With release 22.2, CyberArk Identity supports the following new features:
Inline Password Generator for change password flow
The CyberArk Identity Browser Extension can now automatically detect if the user is updating a password on a website, auto-fill in their previously-stored password and generate a new strong password. Previously, password changes required users to manually copy new passwords from the CyberArk Password Generator and paste them into the website password change fields. Now, CyberArk Identity Browser Extension automatically detects password change web forms, auto-fills the existing password field and provides a single-click mechanism to generate and fill a strong password in the new password and confirm password fields. If needed, users can change the password generation rules to comply with the target webpage requirements. In addition, the browser extension now offers users to save their updated passwords in the cloud or self-hosted vault. This inline password generation capability enables users to easily change business application passwords and avoid potential password-related security vulnerabilities.
To learn more about CyberArk Identity Browser Extension, please see this guidance on updating passwords with the Password Generator.
Microsoft Azure Portal template
You can now set up single sign-on access to Microsoft Azure Portal using a dedicated application template available in the CyberArk Identity app catalog. Previously, access to the Azure Portal required you to configure it as a linked application under Office365, preventing customers without Office365 licenses from adding it to their CyberArk Identity User Portals. Now, you can use a dedicated, WS-Fed standard-based template to easily set up and provision access to the Azure Portal for all of your users. Once set up, users can authenticate to the Azure Portal using their corporate single sign-on credentials. In addition, users have the flexibility to access the corporate Azure Portal directly or by clicking an app tile on their CyberArk Identity User Portal.
Template in the App Catalog
To learn more about setting up direct access to Microsoft Azure Portal, please see Microsoft Azure Portal Single Sign-On (SSO) integration.
Tabs interface in the User Portal (preview)
In addition to the updated design for application tiles announced in the previous release, you can now use a new Tabs feature to view, categorize and find your favorite and most frequently used applications and resources. With the new tabs feature, users can create new tabs, drag and drop apps from one tab to the other, find specific apps within their tabs or view all available applications. In addition, users have the flexibility to move, re-order and delete tabs as needed. For example, users can create customized tabs such as “Personal” or “Favorites” and move apps into those tabs for easier navigation.
User Portal Tabs UI
The new User Portal UI with tabs feature is available as a preview in this release and will be generally available in the CyberArk Identity 22.6 release. Please reach out to your account manager to request access to preview features.
Upcoming changes to the default values in CyberArk Identity settings
Starting with release 22.3 scheduled for the end of March 2022, we are making changes to three default configurations in CyberArk Identity. These updates are designed to further reduce the risk for customers using default values and are made as part of our unyielding commitment to the security of CyberArk Identity services. The changes will only impact customers using the default settings — custom configurations and settings made by customers will remain unchanged. The list of updated default values includes:
- Maximum consecutive bad password attempts allowed within window
- Old default value “Off”
- New default value “100”
- Lockout duration before password re-attempt allowed
- Old default “30 minutes”
- New default “10 minutes”
- Number of consecutive failed login attempts allowed before showing a CAPTCHA
- Old default “Off”
- New default “10”
Updated setting for lockout before login re-attempt in 22.3 release
Updated default CAPTCHA settings in 22.3 release
While the configurations specified above will be updated in the 22.3 release, administrators will be able to change them back to the old values or any other values based on their discretion and risk tolerances. Please reach out to CyberArk support if you have any questions about these upcoming changes.
For more information on the 22.2 release, please see CyberArk Identity release notes.