CyberArk Identity 22.7 Release

July 14, 2023 Laura Balboni

CyberArk Identity 22.7 Release

With release 22.7, CyberArk Workforce Identity supports the following new features:

Single Sign-On (SSO)

App Management Within Organizations

CyberArk Identity allows admins to delegate specific administrative functions to other users with the Delegated Admin feature. Delegated admins can perform tasks related to their assigned organizations within their tenant. With this release, admins can now add applications to their organizations and delegate limited administrative capabilities to “app managers.” This allows admins to offload specific administrative tasks to delegated admins without giving them full administrative privileges. In addition, it allows organizations to segment their applications to specific organizations. For example, a global company could add applications to regional organizations in CyberArk Identity and delegate administrative app-specific functions to regional app managers. Likewise, a company with individual business units could assign apps only to the relevant business units.

Multi-Factor Authentication (MFA)

Access Orchestrator (Preview)

CyberArk Adaptive Multi-Factor Authentication (MFA) supports a wide range of authentication factors enabling stronger access controls and a frictionless user experience. With this release, admins can now sequence authentication factors in a custom order using Access Orchestrator. Previously, administrators could enable specific authentication mechanisms in the policies, but end users could select them in any order they chose. Now, with the Access Orchestrator, administrators have more control over the order of the challenges end users select by creating dependencies between them so that the second challenge is contingent on the first. This allows admins to create policies that comply with industry standards, such as a particular Authentication Assurance Level (AAL). This feature is available in 22.7 as a preview only. Please click here to learn more and reach out to CyberArk support to try this feature.

Access Orchestrator

An example of building an Authentication Request Flow in Access Orchestrator.

Workforce Password Management 

Application Restrictions

CyberArk Workforce Password Management is an enterprise-scale solution that enables workforce users to securely store and share business app credentials. With this release, admins can now restrict users from leveraging Workforce Password Management for specific applications. For example, administrators can now block entertainment or social media applications like Facebook, TikTok or Instagram from being added to user portals. Once an app or domain is added to the restricted apps list, users cannot save credentials for that application or launch the specified app from the user portal. This gives admins greater control over end-user added apps and ensures that Workforce Password Management is used only for approved or business-related purposes. To learn more about restricting applications, click here.

App Restrictions Tab

The new App Restrictions tab allows admins to restrict users from leveraging Workforce Password Management for specific applications.

Copy and Paste Username and Password

CyberArk Workforce Password Management allows users to quickly access business applications by auto-filling credentials at login. At times, however, applications and websites may make changes that prevent autofill from working. With this release, Workforce Password Management now allows users to copy and paste credentials for their desired applications directly from the context menu. Previously, users had to access the user portal to copy their credentials. Now, users can right-click on the app login screen and paste credentials directly into the username and password fields. This new feature provides an improved user experience and further streamlines the login process to business applications. To learn more about this feature, click here.

Option to copy username and password from context menu

 Workforce Password Management provides the option to copy a username and password from the context menu.

Secure Web Sessions 

Detect When a User Walks Away from a High-Risk Web Session

CyberArk Secure Web Sessions recently added a Continuous Authentication feature, securing high-risk web sessions by prompting users to reauthenticate if the session becomes idle for a certain period of time. With this release, administrators can now enforce an additional layer of protection by monitoring the end user’s physical footsteps during an active web session. The new feature detects when users walk away and leaves sensitive data or capabilities exposed on the screen, and then requires the user to reauthenticate to continue using the app. This prevents sensitive information from being inadvertently left exposed when end users step away from their computers and helps ensure that the user who launched the application is the same person using it.  

Footstep Monitoring controls add an additional layer of security

 New Footstep Monitoring controls add an additional layer of security to the Secure Web Sessions Continuous Authentication feature.

With release 22.7, CyberArk Customer Identity supports the following new features:

International Language Support for Authentication Widget

The CyberArk Identity Authentication Widget allows developers to create and modify authentication widgets, including the Login Widget and MFA Widget, using a no-code, user-friendly UI directly in the admin portal. With this release, CyberArk Identity allows customers to select from more than 18 international languages while configuring their login form. Previously, this form only supported the English language. The latest release provides better opportunities for customers to customize the login experience for their region and audience.

International Language Support for Authentication Widget

The Authentication Widget now supports 18 global languages.

New Sample Apps for React JS and Node JS

Customers using Node JS or React JS applications can accelerate development and integration processes by leveraging the Node JS Sample app. These two new sample apps enable customers to leverage the JS SDK in their web applications built on Node JS, utilizing the authentication, authorization, and self-service flows of CyberArk Identity in their applications.

Try it! Feature for CyberArk Identity APIs (preview)

With this release, administrators can now try various APIs with your tenant details in the CyberArk Identity developer portal. This allows customers to evaluate the APIs and view the request and response on the fly before integrating these APIs into their applications. For example, admins can now test requests to endpoints from the developer documentation and see responses specific to their CyberArk Identity tenant. This helps specify trusted domains for API calls to prevent cross-origin resource sharing attacks before making the API calls from the Identity developer portal. Learn more about this feature.

CyberArk Customer Identity Reference Documentation now includes a Try it! feature that allows customers to try CyberArk APIs prior to integrating.

CyberArk Customer Identity Reference Documentation now includes a Try it! feature that allows customers to try CyberArk APIs prior to integrating.

For more information on the CyberArk Identity 22.7 release, please see CyberArk Identity release notes.

Previous Article
CyberArk Privilege Cloud 12.6 Release – Integrated with CyberArk Identity
CyberArk Privilege Cloud 12.6 Release – Integrated with CyberArk Identity

CyberArk Privilege Cloud v12.6 integrated with CyberArk Identity: New self-service configurations, personal...

Next Article
Cloud Privilege Security: Extending Identity Security to the Public Cloud
Cloud Privilege Security: Extending Identity Security to the Public Cloud

CyberArk Cloud Privilege Security solutions analyze, secure and monitor just-in-time and standing privilege...