CyberArk Identity 22.11 Release

November 10, 2022 Sonal Pokale

With the 22.11 release, CyberArk Identity supports the following new features:

Multi-factor Authentication

Access Orchestrator

CyberArk Adaptive Multi-Factor Authentication supports a wide range of authentication factors enabling stronger access controls and a frictionless user experience. With this release, it now includes Access Orchestrator — a visual authentication workflow builder that allows you to simplify decision-making for complex authentication processes. You can also use the Access Orchestrator to create dynamic authentication profiles to achieve desired compliance levels.

Previously, administrators created access policies and defined corresponding authentication profiles for each of the authentication scenarios. In these policies, administrators selected authentication mechanisms applicable to specific apps and resources. This rigid process was time-consuming, and end users could use any combination of authentication mechanisms allowed within corresponding authentication profiles to pass authentication challenges.

Now, you can use Access Orchestrator’s intuitive, no-code interface to rapidly build custom authentication workflows, define the conditions for invoking specific authentication profiles and require authentication using specific combinations of MFA factors in a particular order to meet compliance requirements. For example, you can require users logging into the CyberArk User Portal with a username and password as a first challenge to authenticate with a physical token for their second challenge. On the other hand, users who select a QR code as their first challenge can pass secondary authentication by approving an MFA push notification. This provides you with additional controls and flexibility, while ensuring that your authentication policies meet the desired Authenticator Assurance Level (AAL).

An example of building an Authentication Request Flow in Access Orchestrator

To learn more about Access Orchestrator, please see here.

MFA Fatigue Report

CyberArk Identity provides a comprehensive suite of built-in reports to improve visibility into access activity and reduce the risk of security breaches. With this release, you can now use the new MFA Fatigue Report to gain insight into the number of approvals and denials of CyberArk MFA push notification requests. This allows you to identify MFA fatigue patterns and targets of potential MFA prompt bombing attacks. For example, you can use this report to spot users that received a significant number of MFA push notifications during a short period of time, indicating a potential attack. With this knowledge, you can take proactive steps to investigate access activity and minimize the risk of breaches.

An example of the MFA Fatigue Report

An example of the MFA Fatigue Report

To learn more about CyberArk Identity reporting, please see here.

Secure Web Sessions

Summary View of Active Security Layers

CyberArk Secure Web Sessions is a cloud-based service that enables organizations to monitor, record and audit end-user activity within web applications. In addition, Secure Web Sessions enables companies to enforce continuous authentication and session protection controls for high-risk web sessions. With this release, you can now view currently active security layers for a specific application or browser tab using the Secure Web Sessions browser extension. This provides transparency into active protections enabled for specific applications and improves the user experience. For example, users can easily see if the Step Recording and Continuous Authentication layers are active for their high-risk applications or that Session Protection layers are disabled for apps not protected by Secure Web Sessions.

View currently active security layers for a specific application or browser tab using the Secure Web Sessions browser extension

To learn more about Secure Web Sessions protection layers, please see here.

Customer Identity and Access Management

Navigate to Custom Apps from User Portal

CyberArk Customer Identity allows external users to manage their personal profiles and enrolled devices in their User Portals. With this release, external users can navigate back to their web applications from the User Portal after updating their profiles. Previously, users making updates in the User Portal had to manually type the application URL in the browser to get back into their apps. Now, users can simply click a customizable button directly in their User Portal to be redirected to their web application.

Displays the “Back” button which redirects to the Acme web application

Displays the “Back” button which redirects to the Acme web application

Insert your Back button link and Back button label to customize and add to your user portal

Insert your Back button link and Back button label to customize and add to your user portal

For more information on the 22.11 release, please see the CyberArk Identity release notes.

CyberArk Identity Flows Now Available

CyberArk Identity Flows automates identity management tasks through no-code app integrations and workflows ...

CyberArk Privilege Cloud 12.7 Release – Improved User Experience

Version 12.7 of PAM as-a-service solution, CyberArk Privilege Cloud, offers new self-service configuration ...

Up Your Security I.Q. by Checking Out Our Collection of Curated Resources.

CyberArk Identity 22.11 Release

Multi-factor Authentication

Secure Web Sessions

Customer Identity and Access Management

Previous Article

Next Article

STAY IN TOUCH

CyberArk Identity 22.11 Release

Multi-factor Authentication

Secure Web Sessions

Customer Identity and Access Management

Previous Article

Next Article

Recommended for You

Footprint reduction, TCO saving and enhanced security in session management with CyberArk Privilege Cloud.

Secrets Management, Secrets Hub, Conjur, AWS Secrets Manager, Azure Key Vault, Kubernetes

CyberArk released new session management capability to provide just-in-time access to windows targets with vaulted credentials.

CyberArk Privilege Cloud v14.1 enhances the discovery service with new onboarding rules and the connector management service with improvements to Privileged session manager upgrade.

Secrets Management, Conjur, AWS Secrets Manager (ASM), Azure Key Vault (AKV), cloud workloads, cloud security, multi-cloud, Kubernetes Security, DevOps

New session management capabilities in CyberArk PAM include TCO reductions and VPN-less, native access to Windows, Linux, databases and Kubernetes, with zero standing privileges or vaulted credentials

Explore CyberArk PAM SH V14’s new features: Increased risk reduction, SAML for PSM for SSH sessions, advanced threat analytics and improved mobile experience.

CyberArk DPA adds Sydney data center, offering improved RDP connections with robust account policies, simplified TLS support and enhanced SSH audit on Linux.

CyberArk Privilege Cloud v14.0 introduces improved operational efficiency and security with enhancements to the solution, which is part of the CyberArk Identity Security Platform.

The CyberArk Identity 23.11 release includes extended passwordless authentication capabilities with passkeys, setting stronger controls for user sessions and scheduling access termination.

CyberArk Identity Security Platform now features automatic discovery of local privileged accounts on endpoints using CyberArk Endpoint Privilege Manager and CyberArk Privilege Cloud.

The CyberArk Identity 23.10 release offers support for Azure Government and includes significant updates improving user experience and extensibility.

Introducing the new CyberArk Privilege Cloud license capacity reporting tool, now available in the CyberArk Marketplace.

CyberArk Identity 23.9 release supports a better end-user experience, new Splunk integration, import of secure notes and enhancements for Secure Web Sessions

The latest CyberArk Dynamic Privileged Access (DPA) release includes support for just-in-time access to Linux machines in GCP and rapid onboarding of AWS accounts

CyberArk Identity 23.8 release supports YubiKey one-time-password for passwordless authentication, additional event types that trigger automated webhooks and email responses.

CyberArk Privilege Cloud v13.2 includes Bring Your Own Key, enhances Privileged Session Manager (PSM) and better UX to Central Policy Manager (CPM) via Connector Management.

The CyberArk Identity 23.7 release allows end users to specify preferred pronouns, simplifies rights needed to run compliance reports and supports custom folder creation for business apps and secured

CyberArk is introducing new UK Data Centers and Audit Reports for Dynamic Privileged Access (DPA), helping customers provide JIT Privileged Access.