UCMS 4.8/UP 2.3 Release Notes (October 2022)

Last Updated: November 1, 2023

New Features

Support for Windows Hello for Business

UCMS now supports the issuance and management of Windows Hello for Business credentials that are registered in Azure AD and associated to a certificate coming from a PKI of your choice. This allows end users to use their Windows Hello for Business credentials in more places where a certificate is still required, such as Remote Desktop, Virtual Desktop Infrastructure, Run As…, and more. 

Support for SCIM Provisioning

UCMS can now receive users and groups using the SCIM protocol. The integration was validated with Azure AD, Okta, and Ping Federate. 

Workflow Creation for SCIM Provisioning

SCIM group names can now be the same in UCMS as they are in Azure AD, Okta, and other SCIM integrations. When creating a workflow for a local group, append the group name with _LOCAL.

Enhancements

YubiKey Management

• Support for Co-Management
  • For customers who wants to manage their YubiKey rollout with Axiad but must use a third-party to import content (such as a signature certificate) on those YubiKeys, UCMS now supports the issuance and management of YubiKeys with the management key stored on the device.
• Configuration of Multiple Slots
  • UCMS 4.8 introduces support for the configuration of both OTP slots (long/short press) on YubiKey 5 and Neo. Please review your configuration after upgrade and adjust accordingly:
  • For existing YubiKey Credential Profiles that include an OATH Token configuration, those settings will be mapped to Slot1 with the values OATH-HOTP, OTP Length=8 digit HOTP and Add OTI Prefix=checked. Slot2 is mapped by default with value Factory state.
  • For existing YubiKey Credential Profiles with no existing OATH configuration, both slots will be set to Factory State.
• New YubiKey Version
  • The YubiKey version for UCMS is now 5.4.3. To update this in UCMS:
    1. From the top menu, click Configuration > Parameter Management.
       The Parameter Management page displays.
    2. In the Configuration Parameter drop-down, select Miscellaneous.
       The miscellaneous parameters display in a list.
    3. Locate the YK Version parameter.
       This may be on the last page of the list, as parameters display in alphabetical order.
    4. Click .
    5. Enter 5.4.3 in the Display Value field.
    6. Click .
       Your changes save and the parameter is updated.

New Permissions

• Unified Portal
  • The following permissions were added to support new features introduced in the Unified Portal v2.3:
    • all.reportView
    • all.reportModify
    • self.deviceChangePin
• HSM Configuration
  • The following permissions were added:
    • Configuration: HSM Configuration
    • Configuration: HSM Configuration - Create/Edit HSM - SafeNet HSM Configuration
    • Configuration: HSM Configuration - Create/Edit HSM - Utimaco Crypto Server HSM Configuration
    • Configuration: HSM Configuration - Create/Edit HSM - Cloud HSM Configuration

Support of Foreign Characters in Oracle Databases

This option can now be enabled by adding the following JAVA_OPTS setting to the UCMS service configuration (via the Configuration > Java Runtime page):
-Doracle.jdbc.defaultNChar=true -Doracle.jdbc.convertNcharLiterals=true

API Enhancements

Updated Responses

• POST /api/v2/oauth/token now returns a string containing the OAuth token, rather than an OAuth2AccessToken object.
• GET /api/v2/devices/{type}/{device-uid} now includes a field keyHistoryCredentials containing the key history credentialIds for the device, if appropriate.
• GET /api/v2/credentials/{type}/{credential-uid} now include the PEM header and footer as part of the value returned.

New Functionality

• GET /api/v2/devices/{type}/{device-uid}/export can be used to export device information and wrapped sensitive data (OTP seed, PUK, etc.).