With release 22.3, CyberArk Workforce Identity supports the following new features:
Workforce Password Management – Secured Items
You can now allow users to securely store, access and share business-related Secured Items in the CyberArk Identity Cloud or the self-hosted Privileged Access Manager (PAM) Vault. Previously, CyberArk Identity Workforce Password Management enabled users to add credentials for their business applications to a centralized User Portal, securely access apps with a click of a button and share access to these apps with other users. Now, users can leverage Workforce Password Management to also store and share Secured Items — non-username and password data, such as license numbers, encryption keys and serial numbers. For example, IT admins can use Secured Items to provide new employees time-bound access to Wi-Fi details or software license keys. This provides users additional flexibility and ensures that all business-related information is protected and centrally stored. Secured Items is currently only available from the CyberArk Identity User Portal and requires CyberArk Privileged Access Manager 12.1 or later to store credentials in the self-hosted vault.
Secured Items User Interface
To learn more about using the Secured Items feature, please see the documentation for Workforce Password Management.
Anti-phishing Security Images
You can now allow CyberArk Identity Cloud Directory users to select an image that is shown during the login process to provide additional assurance that users are entering credentials on a legitimate CyberArk Identity sign-in page. Once you enable the anti-phishing security image option, users are prompted to select an image the first time they sign in to CyberArk Identity User Portal. Then, their selected image appears whenever they enter a valid username on the User Portal sign-in page. Security images can help protect users from phishing attacks — during a phishing attack, a user might be presented with a fake login page that mimics a real one in all ways except that it does not show the user’s chosen security image. A vigilant user should notice the absence of the security image and refuse to log in.
Security Images Sign-In UI
Refer to Harden your Workforce Password Management deployment for details on how to enable this feature.
Provision users from source directories to Active Directory
You can now provision users from source user directories, such as CyberArk Identity Cloud Directory or Microsoft Active Directory (AD), to downstream AD instances and authorize access based on AD roles. Previously, you could leverage Active Directory as your identity source and provision access to target applications. Now, you can also provision users and manage access to target Active Directory instances. This is useful for companies with complex AD infrastructure that must grant users access to AD-aware legacy applications. For example, you might have a stand-alone, department-specific AD instance that is used to provide access to Microsoft SharePoint. With this feature, you can now provision users to the AD instance used by SharePoint from any of your non-federated user directories (HRIS systems, enterprise Active Directory or CyberArk Identity Cloud Directory). This allows you to centrally manage all user access and ensure that legacy apps with Active Directory requirements continue to work reliably.
Refer to Inbound Provisioning from CyberArk Cloud Directory for more information.
CyberArk Identity Connector failure notifications
The CyberArk Identity Connector is a multipurpose service that enables some of the key features of CyberArk Identity, including managing access to legacy applications with App Gateway, enforcing MFA on VPN clients that support radius and integrating CyberArk Identity with Active Directory. With this release, you can now set up an email alert to notify specific users, roles or user groups if the connector service is disrupted. For example, you can now inform the IT team and CyberArk Identity administrators if the connection to the CyberArk Identity Connector is unexpectedly terminated. This allows you to troubleshoot connector-related issues faster, prevent extended service disruptions and reduce the volume of support calls. In addition, you can customize your email notification templates to provide specific instructions on handing CyberArk Identity Connector issues to your responding team members.
CyberArk Identity Connector failure notification
To learn more about CyberArk Identity Connector notifications, please see Troubleshooting the CyberArk Identity Connector documentation.
With release 22.3, CyberArk Customer Identity supports the following new features:
The Authentication Widgets feature is now generally available as part of the CyberArk Customer Identity solution. With Authentication Widget capability, developers can create and modify authentication widgets, including the Login Widget and MFA Widget, using a no-code, user-friendly UI directly in the Admin Portal. This allows for rapid creation and iteration of authentication widgets and sign-up forms with instant preview of widget customizations without changing the code on the website or app.
Authentication Widget UI
For more information on the 22.3 release, please see CyberArk Identity release notes.