- UI Fixes for Custom SAML APP.
- Better error handling for insufficient SMS transactions while adding new users.
- Bug fixes and improvements when users are updating their phone numbers.
- Fixes in Radius Authentication flow with Azure AD as User Store.
- Better error handling while setting User Capabilities.
- Fix for Custom CSS and JS being overridden when branding is updated.
- UI Fixes for SMS Gateway Configuration Page.
- Updated guides and resources to use the Database as a User Store.
- Improvements around Branding Configuration. Only On-Premise
- Better error message while adding Invalid or Canceled Cards. Only Cloud
- Option to delete the default saved card. Only Cloud
Version 3.3.8
- Added support for reCAPTCHA V2 in On-Premise Identity Provider.
- Improved error messages for Adaptive Authentication: The system would now show better error messages during certain error conditions.
- Added a feature to allow admins to set their own custom messages for Adaptive Authentication flow.
- Allowing admins to select their configured MFA method during login for authentication.
- Added option for admins to modify the “Go back to login page“ link after users have successfully changed their passwords.
- Added support for address attribute during BigCommerce Provisioning.
- Added User Provisioning Audit reports for all administrators.
- Updated the Radius apps section to show app / VPN specific documentation links.
- Added support for multiple search bases in the LDAP External Directories.
- Added pagination support for LDAP External Directories.
- Simplified LDAP External Directories’ configuration by providing preset LDAP Filter.
- For new applications in IdP-initiated SSO flow, IdP applications won’t default to “/” as the default relay state.
- Improved the UI and UX for SCIM attribute mapping.
- Added the option to allow end-users to delete applications added by them.
- Improved report names for better visibility and clarity.
- Added PDF export option for Radius IdP reports.
- New Modern Responsive Menus & Headers for easier navigation.
- Improved the UI of the overall Product.
- Fixed Idp-initiated redirection issues while using Microsoft Linked Applications.
- Fixed issues that occurred while testing Email Templates.
- Fixed attribute mapping for JWT Applications.
- Resolved an issue for users who didn’t have phone number configured and had the MFA method set to ‘SMS and EMAIL’.
- Fixed problems with Google Graphs not appearing in IDP reports.
- Support for dynamic tenant URLs for Microsoft 365 Admin Verification.
- Fixed issues with state parameter mismatch while using LinkedIn as OAuth Provider.
- Reporting improvements in Auditing Broker Flows for OAuth app type.
Version 3.3.7
- Added SCIM 2.0 protocol support which can be used for seamless cloud applications provisioning.
- Windows/Linux Installer for On-premise IDP.
- Tested compatibility support for the latest version of PostgresSQL 14.2.
- Search JWT and OAuth integrated applications in the app list by client ID.
- Added an API endpoint to enable an end-user.
- SLO support is added for JWT Applications.
- Added support for multiple redirect URLs in JWT applications.
- GUID support for OAuth, JWT applications, and User APIs.
- Added API endpoint for adding new user groups and deleting user groups.
- Added support for nonce & PKCE request parameters in OAuth domain-mapping flow.
- Kerberos/SPNEGO support added for Integrated Windows Authentication.
- Added Domain Mapping Option in add OAUTH IDP.
- Oracle E-Business Suite SSO native support added.
- Support for multiple and country-specific HTTP SMS Gateways is added.
- Support for Multiple Magento User Stores as Authentication Source is added.
- Added a feature for Administrators to view all active sessions of all end-users and an option to invalidate those sessions.
- Added domain mapping to the authorized endpoint for OAuth2/OpenID Connect apps for choosing Identity Providers based on their configured domains.
- Mandatory option added for users to validate their phone number or email address while configuring 2FA in the Inline User Registration flow.
- SMS Body for SMS with Link can be customized now.
- Added Username, Location, and IP address in Push Notifications.
- Added NameID format option in the SAML Identity Source.
- Introduced Selectable MFA Methods which are SMS & Phone Callback, Authenticator Apps, Email, Hardware Token, and Security Questions for various login flows.
- RADIUS group attribute is now configurable based on each RADIUS app.
- Added a new authorized endpoint for OAuth2/OpenID Connect applications for dynamic Identity Provider discovery.
- Added support for 2FA (OTP over SMS, EMAIL, SMS, and EMAIL) methods for VPNs where ACCESS_CHALLENGE is not supported.
- IP Restriction can be enabled for VPNs.
- Improved UI and UX for 2FA configuration.
- Added back – Enable End Users to add applications.
- Show Enforce 2FA For Additional Admins to only the main Customer Admin.
- Filter URLs in SMS template.
- The Desktop application name can be changed now.
- Users get an error message in Radius Response if their password in Active Directory is expired.
- The Force Authentication feature of the SAML app now works for Third-Party Identity Providers.
- Made the Custom Application name field editable.
- Minor bug fixes for BigCommerce provisioning attribute mapping.
- Fixed claim issue with Apple Login.
- Fixed the security methods reconfiguration.
- XSS Vulnerability has been fixed by updating Struts to version 2.5.26.
- Fixed designing groups for users.
- NameID fixes in SAML Broker flow.
- Fix for RBA APIs.
- UI/UX Fixes in the IDP customer portal, 2fa configuration pages, etc.
- Send Correct Issuer in the SAML Logout Request to SAML IDP and SAML App.
- Self-service console not showing up in the app list to create a new policy.
- Fixes in SAML Logout Request (Broker Flow – JWT).
Version 3.3.6
- Added Radius authentication in Reports + Rate Limiting.
- Added Authy Authenticator Integration.
- Added support for C200 (TOTP) Tokens.
- Added option to enable linked apps.
- Added all linked apps for Microsoft 365.
- Added 'Sync Users in miniOrange' option for Database User Store during login.
- Prompt users to set up their 2FA on first login in all flows.
- Option to choose the 2FA Method from configured 2FA Methods.
- Enforce 2FA on Additional Admins from main Customer Admin.
- Added IdP Initiated SSO/SLO for JWT apps.
- Enhanced Single Logout Support.
- Assign multiple Policy Based Access for Single Browser Extension Apps.
- Group based restriction for password less apps.
- Office365 Provisioning using Graph APIs.
- Enforce 2FA on Additional Admins from main Customer Admin.
- Microsoft Authenticator as the 2FA Method in Adaptive Authentication.
- Improvements around update user group membership API.
- Improvement around custom out-of-band email templates.
- Improvements around IP restriction when using FireFox Browser.
- Mobile Device UI Improvements.
- Added feature to allow Admins to activate the users manually.
- Added support for SHA256 hashing in DB as auth source.
- Added SmarterMail as a Form Post application.
- Added support for encrypted assertion when miniOrange is the Service provider.
- Better error handling for JWT Applications.
- Better support for BigCommerce.
- Support for Accounting for VPNs, Switches, Firewalls and other platforms that support Radius Accounting.
- Adding provision for CustomJS and CustomCSS on the EndUser Dashboard.
- Improved page load times for the EndUser Dashboard.
- Improved support for Radius Group and custom attributes.
- Security improvements around LDAP gateway and miniOrange servers.
- Support for giving users the choice to choose their group/role on the SignUp Page.
- Added an option to allow Admins to hide specific apps for all users.
- Improvements around search, to find users against multiple LDAP Directories.
- Support for Twilio as a Custom SMS Provider.
- Fixed the Log4Shell Vulnerability recently found in Log4j Library.
- Added the option to authenticate from a particular storeID (Magento2).
- Prevent Concurrent login when using external IDPs/UserStores.
- Added an option to be able to search for applications and groups while adding / editing policies.
- User API improvements.
- Added option to set your own Out of Band SMS Templates.
- Browser Extension improvements.
- Bigcommerce Provisioning and Deprovisioning.
- Hook in user provisioning in user signup flow.
- Gracefully handle password sync failure in multiple apps.
- Added support for nonce & PKCE request parameters in OAuth domain-mapping flow.
- All endpoints reset on branding reset/change.
- Support for Multiple HTTP SMS Gateways is added. Country-Specific SMS gateway can now be added in miniOrange IDP.
- Added a feature in Customer Admin to add policies for the Superadmin applications.
- GUID support for Oauth, JWT apps attributes and User APIs.
- Added an API endpoint to enable/activate a user.
- Interface to choose redirect URL of JWT apps on enduser dashboard.
- Search apps in app list by client ID for JWT and OAuth apps.
- Added support for miniOrange as SCIM Client.
- Added support for multiple redirect URLs in JWT Apps.
- Force Authentication feature for SAML Apps in Broker Flow.
- New API Endpoint for adding new user groups.
- New API Endpoint for deleting user groups.
- XSS Vulnerability Fixes.
- Improvements in MFA Policy checks for Windows Desktop MFA.
- Added Custom Administrator feature, which can be granted limited capabilities.
- Improved the UI and introduced Selectable MFA Methods for various login flows.
- Users get an expired message in Radius Response if their password in Active Directory is expired.
- Support Single Logout for Multiple JWT Applications.
- Improved UI and user experience for 2fa configuration.
- Added Domain Mapping Option for OAUTH IDPs.
- Added some new default SAML applications (vManage, SproutLoud, Splashtop, DeepFreeze).
- Added a feature to send a signed logout response during Single Logout when binding is HTTP-POST.
- Added Support For 2FA (OTP over SMS, EMAIL, SMS and EMAIL) methods for VPNs that don’t support RADIUS Challenge.
- Improved UI of OAuth Apps.
- Added a feature in Customer Admin to add policies for a Superadmin applications.
- Mandatory option added for users to validate their phone number or Email while configuring 2FA in the Inline Registration flow.
- Added a feature in Customer Admin to view all active sessions of end-users and an option to invalidate those sessions.
- Added NameID format option in the SAML Identity Source section.
- Support for Multiple Magento User Stores (Authentication Sources).
- Added support for nonce & PKCE request parameters in OAuth domain-mapping flow.
- Remove dependency of SAML application name from the IdP initiated SSO URL.
- Added option to configure HTTP binding for SLO.
- JWT/Bigcommerce/Thinkific apps attribute mapping with static value support.
- Remove miniorange as a user store option. miniOrange is added as the default user store from now.
- Improvements in API as authentication Source.
- Improve Single Sign-On Audit & Add Logout Audit.
- LDAP fallback authentication ROLE based check for PASSWORD SYNC.
- German language support for end-user dashboard.
- Allow users to Edit the name of Already Configured Application.
- IDP Session Timeout functionality now works for Broker flow as well in addition to miniOrange IDP (password authentication) flow.
- Send Signature and SigAlg query parameters while sending SAML authentication and logout request using HTTP-Redirect binding.
- PKCE support in OAuth implicit grant.
- Added Domain Mapping option to Cognito user store and Oauth IdP.
- Allow sending static attributes from Oauth IdP.
- Update local miniOrange Password after a successful authentication against AD credentials if fallback auth is enabled.
- Export User groups(CSV) under customer admin.
- On-boarding status UI improvement and UI fixes for product settings page.
- Device Restriction: Updated Fingerprint Based Device Identification.
- Added miniOrange SMS Gateway(Cloud) in on-premise build as the default gateway.
- Fixed failed authentication in case of SAML Domain Mapping flow is abandoned.
- Fixes for BigCommerce On the fly user creation.
- Audience URI not updated while Importing SAML metadata.
- Create API does not assign users to the groups if all the incoming groups are not present in the miniOrange database.
- Random Password is being assigned to users in AD when importing users and password sync is enabled.
- Fix to Create an Enabled(Usable with UserLogonName) User in the AD if Password Sync is ON.
- Challenge Options should only be visible when we select Challenge as the action in the Adaptive Authentication page.
- Minor UI fixes while adding 2FA/ Adaptive in Policy section.
- Corrected expiry time being calculated during max integer range.
- Fixes in OIDC flow when Adaptive Authentication is enabled.
- LDAP import fixes during case mismatch.
- LDAP connection fixes when the search base had characters like '*' & '/' in it.
- SMS 2FA was fixed when users who had spaces in their phone numbers were imported from AD.
- Fix for duplicate emails of users fetched from LDAP server.
- Azure AD Single Logout Fix.
- DB Provisioning Fixes.
- Logs don't show up on some windows environments while adding IdP.
- Fixes for multiple sub-domains and vanity URL support.
- Fixes around JWT Single Logout Flow.
- Fixed an error with reset option for branding configuration.
- If radius app config not found in registry fallback to db.
- Edit Custom application name.
- Missing graph library and loading issues in a few Reports sections for the SuperAdmin.
- Improved Error messages while deleting additional admin.
- 404 redirect issue with SMS Configuration for SuperAdmins.
- Empty error message when superadmin performs quickest.
- Add missing default links in navigation menu items.
- Minor bugfixes for BigCommerce provisioning attribute mapping. Added BigCommerce Provisioning setup guide on the setup page.
- Minor fixes in SCIM.
- Edit Custom application name.
- JWT / HTTP Apps were listed on the End-User dashboard despite policy restrictions.
- Fixed the KBA Methods reconfiguration.
- Fixed the Incorrect incoming username and email when Apple is the OAuth provider.
- Fixed missing graph library and loading issues in a few Reports sections for SuperAdmin.
- Fixed message when deleting additional admin.
- Fixed Superadmin menu giving 404 errors when we visited SMS Provider option.
- Fixed error message box when superadmin performs quickest.
Others:
- Removal of ConnectWise from the miniOrange IdP.
- Added the following apps as default apps in miniOrange along with documentation:
- Spotfire - SAML and OAuth
- Splunk - SAML
- Slack - SAML (just added logo)
- QlikSense - SAML
- QlikView - SAML
- Polarion - SAML
- Creatio - SAML
- HubSpot - SAML
- RemotePC - SAML
- Ultimate Software - SAML
- Marketo - SAML
- Add github browser extension app.
- Add Apps to Google Workspace Linked apps.
Version 3.3.5
- For Microsoft Apps, added option to download federate-domain script.
- Added Single Logout Feature for SAML, OAuth, and JWT applications against all types of Identity Providers and Users Stores.
- During SSO all attributes can be sent to the JWT app in case of miniOrange acts as a user store.
- Added support for Adaptive Authentication, option to configure default IdP for a JWT application.
- Included Support for Sign-in with Apple ID.
- Added option to Show/Hide Forgot Password Link to Users.
- KCE in implicit grant for OAuth applications.
- Support for Microsoft Authenticator in Adaptive Authentication Flows.
- Added Forgot Password Page to the list of customizable pages. Users can now customize this page to their liking.
- Added Radius Authentication Reports + Rate Limiting.
- Improvements in App Icon Upload Feature.
- New Customer Admins can now inherit features and settings from SuperAdmin.
- Authy Authenticator has been integrated as a 2FA method.
- Attribute mapping for JWT Apps.
- TitleTool Application Integration.
- Added on the fly user creation for the database as an authentication source.
- Google and Microsoft apps can now be used selectively.
- Updates in User APIs.
- German Language support for end-user.
- Improve Single Sign-On and Logout Audits.
- Option to choose 2fa methods from configured methods.
- User is now prompted to set up their second factor during the first login itself.
- Improvements in API as authentication source flow.
- Enforce 2FA on Additional Admins from the main Customer Admin.
- Invoking inline registration flow from user onboarding email.
- C200 TOTP token integration.
- Added Post Binding for SAML SLO.
- Improvements around Policy Based Access for Browser Extension Apps.
- Added GitHub SWA app.
- Added support for IDP-initiated SSO for JWT Apps.
- Improvements around Adaptive Authentication (Fingerprint Based Device Identification).
- Improvements around Radius Authentication Audits and Reports.
- Usability improvements around IDP Inline Registration.
- EndUser Dashboard improvements for Apps.
- UI/UX improvements for Group Views and On-boarding page.
- Added a separate app for the Passwordless type app.
- RADIUS Flow Performance Improvements.
- Fixes for session issues when miniOrange is the User Store and multiple apps are involved.
- Fixes in the desktop app section and edit the app.
- Fixes for HTTP Calls not encoding data/body in the UTF-8 charset.
- Twitter Fix – Social login plugin & External IDP.
- Fixes for a few UI issues for the Admin and end-users for 2FA configurations.
- Fixes for Device Restriction, Deny Case.
- DB Provisioning Fixes.
- Fixes for app credentials CSV upload.
- Fixes for sending SMS while spaces are their phone numbers.
- Handled the case where the password is null in radius request.
- Fixed attribute mapping in DB as User Store and API as User Store Configuration for MySQL DB.
- Fixes for ClassCastException during on-premise initialization.
- Fixes for unexpected customer email updation whenever an end user updates the email.
- Fixed a bug around database connectivity issues with MSSQL servers as an authentication source.
- Fixes for the tooltip on the LDAP Configuration page.
- Bug Fixes for OAuth Flow.
- MDCFilter fixes for API flows.
- Minor Fixes for push notification bugging out during SSO with SAMLIdentity provider.
- Fixes for pwd_less/static application around add policy, group-based restriction, and added migration query for old passwordless apps.
- Fixed an issue where SSO wasn’t working for IFrame embedded view/applications.
- On The Fly User Creation for BigCommerce.
- SAML Domain Mapping errored out in some cases.
- IDP Session Timeout only used to work for miniOrange as IDP.
- Fix to create an enabled end-user in AD if password sync is on.
- A Random password was being assigned to users in AD in some cases.
- Fixes around request and response binding for SLO in broker flow.
- Fixed an issue where SSO failed when the browser’s developer console was open.
- Fixes and improvements around what settings can be imported from super admin while adding a new customer admin.
Version 3.3.3
- Java Melody Tool for better server monitoring.
- Azure AD as a standalone Identity OAuth Provider.
- Configurable SAML Response Validity.
- LDAP Gateway Improvements.
- miniOrange Email Domain Verification Improvements.
- Changing your password or email now prompts you to log out of all devices.
- Fixes for Chrome80 SameSite cookie changes.
- Clickjacking improvements for Iframe embedding.
- Discovery Flow: Display configured IDPs based on the User groups.
- User Search improvements for the SuperAdmin dashboard.
- IP restriction improvements during SSO flow.
- miniOrange Gateway Improvement and Fixes.
- Support for Push Notification in the OnPremise Build ~ IOS.
- Fixes for customer Admin Password Change via Super Admin Panel.
- Better handling of new line characters in SMS Template.
- Payment messaging improvements.
Version 3.3.2
- Added support for Force Authentication with miniOrange SAML IDP.
- Option to modify forgot password and create account URLs on the login page.
- Add a Resend OTP option on all the OTP verification flows.
- Add support to add any browser SSO app by customer admin.
- Add password field in user bulk upload CSV option.
- Simplify Initial IdP setup with Embedded database.
- Import users based on the Search filter in IdP.
- Add Refresh push Token feature to check the pending push in android as well as iOS mobile applications.
- Adaptive authentication disable option UI fix.
- Sort the user list by a column in ascending or descending order. Added search user by custom profile attributes.
- Not able to login when API User Store is set as default.
- Fix case-sensitive issue for Groups > Assign Users page.
- In Bulk Upload, the users don’t get assigned to the respective groups if the last entry is empty.
- Send External IdP Attributes as NameID attributes.
- SameSite Cookie Fix.
- Query Optimizations while fetching groups and user group members via API.
- Changes in Social Login for IdP for SSO to work with other apps.
- Added shared identity login feature.
Version 3.3.1
- Added Test Configuration for connection with external CAS IDP.
- Added Import IdP metadata feature for connection with external IDPs.
- Show attributes returned from AD in the test connection.
- Added Test Connection feature with external SAML IDP.
- Public Metadata URLs for miniOrange as a service provider and identity provider flows.
- Improvements in UI for show metadata page.
- Simplify Active Directory as a user store configuration with suggested options for search filter.
- OAuth response claims send groups as an attribute.
- Fix pagination issue on Identity Providers/User Stores Page.
- Fixes in User provisioning flow – Import users from AD, Google Apps.
- Fixes in Out of Band SMS 2FA Method.
- Fixes in MFA for VPN use case for a group policy.
- Simplify names in Add/Edit Policy Page.
- Improved add radius app section with option to set login policy in the same flow.
Version 3.3.0
- Salesforce API Integration: sync users from miniOrange to salesforce.
- Auto create user for miniOrange as sp, authentication from SAML/OAuth identity source in miniOrange with attribute mapping.
- OAuth Password Grant Support added for external OAuth Server.
- Download miniOrange as service provider metadata and added endpoints in view metadata.
- Add an option for configurable token expiry for the JWT token.
- Add links of documents and download option for LDAP gateway module in AD as a user store.
- Ability to edit IP address in radius application.
- XSS fixes on different login pages.
- Signature validation fix for new customers when trying to login into the mO self-service portal.
- Security Questions as 2FA method fix in inline registration in broker flow.
- Fix for admin session when miniOrange is a service provider.
- Not able to see custom attributes on add user form after Bulk Upload.
- Shorten password reset link on phone via TinyURL.
- Saml response encoding fix for special characters like Arabic.
- Fixes in saving a few default two-factor methods from the admin dashboard.
- Simplified embedded database connection form.
Version 3.2.0
- Add single sign-on support for Oracle EBS and AWS APN Partner Portal and a few more secure browser SSO apps.
- Added quick and easy support form in on-premise IDP inside the admin portal.
- Fixed MySQL DB scripts to handle default timestamp values.
- LDAP Broker: Only attributes that are configured in the Manage App Section should go out as profile attributes in the plugin. Currently, whatever you provide as the username during authentication is being picked up as the NameID attribute.
- Any 2FA method disabled to be shown to the user shouldn’t be allowed to be set as the default.
- Remove alert from user configure 2FA screen: If you want to try out OTP over SMS/Email methods, please setup your SMS/SMTP gateway first from the customization menu.
- If branding is set before changing the server URL then logos don’t load as they point to localhost.
- Fixed SSO configuration for browser SSO apps when choosing the shared account option.
Version 3.1.0
- Add support for Language-Specific Email Templates.
- Added support for Language-Specific Custom Attributes.
- Ability to switch between Assertion Signed and Response Signed.
- Form Post Apps Single Sign-On: Add support to send different app redirect/access URL for each user.
- Show user status in the export user list from IdP Admin Portal.
- Added support for Bcrypt Hashing Algorithm for Database as Identity Source for Moodle and Joomla.
- Login with 2FA from mobile browser flow changes.
- Show current active license plan details and links to upgrade to the premium plan.
- Added support for more SAML apps, Browser Extension SSO apps as pre-integrated.
- Fixes in the User Self-service Portal: Password-less apps on the user dashboard doesn’t show up.
- In manage users, when the phone number column is disabled/enabled, the phone number always shows if the username is selected.
- User Self-Service Portal login policies not working with non-default groups.
- Fix to update user profile attributes along with email/phone by admin.
- MFA fixes if the username is different than the email for the windows credential provider use case.
- Fix in 2FA Self User-Registration in broker flow after authentication with third-party IDP.
Version 3.0.0
- Add support for External databases like PostgreSQL, MYSQL, etc for production deployments.
- Added support for login with a phone number.
- Added support for CAS Server as Identity Source.
- Add support for multilingual for login page, forgot password page all text, error messages on login pages, and end-user pages.
- Added configurable options for new user registration to verify user, and provision user to third party app.
- Added date picker as a field type for user profile custom attributes and configurable option to hide/show user custom attributes on the registration page.
- OAuth Mobile APIs for user authentication, registration, reset password, update user profile, get refresh token, and revoke access token.
- Added option to limit the number of 2fa methods allowed to configure by end users.
- Added option to allow admin to reset/change any 2fa method for end users.
- User should be redirected back to the service provider app after the user self-registration and logged-in to that app.
- Added option to add custom CSS file for login/signup/forgot password pages.
- Added support for authentication with google identities stored in miniOrange IDP in addition to an AD when a radius request is received.
- Added option to change log level from customer admin console for on-premise.
- Added option to log IP address in authentication audit.
- Customer can update their own username, email, and phone using OTP verification.
- Added Single Logout in broker flow for SAML and JWT apps.
- Added Signed Request in Broker flow for SAML IDP.
- Add support for attribute mapping in identity broker flow for external IDPs/user stores.
- FileMaker Browser SSO APP.
- Yahoo Social login Default APP.
- Log into miniOrange using multiple Identity Sources and redirect to any form-based app.
- Support for multiple languages in custom Attributes.
- Migration from GCM to FCM.
- Update the plugin payment framework on the server side to support different prices for each plugin plan.
- Added Language Support for Email Templates.
- Plan Name Specific Instance-Based Pricing.
- Cloud/On-Premise IDP automated Payment Plans.
- Added miniOrange as SP metadata and instructions to setup.
- Fixes in auto create a user on the fly from AD in different flows and support for mapping immutable ID for office 365 SSO.
- Fixes to handle SP-initiated, and IDP-initiated SSO in broker from the same endpoint.
- Fixes in Google Apps users import and password sync.
- Improvements in SAML app metadata view – added more description, different sections for IDP URLs and broker URLs, Multiple IDPs selection URLs, etc.
- JWT Request Validation Improvement and error handling.
- Add user plan WordPress Two Factor Authentication.
- User Sync/Provision during User Update.
- Switch between Response Signed and Assertion Signed.
- Fixes in CAS as identity server.
Version 2.0.0
- CAS Server as Identity Source.
- Discovery flow and domain mapping fixes.
- Adding 2 user pricing for 2FA plugin.
- Add allowed limit on Registration API from one IP.
- Added Feedback Form in our product.
- Adding Signed Request in Broker flow for SAML IDP.
- JWT Request Validation Improvement.
- Email Templates fixes for Forgot/Change Password.
- JWT Error Handling.
- Fetching Recursive groups from LDAP.
- Adding API as an authentication source in the Borker flow.
- Configurable audience URL for SAML app config, configurable name-id format app config.
- Add support for multilingual for login page, forgot password page all text, error messages on login pages, end user pages.
- Customer can update his own username, email, phone using otp verification.
- Mobile App (Changing App framework from GCM to FCM and making it compatible with On-Premise IdP).
- Adding Single Logout in broker flow for SAML and JWT apps.
- Encrypting the Properties file.
- Payment Plans for LDAP Add-ons:
- BuddyPress Integration Add-on.
- Directory Sync Add-On.
- Compatibility fix for running on-premise on Ubuntu servers.
- Added fix to support miniOrange as an identity source with other idps.
Version 1.0.6
- Added support for Idp-Initiated login in identity broker flow.
- Added support for WordPress as an identity source.
- Added support for configurable Audience URL and Name-ID format for SAML client application.
- Added support for fetching custom attributes in the database as an identity source.
- Added support for OAuth Password Grant Flow.
- Compatibility fix for running on-premise on Ubuntu servers.
- Fixes for external database as identity source – added branding, audit, session management, etc.
- Security Fix in OAuth flow for Access Token Expiry.
- Fix in SMS transaction check licensing.
- Fix in google apps provisioning.
Version 1.0.5
- Added support for Radius Authentication + 2FA for different VPN clients:
- PAP Authentication Method.
- EAP-TLS Authentication Method.
- OTP with Password and OTP after Password.
- Added support for 2FA on Remote Desktop Services via RD Web and Remote Desktop Client.
- Added support for LDAP Proxy.
- Added support to save SAML app config via upload metadata.
- Added support for User authentication API.
- Added support for user re-verification after an interval of months for identity re-verification.
- Added support for showing first-name on the user dashboard instead of a username on the top navigation section.
- Check for a disabled customer in identity broker authentication flows.
- List of premium plugins:
- WordPress SAML SP: Standard, Premium Single Site, Premium Multisite
- WordPress IDP Plugin new licensing and payment page changes
- Joomla IDP PLugin (IDP Initiated Logout fix)
- Drupal SAML SP: Added Single Logout
- OAuth Server: Refresh Token Issue
- OAuth Client: Custom OpenID Connect Server Support, Custom CSS
- Support for IdP-Initiated Login in Broker Flow.
- Support to send extra Attributes when the Database is set as an Identity Source.
- Google Apps Provisioning Fix.
- IdP-Initiated SAML flow fix when Signed Request has been configured.
- Fix in-session issue for miniOrange as OAuth Server.
- Fix in custom OAuth providers to support more providers.
- Fix for bouncy castle cyclic dependency on startup.
- Fix in Disable User API.
- how user list to Customer filter by Disable User.
- Fix related to LinkedIn authorization URLs.
- 2FA fix in broken flow when LDAP is the identity source.
- License Key free fix.
- Authentication report bug fix for count 0.
Version 1.0.4
- Added support for the miniOrange authenticator app for 2FA. It includes methods like QR Scan, Push notification, Soft Token.
- Added support for device-based adaptive authentication (Risk-based authentication).
- Added support for SAML response encryption and configurable option to verify signed requests.
- Added support to map authentication source with apps to define which app should authenticate via which source.
- Added support to customize user self-service portal.
- Added support to send forgot password link on phone via SMS to users.
- Added support for adding radius clients and miniOrange as radius proxy for 2FA.
- Added support for radius as an authentication source.
- Linking application with the Identity Sources.
- Support for encrypted SAML response.
- Support for verifying signed SAML request.
- Multiple customer requests: If the email is behind the SSO then how to reset the password? Currently, we set the password link to the email. But in this case, need an alternate way like sending OTP to the phone.
- WP LDAP Cloud: Changes to send user attributes in LDAP gateway for wp LDAP cloud plugin.
- Integrate their authentication source in custom OAuth as an identity source.
- Add a feature for user re-verification after an interval of months.
- Integrate API authentication in the identity broker flow and create a user on the fly with an encrypted username.
- Add support for group-specific relay state for SAML apps and enforce this relay state in SP-Initiated SSO.
- Platform Enhancement:
- Log the IP address of the source requesting LDAP Authentication through the Cloud LDAP Plugin.
- Get multi-valued user attributes through the LDAP Gateway.
- LDAP Configuration fixes.
- Added support for Palo Alto VPN and Fortigate VPN – Radius Authentication + 2FA.
- PAP Authentication Method.
- EAP-TLS Authentication Method.
- OTP with Password and OTP after Password.
- LDAP Proxy.
- Multiple customers – 2FA on RDP via Rd Web and RDC.
- Import Metadata.
- Enhancement in user re-verification to run a scheduler and send email notifications
- Support for file type in user custom attributes to upload file.
- Bug fix for showing disabled users from the admin dashboard.
- Bug fix for download app metadata from superadmin.
- Bug fix to save AWS Cognito as an Identity Source.
- Bug fix in user group membership API.
- Show the first name on the user dashboard instead of a username.
- Google Authenticator App Name Change API.
- miniOrange as OpenID Server.
Version 1.0.3
- Support for JWT for single sign-on into any app, if it doesn’t support any other standard protocol. Support for SSO into any mobile app which supports JWT.
- Support for adaptive authentication (based on device, time and location) on top of single sign-on with any IDP/user store.
- Licensing Story – changes in the existing licensing framework to have separate license being created for each plugin, and product-related payment.
- New UI which is mobile responsive and better feature segregation in the menu.
- Pick app policy for SAML apps by sp_entity_id/issuer and not ACS URL. SSO Endpoints are changed for all authentication flows which will have app_uid in the URL.
- External Database as an identity source.
- Fixes in inline registration for 2FA.
- Fix in reports to send all reports to s3 on AWS every day.
Version 1.0.2
- Support for Third-Party Database(MySQL, MSSQL) as Authentication Source.
- Support for SSO into any WS-FED Client App using any Identity Provider.
- Support for miniOrange as OAuth Server.
- Support for import users from AD/LDAP.
- Support for password sync from miniOrange to AD/LDAP.
- Configurable option to specify db location while setting up Identity Server.
- Fix for SAML apps to find app authentication policy by the issuer and not ACS URL.
Version 1.0.1
- Configure external Identity Providers SAML and OAuth.
- Single Sign-On into OAuth Apps via SAML IDP. Cross-Protocol Support.
- Configure AD/LDAP as a user directory for authentication and SSO into SAML, OAuth, or any custom app.
- Two Factor Authentication using OTP Over Email, OTP Over SMS, Google Authenticator, and Security Questions.
- Centralized Admin Console for user/group/app management.
- Customization Options for changing base URLs, logos, and branding for user-facing pages. Customizable Email Templates, SMTP Gateway, Add custom attributes for user/group.