UCMS 4.12/UP 2.7 Release Notes (May 2023)

Last Updated: April 29, 2024

Note

If you have any questions about these features or want to request a more in-depth discussion about the best way to leverage them, reach out to us at productmanagement@axiad.com.

Product Versions Included in this Release:

• UCMS: 4.10.x, 4.11.x, 4.12.x

• Unified Portal: 2.5, 2.6, 2.7

UCMS 4.12

New Features

Support for New Devices

UCMS now supports the issuance of management of new device types:

• Gemalto IDPrime MD931

• Yubico YubiKeys that can provide the identifier of their Batch Master Key as part of their metadata (version 5.3 and above). This is useful if you order YubiKeys programmed with a custom BMK unique to each order.

• FEITIAN BioPass FIDO2 (K26, K26+, K27, K27+) devices.

To issue and manage these devices, you must create a new device profile and assign it those to a workflow.

Expanded Ecosystem Support

• We now support the latest firmware of Utimaco HSMs (validated against their SecurityServer Simulator v4.50.0.1) for the storage of key materials.

• UCMS is now validated for MySQL 8.

Enhancements

SCIM Enhancements

• Support for the SCIM 2020 PATCH Format
  We now support SCIM 2020 PATCH format, which simplifies the SCIM configuration when connecting your Axiad Conductor instance to an Azure tenant. Previously, the Axiad Conductor > Azure AD integration only supported SAML SSO.

• SCIM Imports (MyCircle Users/Groups)
  MyCircle rules can now refer to entities and attributes that were imported from a SCIM-compliant provider, such as Azure AD, Ping Federate, or Okta.

Java KeyStore

New options were added to the config.properties file to allow for the configuration of different passwords for the oauth key and its containing keystore:

Deprecated Permissions

We changed our naming convention for Unified Portal privileges affecting the status of a device. Legacy permissions are still present but marked as deprecated, and will be removed in a later version:

Assign Device Type Permissions Based on User Roles

With this release, you can configure the permissible actions available to your users, depending on their device types. For example, you can restrict their YubiKey revocation permissions, but allow them to replace their existing Axiad ID for a new mobile device.

Bug Fixes

Unified Portal 2.5 - 2.7

New Features

"Single Pane of Glass" to Azure

Axiad Conductor now has the ability to track all authentication methods issued in Azure and report on them within the Unified Portal. This includes primary authenticators such as Windows Hello for Business, Microsoft Authenticator, and FIDO2, as well recovery authenticators like Temporary Password Access or SMS OTP.

This equips your IT department with a more complete picture of the current state of your passwordless rollout across your environment. If authorized, Help Desk Operators have the option to delete any of those credentials.

The Axiad Knowledge Center

To provide better and more comprehensive self-service for Axiad’s product offerings, we've developed a new, comprehensive Knowledge Center for our products. The first iteration of the Knowledge Center includes product documentation for Axiad Conductor, with additional products added in the coming months. 

• Content published in the Knowledge Center is verified and up-to-date. 

• New content will be added frequently (sometimes daily).

• In a future release, a direct link to the Axiad Knowledge Center from within the Unified Portal will be available in the Account menu.

Hardware Support

The Unified Portal now supports the following hardware devices:

• FEITIAN BioPass FIDO2 (K26, K26+, K27, K27+) 

• Gemalto IDPrime MD931

• IDEMIA Cosmo v8.2

• Yubico YubiKeys that can provide the identifier of their Batch Master Key as part of their metadata (version 5.3 and above). This is useful if you order YubiKeys programmed with a custom BMK unique to each order.

Enhancements

Customizable Link in your Unified Portal Header Bar

You can add your own link (such as one to your organization’s customized or branded documentation) to your Unified Portal header bar via a new icon:

Send Axiad Feedback from within the Unified Portal

In our continuous efforts to improve our products, we want to hear from you. Use the new Feedback option in your Account menu, located in the top right corner of all pages in the Unified Portal, to send your thoughts and suggestions directly to us.

This opens a new Send Feedback page, where you can select a star rating and enter comments:

One-Time Password Testing

For testing purposes, users with an Operator role can use a one-time password (OTP) for a given device without providing a PIN.

UX Enhancements

• To improve your user experience in the Unified Portal, YubiKeys are now listed as YubiKey regardless of their firmware version. Advanced users or IT operators can access a YubiKey’s firmware version via the Details View or Reports.

  TIP

  If you deploy YubiKeys and create your own custom documentation, we recommend you update it to reflect the simplified label.

  Before:

  After:

• Automatic Action Grouping
  If two or more actions are available to a user or Operator on a given device, the first two actions display as buttons. Additional actions are then grouped in the context menu.
  Any time-sensitive actions such as Renew are always listed first.

• New Report Columns
  You can now display the first name, last name, and UPN when looking at or reporting on users.

Selective Certificate Lifecycle Management

Help Desk Operators are now able to selectively suspend, resume, and/or revoke a certificate on a given device without affecting other credentials on the same device. This is useful for cases where for instance ownership of a specific encryption certificate is tied to a distinct background check.

Bug Fixes