With release 22.7, CyberArk Workforce Identity supports the following new features:
Single Sign-On (SSO)
App Management Within Organizations
CyberArk Identity allows admins to delegate specific administrative functions to other users with the Delegated Admin feature. Delegated admins can perform tasks related to their assigned organizations within their tenant. With this release, admins can now add applications to their organizations and delegate limited administrative capabilities to “app managers.” This allows admins to offload specific administrative tasks to delegated admins without giving them full administrative privileges. In addition, it allows organizations to segment their applications to specific organizations. For example, a global company could add applications to regional organizations in CyberArk Identity and delegate administrative app-specific functions to regional app managers. Likewise, a company with individual business units could assign apps only to the relevant business units.
Multi-Factor Authentication (MFA)
Access Orchestrator (Preview)
CyberArk Adaptive Multi-Factor Authentication (MFA) supports a wide range of authentication factors enabling stronger access controls and a frictionless user experience. With this release, admins can now sequence authentication factors in a custom order using Access Orchestrator. Previously, administrators could enable specific authentication mechanisms in the policies, but end users could select them in any order they chose. Now, with the Access Orchestrator, administrators have more control over the order of the challenges end users select by creating dependencies between them so that the second challenge is contingent on the first. This allows admins to create policies that comply with industry standards, such as a particular Authentication Assurance Level (AAL). This feature is available in 22.7 as a preview only. Please click here to learn more and reach out to CyberArk support to try this feature.
An example of building an Authentication Request Flow in Access Orchestrator.
Workforce Password Management
CyberArk Workforce Password Management is an enterprise-scale solution that enables workforce users to securely store and share business app credentials. With this release, admins can now restrict users from leveraging Workforce Password Management for specific applications. For example, administrators can now block entertainment or social media applications like Facebook, TikTok or Instagram from being added to user portals. Once an app or domain is added to the restricted apps list, users cannot save credentials for that application or launch the specified app from the user portal. This gives admins greater control over end-user added apps and ensures that Workforce Password Management is used only for approved or business-related purposes. To learn more about restricting applications, click here.
The new App Restrictions tab allows admins to restrict users from leveraging Workforce Password Management for specific applications.
Copy and Paste Username and Password
CyberArk Workforce Password Management allows users to quickly access business applications by auto-filling credentials at login. At times, however, applications and websites may make changes that prevent autofill from working. With this release, Workforce Password Management now allows users to copy and paste credentials for their desired applications directly from the context menu. Previously, users had to access the user portal to copy their credentials. Now, users can right-click on the app login screen and paste credentials directly into the username and password fields. This new feature provides an improved user experience and further streamlines the login process to business applications. To learn more about this feature, click here.
Workforce Password Management provides the option to copy a username and password from the context menu.
Secure Web Sessions
Detect When a User Walks Away from a High-Risk Web Session
CyberArk Secure Web Sessions recently added a Continuous Authentication feature, securing high-risk web sessions by prompting users to reauthenticate if the session becomes idle for a certain period of time. With this release, administrators can now enforce an additional layer of protection by monitoring the end user’s physical footsteps during an active web session. The new feature detects when users walk away and leaves sensitive data or capabilities exposed on the screen, and then requires the user to reauthenticate to continue using the app. This prevents sensitive information from being inadvertently left exposed when end users step away from their computers and helps ensure that the user who launched the application is the same person using it.
New Footstep Monitoring controls add an additional layer of security to the Secure Web Sessions Continuous Authentication feature.
With release 22.7, CyberArk Customer Identity supports the following new features:
International Language Support for Authentication Widget
The CyberArk Identity Authentication Widget allows developers to create and modify authentication widgets, including the Login Widget and MFA Widget, using a no-code, user-friendly UI directly in the admin portal. With this release, CyberArk Identity allows customers to select from more than 18 international languages while configuring their login form. Previously, this form only supported the English language. The latest release provides better opportunities for customers to customize the login experience for their region and audience.
The Authentication Widget now supports 18 global languages.
New Sample Apps for React JS and Node JS
Customers using Node JS or React JS applications can accelerate development and integration processes by leveraging the Node JS Sample app. These two new sample apps enable customers to leverage the JS SDK in their web applications built on Node JS, utilizing the authentication, authorization, and self-service flows of CyberArk Identity in their applications.
- See the Angular - Node.js documentation and download the app from GitHub
- See the React.js documentation and download the sample app from GitHub
Try it! Feature for CyberArk Identity APIs (preview)
With this release, administrators can now try various APIs with your tenant details in the CyberArk Identity developer portal. This allows customers to evaluate the APIs and view the request and response on the fly before integrating these APIs into their applications. For example, admins can now test requests to endpoints from the developer documentation and see responses specific to their CyberArk Identity tenant. This helps specify trusted domains for API calls to prevent cross-origin resource sharing attacks before making the API calls from the Identity developer portal. Learn more about this feature.
CyberArk Customer Identity Reference Documentation now includes a Try it! feature that allows customers to try CyberArk APIs prior to integrating.
For more information on the CyberArk Identity 22.7 release, please see CyberArk Identity release notes.