With release 21.2, CyberArk Identity supports the following new features:
Settings for reCAPTCHA challenges
CyberArk enabled support for Google reCAPTCHA service to protect your tenant or custom applications from automated brute-force attacks trying different username and password combinations in the 21.1 release. With this release, you can now enable or disable reCAPTCHA at login and set the number of failed login attempts or incorrect password entries before users are presented with CAPTCHA challenges. For example, you can set the number of failed attempts before CAPTCHA challenges are displayed to five and the number of consecutive failed login attempts to lock user accounts to ten. This would provide your users five opportunities to successfully authenticate to your tenant or application before being prompted with reCAPTCHA challenges. After five unsuccessful attempts, users would have to solve CAPTCHA challenges for each subsequent access attempt until they provide valid credentials or reach the lockout limit. With easily configurable reCAPTCHA settings, you can prevent attackers from locking specific user accounts with unsuccessful login attempts and reduce the risk of Denial of Service (DOS) attacks against your tenants.
Please note, reCAPTCHA integration is a tenant-wide setting and is turned off by default. Customers interested in this feature can enable it by reaching out to CyberArk Support. To learn more, please see here.
Provisioning to Google Cloud Platform
Google Cloud Platform administrators can now use CyberArk Identity to automatically create and deactivate GCP users and assign users to GCP groups. This allows you to have a single source of truth for all user identities and ensure that the right level of access to GCP is granted throughout employee lifecycle stages. To learn more about provisioning to GCP, please see here.
For more information on the 21.2 release, please see CyberArk Identity release notes.