With release 20.7, CyberArk Idaptive supports the following new features:
Single Sign-On
CyberArk Alero Integration
CyberArk Alero is now fully integrated with the CyberArk Idaptive Identity Security platform. Alero is designed to provide fast, easy, and secure privileged access to Third Party vendors who need access to critical internal systems that are managed by CyberArk. With this release, you can now leverage Idaptive to enable Single Sign-On access to Alero-protected PVWA instances for your internal corporate users. In addition, Alero administrators can access the Alero Admin Portal directly from the Idaptive Admin Portal. Previously, the two services were separate and required two sets of credentials to access. Now, you can access both the Idaptive and Alero services with one set of corporate credentials, and provide role-based access to resources secured by Alero.
To learn more about this integration, please see our CyberArk Alero integration documentation page.
Multi-Factor Authentication
Passwordless authentication using QR codes
You can now access the Idaptive platform by scanning a QR code during the sign-in process. Previously, you had to enter a correct username and password to access the Idaptive User Portal. If the login was secured by Multi-factor Authentication, you had to also provide a second authentication factor, such as a physical token or a one-time passcode (OTP). Now, you can access the Idaptive User Portal without typing in a username or password simply by scanning the QR code using the CyberArk Mobile App. The CyberArk Mobile App can be protected with on-device biometrics authentication mechanisms, such as facial recognition cameras or fingerprint readers to validate the user scanning the QR code. For example, you can open the CyberArk Mobile App on your enrolled iPhone, validate your identity in the app using Apple Face ID, and gain access to the User Portal by scanning the QR code shown on the Idaptive Portal login page.
You can also use QR codes as a part of your passwordless MFA authentication setup. For example, you can require users to authenticate using their on-device fingerprint first and validate their identity by scanning a QR code second. To learn more, please see documentation on the QR Code login.
App-specific on-demand MFA policies
You can now configure on-demand Multi-factor Authentication (MFA) policies that are triggered at app launch and bypass initial user authentication mechanisms. Previously, app-specific MFA policies required you to authenticate users with the User Portal authentication policy before presenting users with the step-up authentication challenge to validate their identity. Now, you can enable users and tegrating client apps apps to access specific applications protected by Idaptive, by successfully passing MFA challenges without the initial authentication. The on-demand MFA policies can be used to secure direct access to specific or low-risk applications without asking users to go through multiple authentication steps.
For more information on the 20.7 release, please see CyberArk Idaptive release notes.
