NAV Navbar

Notakey Authentication Server

v5.0.5 (2023-02-10)

  • Remove Consul datastore dependency
  • Ensure datastore backend is accessible during admin session
  • Fix OpenID Connect provider error and notice messages

v5.0.4 (2023-02-03)

  • Complete rewrite of all oboarding proof creation logic
  • Major performance enhancements for onboarding operations
  • Use device certificate for signing approval requests
  • Use transient store for all activities, tokens and auth requests
  • Remote user lookup rewrite
  • Fix audit log corruption issue in some circumstances

v4.3.3 (2022-11-16)

  • Fix manual onboarding reject button
  • Documentation updates
  • Optimizations of authentication activities view
  • Additional request check for device offboarding request

v4.3.0 (2022-10-28)

  • Audit logging can now be configured to use TCP (TLS support will be added in upcoming releases)
  • Add background job to migrate license from enterprise mode to express

  • Audit logging feature now uses structured logging in JSON format

    Each message contains the following fields:

    Field name Description Example
    type Describes type of message as explained below AUTH
    resource Identifies the affected resource (e.g. user, enrolled device, service) {“id”:“main”,“type”:“EventLogConfiguration”}
    actor Identifies who made the change {“source”:“WEB”,“username”:“admin”,“remote_ip”:“192.168.0.11”}
    message Text describing event “User updated”

    Audit messages can be of the following types:

    Type Description
    AUTH Authentication request processing
    ONBOARDING Onboarding activities
    OFFBOARDING User onboarded device removal
    CONFIG Service configuration
    TESTLOG Test messages from UI
    USER User manipulation
    DEVICE User device changes
    RSAM Remote user source related activities
    LSAM Local user authentication activities
    ADMIN Administrator session activities
    OIDC Open ID Connect provider autentication

v4.2.19 (2022-09-19)

  • Maintenance release

v4.2.18 (2022-09-06)

  • Add test option to audit syslog service configuration
  • Fix audit log configuration being ignored in case of caching namespace mismatch

v4.2.17 (2022-08-15)

  • Show manual onboarding approval link only when enabled
  • User authorization optimizations
  • Mobile UI layout improvements
  • Manual approval optimizations related to authorization changes

v4.2.16 (2022-08-15)

  • Ruby version update

v4.2.14 (2022-08-01)

  • Dependency maintenance updates
  • Adds support for multiple redirect URIs per single OpenID Connect client

v4.2.6 (2022-06-01)

  • Fix for API clients management UI
  • Fix for QR test in service view, use auth profiles for this

v4.2.5 (2022-05-10)

  • Add device report CSV export functionality
  • Fix for automatic license renewal

v4.2.4 (2022-04-25)

  • Security improvements for onboarding workflow
  • Documentation update

v4.0.46 (2022-03-24)

  • Ensure authentication request UUID matches signature payload
  • Verify that signing device belongs to auth request approver
  • jQuery JS library updates

v4.0.38 (2022-03-11)

  • Fix bug with built-in administration service onboarding from remote user sources.

v4.0.37 (2022-01-31)

  • Fix service save error in some instances

v4.0.36 (2022-01-19)

  • Simplification of Prometheus metric initialization
  • Update of application webserver Puma
  • Fix Prometheus metrics in clustered mode (WEB_CONCURRENCY > 1)
  • Fix regression in error message to user when user lookup fails in remote repository

v4.0.35 (2022-01-10)

  • Library and framework update
  • Improved authentication and onboarding activity history view
  • Fix ActiveDirectory integration to enforce group membership on every authentication
  • Add option to delete stale external users during user sync
  • Add support for authentication with email address and password for SimpleCredentials onboarding requirement
  • Optimized user lookup when multiple allowed realms are present

v4.0.32 (2021-12-10)

  • Documentation update

v4.0.31 (2021-11-11)

  • New CI build system integration

v4.0.16 (2021-11-06)

  • Automated test improvements

v4.0.13 (2021-11-03)

  • Fixes for Redis and Consul migration tasks

v4.0.12 (2021-10-29)

  • Added application server instance configuration (WEB_CONCURRENCY)
  • Optimized license seat accounting

v4.0.11 (2021-09-29)

  • Added link to license self-service
  • Added configurable limit for Consul KV connections (CONSUL_MAX_CONNECTIONS)
  • Improved license renewal and subscription support
  • Redis connection pool configuration (REDIS_CACHE_MAX_CONNECTIONS, REDIS_MAX_CONNECTIONS)
  • Improved license renewal and subscription support

v4.0.10 (2021-08-24)

  • Schema migration fixes

v4.0.9 (2021-08-18)

  • Various operational metrics now available via stats-agent service
  • Service domain configuration in admin UI
  • Fixed issues with KV store migration in multinode clusters

v4.0.8 (2021-07-16)

  • Redis persistence support
  • Framework and integration library update
  • Performance improvements for large datasets, fixes ussues with lots of users
  • Pagination support on service user view
  • Improved user search and display
  • Option to disable simplified username lookup feature per service
  • Migration to a new Key-Value schema version, migration occurs during first instance launch

v4.0.2 (2021-06-18)

  • Redis persistence support
  • Framework and integration library update

v3.2.2 (2021-06-16)

  • Fix bug affecting LDAP user sources

v3.2.1 (2021-05-13)

  • Active Directory integration improvements, support for AD user UAC flags
  • Active Directory and LDAP user source server address failover support
  • Support for Active Directory and LDAP user source server name TLS certificate match ignore
  • Cluster status page showing cluster details
  • Various OIDC IdP improvements: logout, session expiry control, auth factor configuration

v3.1.3 (2021-04-30)

  • Active Directory integration improvements
  • Cluster status page showing cluster details

v3.1.2 (2021-04-13)

  • OpenID Connect service compatability improvements with .NET libraries
  • Fix for signed payload verification containing multiple text lines
  • Fixed regression in service configuration flag update

v3.1.1 (2021-03-02)

  • OpenID Connect implicit authentication flow suppport for onboarding
  • OpenID Connect onboarding requirement configuration form improvements

v3.1.0 (2020-12-28)

  • Support for OpenID Connect Identity Provider
  • Certificate generation improvements
  • Support for key security requirement change
  • Service publish state support
  • Custom service ordering support in mobile client
  • Onboarded device certificate inspection support

v2.24.0 (2020-10-29)

  • API improvements
  • Dependency update
  • Fixed issue with log archiving when OpenID onboarding is enabled

v2.23.6 (2020-10-13)

  • API authentication dependency update
  • Improved client for load and integration tests

v2.23.5 (2020-09-01)

  • Fix URL for public QR code display
  • Fix URL for pre-approval time request

v2.23.4 (2020-09-01)

  • Key value store relational model improvements

v2.23.3 (2020-08-12)

  • Various Open ID Connect onboarding improvements

v2.23.2 (2020-07-22)

  • Add API credential management to admin UI
  • Add security team management to UI

v2.23.1 (2020-07-20)

  • Add support for license automatic renewal after expiry
  • Use onboarding link in first run wizard

v2.23.0 (2020-06-30)

  • Support for automatic API endpoint registration
  • Separated configurations for SERVICE_FQDN and AUTH_DOMAIN
  • Fixed proxy issue with messenger client

v2.22.0 (2020-06-05)

  • Redis global cache support
  • Build system changes
  • Tagged builds with build date and other VCS labels
  • Added support for administration dashboard users to be authenticated against remote user sources
  • Remote users cannot be disabled locally
  • Removed misleading “Last update” from home view

v2.21.3 (2020-06-05)

  • Build system changes
  • Tagged builds with build date and other VCS labels
  • Added support for administration dashboard users to be authenticated against remote user sources
  • Remote users cannot be disabled locally
  • Removed misleading “Last update” from home view

v2.21.2 (2020-06-04)

  • Build system changes
  • Tagged builds with build date and other VCS labels
  • Added support for administration dashboard users to be authenticated against remote user sources
  • Remote users cannot be disabled locally
  • Removed misleading “Last update” from home view

v2.21.0 (2020-05-27)

  • Improved caching strategy for all elements
  • Fixed second factor requirement change to be immediate

v2.20.2 (2020-05-14)

  • Add support for user groups / user tagging features
  • Fixed bug with CSV user import when mixed user repositories are used (external and local)
  • Application framework update
  • Add sync feature for external service users

v2.19.5 (2020-05-13)

  • Fix error during onboarding when onboarding request is missing (due to retention)
  • Increase default thread count for application server
  • Add application load statistics interface

v2.19.3 (2020-03-23)

  • Added biometry check option when configuring authentication profile
  • Fixed bug with auth request generation from auth profile

v2.19.2 (2020-02-10)

  • Add optional custom filter for LDAP usersource engine

v2.19.1 (2020-02-07)

  • Allow partial username instead of full UPN for approval time requests

v2.19.0 (2020-02-07)

  • SMS codes now can be copied in both iOS and Android
  • Support for view level access to services
  • Global team configuration in managent UI
  • Messenger service client improvements
  • Configurable timeout for messenger client
  • Visual improvements for time request and onboarding views
  • Admin session inactivity timeout now configurable
  • Rewrite for password change to allow changing password without root service access
  • Base image update to latest alpine linux (maintenance lifecycle)
  • Application framework update (maintenance lifecycle)
  • Additional licence fields in NAS user report
  • Approver policy now can have multiple approvers
  • Fixed bug in user import from CSV

v2.18.1 (2020-01-27)

  • SMS codes now can be copied in both iOS and Android
  • Support for view level access to services
  • Global team configuration in managent UI
  • Messenger service client improvements
  • Configurable timeout for messenger client
  • Visual improvements for time request and onboarding views
  • Admin session inactivity timeout now configurable
  • Rewrite for password change to allow changing password without root service access
  • Base image update to latest alpine linux (maintenance lifecycle)
  • Application framework update (maintenance lifecycle)
  • Additional licence fields in NAS user report
  • Approver policy now can have multiple approvers
  • Fixed bug in user import from CSV

v2.17.0 (2019-12-19)

  • Show configured auth domain in setup wizard
  • Require password confirmation for initial setup
  • Documentation update
  • Full CRUD operation on service users
  • Simplified device and user discovery over API based on signature fingerprint
  • Error notification in authentication profiles
  • On error event callbacks in authentication profiles
  • Auth request cancellation API method

v2.16.9 (2019-11-05)

  • Added autentication profile functionality

v2.16.8 (2019-09-25)

  • Fixed minor edge case where querying auth request returns HTTP status 500

v2.16.7 (2019-09-23)

  • Admin access recovery from CLI
  • Log archiving fixes
  • Initial setup from CLI

v2.16.6 (2019-09-11)

  • Added support for special biometric auth request category

v2.16.5 (2019-09-11)

  • Bugfix for onboarding requirements configuration

v2.16.4 (2019-09-03)

  • Biometry authentication support in API and management UI
  • Visual improvements for onboarding and authentication flow views

v2.16.3 (2019-08-20)

  • API worker mode bugfix

v2.16.0 (2019-08-16)

  • LDAP user source improvements, realm validation and attribute mapping
  • Application role configuration support (worker, management)
  • Validate logo presence on new service creation

v2.15.1 (2019-06-19)

  • Fix bug with missing version information
  • Fix bundled API documentation formatting and add scope information for API calls

v2.15.0 (2019-06-18)

  • Support for optional WhatsApp number verification instead of SMS

v2.14.14 (2019-06-17)

  • Fix state sync bug when using multiple devices to approve auth requests

v2.14.13 (2019-06-07)

  • Users page in each service now has a function to send generic notification or SMS to all onboarded users.
  • API method to send generic notification or SMS to single user, requires urn:notakey:notify scope.
  • Fixed bug where COUNTRY_PREFIX configuration option would be ignored during onboarding when user has mobile number in national format, without country prefix.

v2.14.12 (2019-05-20)

  • CLI reporting functionality

v2.14.11 (2019-05-17)

  • Do not allow invalid token publishing
  • Shorten default API client ID

v2.14.10 (2019-04-15)

  • Device telemetry support
  • Visual improvements

v2.14.9 (2019-04-04)

  • Support for relaxed device onboarding
  • Max device limit can be specified globally per service

v2.14.8 (2019-03-26)

  • Logrotate bugfix

v2.14.7 (2019-02-23)

  • Fix send test notification
  • Show formatted dates in user details
  • Add user license detail panel
  • Add some more attributes for application user display
  • Disable attribute editing for external users
  • Add none selected translation for approver policy
  • Allow setting and unsetting approver without any warning messages

v2.14.6 (2019-02-20)

  • Fix syslog configuration save bug
  • Support for Active Directory TLS port configuration

v2.14.5 (2019-01-31)

Docker image: notakey/dashboard:2.14.5

  • Fixes broken device discovery due to broken indexes

v2.14.4 (2019-01-28)

Docker image: notakey/dashboard:2.14.4

  • Documentation fixes
  • Data migration for index and sequences fixed

v2.14.3 (2018-12-10)

Docker image: notakey/dashboard:2.14.3

  • Do not wait for push nofification processing
  • Fix favicon
  • QR code domain configuration support
  • Callback URL bug fix
  • Improved CSV support
  • Documentation improvements

v2.14.2 (2018-11-06)

Docker image: notakey/dashboard:2.14.2

  • M2M API fore encryption key registration
  • Callback support in AuthRequests
  • Service provider state param support in AuthRequests
  • QR code optimisations

v2.14.1 (2018-10-26)

Docker image: notakey/dashboard:2.14.1

  • M2M API authentication enhancements
  • Support for user disable / enable from API and GUI
  • Support for additional user management API calls
  • Admin user management improvements

v2.13.5 (2018-08-03)

Docker image: notakey/dashboard:2.13.5

  • Speed improvements for auth request generation

v2.13.4 (2018-07-24)

Docker image: notakey/dashboard:2.13.4

Bug fixes

  • Improved audit log cleanup
  • Compatability with old windows CP clients

v2.13.3 (2018-07-17)

Docker image: notakey/dashboard:2.13.3

Bug fixes

  • Fixed audit logging for administration sessions

v2.14.0 (2018-07-12)

Docker image: notakey/dashboard:2.14.0

  • M2M API authentication enhancements
  • Support for user disable / enable from API and GUI
  • Support for additional user management API calls

v2.13.2 (2018-07-12)

Docker image: notakey/dashboard:2.13.2

Bug fixes

  • Fixed authentication requests using UPN
  • Fixed indexing issue with application users
  • Fixed healthcheck throwing app out of service due load increases

v2.13.1 (2018-01-04)

Docker image: notakey/dashboard:2.13.1

Bug fixes

  • Fixed issue when ActiveDirectory GUID would not be properly decoded.

v2.13.0 (2017-11-13)

Docker image: notakey/dashboard:2.13.0

Features

  • Can now see active licence count
  • Improved logger output

Bug fixes

  • Fixed cases when appliance incorrectly determined cluster having a leader.

v2.12.0 (2017-10-23)

Docker image: notakey/dashboard:2.12.0

Features

  • Introducing Authentication Server application. This is a special type of application which has these characteristics:
    • It is used for Notakey Authentication Server onboarding.
    • Allows enforcing 2FA authentication for administrators.
    • Allows NAS administrator management.

v2.11.0 (2017-10-17)

Docker image: notakey/dashboard:2.11.0

Features

  • Added CORS support for our API.
  • User device API endpoint now returns associated public key.

v2.10.0 (2017-10-13)

Docker image: notakey/dashboard:2.10.0

Features

  • Onboarding and service pinning can now be performed using a QR code.
  • Added confirmation dialogs on any destructive action, such as removing an application.

Tasks

  • Updated Ruby and Ruby on Rails versions to mitigate newly discovered security vulnerabilities.

v2.9.0 (2017-09-29)

Docker image: notakey/dashboard:2.9.0

Features

  • Added security level to application. This option determines wether a user needs PIN/Fingerprint on their devices or not.
  • Added expiring appliance licence notifications
  • Omitting health-check requests in logs, making them less verbose

v2.8.5 (2017-09-19)

Docker image: notakey/dashboard:2.8.5

Bug fixes

  • Fixed auth request signature validation containing UTF-8 characters.

v2.8.4 (2017-09-04)

Docker image: notakey/dashboard:2.8.4

Bug fixes

  • Fixed race condition when rendering side navigation from multiple threads.

v2.8.3 (2017-08-30)

Docker image: notakey/dashboard:2.8.3

Bug fixes

  • Fixed “Users pending manual approval” being hidden for non-root users.

v2.8.2 (2017-08-16)

Docker image: notakey/dashboard:2.8.2

Bug fixes

  • Fixed signature validation when missing application logos
  • Fixed permission issue when viewing created user sources

v2.8.1 (2017-07-20)

Docker image: notakey/dashboard:2.8.1

New Features

  • Added application user table sorting and filtering

Bug fixes

  • Fix time zone configuration.

v2.8.0 (2017-07-14)

Docker image: notakey/dashboard:2.8.0

There are cases when access to a particular system should not be granted permanently or independently. Multi-user approval provides a solution by allowing to configure an approver for an employee.

New Features

Introducing two new policies regarding multi-user approval: - Immediate approval - each request to an application must be immediately approved by manager (approver). - Pre-approval - user requests access to an application for a specified period of time.

v2.7.1 (2017-06-07)

Docker image: notakey/dashboard:2.7.1

Bug fixes

  • Fixed missing navigation icons and favicon.

v2.7.0 (2017-06-06)

Docker image: notakey/dashboard:2.7.0

New Features

  • Added a new health check parameter to ensure node is operational.
  • Now when user changes password, old password must be entered for confirmation.

Misc. Improvements

  • Improve frontend in offline mode by removing assets stored in remote CDN’s.

v2.6.0 (2017-05-29)

Notakey now supports user onboarding through LDAP user source.

Docker image: notakey/dashboard:2.6.0

New Features

  • Added an option to specify LDAP as a user source.

v2.5.0 (2017-05-22)

Notakey appliance supports HTTP proxy

Docker image: notakey/dashboard:2.5.0

New Features

  • Administrators can now set HTTP proxy settings.
  • System uses default port for rsyslog endpoint.

v2.4.0 (2017-05-10)

Notakey appliance now supports Openid Connect onboarding

Docker image: notakey/dashboard:2.4.0

New Features

  • Users can now be onboarded using Openid Connect.

v2.3.0 (2017-05-03)

Extending Rsyslog functionality

Docker image: notakey/dashboard:2.3.0

New Features

  • Administrator can now set appropriate facility for rsyslog endpoint.

v2.2.0 (2017-05-02)

Introducing Remote syslog integration.

Docker image: notakey/dashboard:2.2.0

New Features

  • Administrator can now set Rsyslog endpoint to receive real-time audit events.

v2.1.0 (2017-04-25)

We are pleased to announce a multi-node deployment focused version of the Notakey Authentication Server.

Docker image: notakey/dashboard:2.1.0

New Features

  • if a multi-node cluster is in a read-only state, then authentication requests can now be created in-memory (on the specific node, which received the API request)
  • administrators can now change their passwords via the web-based user-interface (in the user profile section)

Misc. Improvements

  • usernames are no longer case-sensitive
  • reduced system boot time by a factor of 10

Bug Fixes

  • fixed a bug where application logos would not be rendered
  • the healtcheck endpoint would not work at all, if a multi-node cluster was in a read-only mode
  • when sending POST requests to /api/v2/auth_request, the ttl_seconds parameter would not be parsed properly, and cause an error

v2.0.22 (2017-04-06)

v2.0.21 -> v2.0.22 (2017-03-29)
  • Allow authentication when consul cluster is in read-only mode.

v2.0.21 (2017-03-16)

2.0.21

  • added session timeout for dashboard admin users (the session will time out after 10 minutes of inactivity)
  • internal: rails framework update to 5.0.2
  • bugfix: side navigation was cached based on URL, and sometimes displayed incorrect application list
  • ui: removed performance counter from the top-left corner of each page
  • bugfix: onboarding requirements were incorrectly serialized in a few corner cases

v2.0.20 (2017-03-06)

v2.0.19 -> v2.0.20 (2017-03-06)
  • Implement TTL for AuthFlow and OnboardingFlow

v2.0.19 (2017-03-02)

v2.0.18 -> v2.0.19 (2017-03-02)
  • Dashboard now displays Onboarding and Authorization activities under every Application.
  • Added ability to reset onboarding process from “Onboarding activities”

v2.0.18 (2017-02-21)

v2.0.17 -> v2.0.18 (2017-02-21)
  • Clear onboarding request on failed user device creation.

v2.0.17 (2017-02-16)

v2.0.16 -> v2.0.17 (2017-02-16)
  • Fix SMS onboarding workflow

v2.0.16 (2017-02-16)

v2.0.15 -> v2.0.16 (2017-02-16)
  • Enable SMS onboarding in production

v2.0.15 (2017-02-16)

v2.0.14 -> v2.0.15 (2017-02-16)
  • Fixed test notification from user’s dashboard

v2.0.14 (2017-02-15)

v2.0.13 -> v2.0.14 (2017-02-15)
  • Added ability to edit application user attributes

v2.0.13 (2017-02-14)

v2.0.12 -> v2.0.13 (2017-02-14)
  • Fixed an issue when max user device validation would fail when saving single device.

v2.0.12 (2017-02-14)

v2.0.11 -> v2.0.12 (2017-02-14)
  • Fixed onboarding device list removal button styling issue

v2.0.11 (2017-02-14)

v2.0.10 -> v2.0.11 (2017-02-14)
  • Added ability to remove onboarded devices from “Application User” view.

v2.0.10 (2017-02-13)

v2.0.9 -> v2.0.10 (2017-02-13)
  • Implemented SMS onboarding
    • Validates user’s phone number and adds missing country code

v2.0.9 (2017-02-08)

v2.0.8 -> v2.0.9 (2017-02-08)
  • Application user can now be found regardless of username’s case
  • Improved branding logo quality
  • Solved an issue when dashboard’s API incorrectly tried to validate an expired authentication request
  • Implemented SMS onboarding
    • Validates user’s phone number and adds missing country code
    • Send SMS using messenger service
    • Can set allowed number of devices for each user