In addition to the existing on-premises and cloud-based deployments, Advanced Authentication is now available in the Software as a Service (SaaS) model. Micro Focus hosts and maintains the Advanced Authentication Servers with their databases. You can use it to secure access to your corporate resources, such as various portals, workstations, and VPN servers.
For more information about Advanced Authentication and its features, see Introduction to Advanced Authentication.
The following are the key differences between SaaS and non-SaaS models:
|
Feature |
Advanced Authentication |
Advanced Authentication as a Service |
|---|---|---|
|
Setup |
Installation is required |
Installation is not required |
|
Billing |
License-based |
Subscription-based |
|
Hardware |
Must meet the recommended system requirements |
Does not require extensive hardware |
For the list of other documents related to Advanced Authentication, see the Advanced Authentication NetIQ Documentation page. For more information about the product and support, see the Advanced Authentication Product website.
If you have suggestions for documentation improvements, click comment on this topic at the bottom of the specific page in the HTML version of the documentation posted on the Advanced Authentication NetIQ Documentation page.
The release number is in the YYYY.M.RELEASE NUMBER format.
Advanced Authentication as a Service 2022.8.1 includes the following updates:
This release includes the following enhancements:
This release introduces the following options in the Cloud Bridge External repository on the Administration Portal:
Fast sync enabled: This option allows you to disable the automatic fast sync initialization of the repository that might impact the functioning of other dependent components.
Time between fast syncs: Select the required synchronization interval between the fast syncs from the drop down. By default, the interval is set to 5 minutes.
For more information, see Advanced Settings in the Advanced Authentication - Administration guide.
This release allows tenant administrators to configure the following timeout settings for Web Authentication events:
Session Timeout
Authorization Code Timeout
Access Token Timeout
Refresh Token Timeout
Public Refresh Token Timeout
Session Token Revocation Timeout
For more information, see Configuring Timeout in the Advanced Authentication - Administration guide.
|
Component |
Issue Description |
|---|---|
|
Administration Portal |
The OAuth2 event created using an API call is not displayed in the authcfg.xml for the tenant. Therefore, it is not possible to issue an access or refresh token. |
|
Administration Portal |
The fast synchronization process of the Cloud Bridge repository takes more than 5 minutes later display some errors in the logs. |
|
Administration Portal |
Unable to initiate the full synchronization process after changing Advanced Settings of the Cloud Bridge repository. |
|
Cloud Bridge Repository |
On large Cloud Bridge repositories, with 10K user records, the full synchronization process suspends automatically and the synchronization fails. |
|
OAuth2/ OpenID Connect |
When users select the SAML SP method to access the OAuth2/ OpenID Connect events, the field to specify the password is not displayed. However, users are granted access without the password. |
|
Web Authentication |
The Facial Recognition method does not work in the Web Authentication events. |
Advanced Authentication as a Service 2022.5.1 includes the following updates:
This release include the following enhancement:
This release introduces OAuth2 Application policy to allow the OAuth2 protocol-based applications to access the Advanced Authentication API.
For more information, see OAuth2 Application in the Advanced Authentication - Administration guide.
Also, introduces API calls to retrieve the following information of OAuth2 authentication:
Authenticated User details
Chain details
Tenant details
For more information, see Advanced Authentication API guide.
|
Component |
Issue Description |
|---|---|
|
SAML Service Provider |
Pre-condition: Download the SAML metadata from the https://<servername>/osp/a/TENANT1/auth/saml2/metadata URL. Uploading Identity Provider with the above metadata in the SAML Service Provider method causes configuration error in the web authentication of corresponding tenants. Removing the Identity Provider is not restoring the default identity provider settings and the web authentication is not accessible. |
|
Web Authentication |
Deleting a Web Authentication event that contains incorrect configuration does not reconfigure or restart the Web Authentication module cache. |
Advanced Authentication as a Service 2022.3.1 includes the following updates:
This release includes the following enhancements:
This release introduces the following options in the respective OTP methods:
Verify email address: This option is introduced in the Email OTP method and helps to send the verification code to a specified email address. This option allows the users to validate the email address during the manual enrollment.
For more information, see Email OTP in the Advanced Authentication - Administration guide.
Verify phone number: This option is introduced in the SMS OTP and Voice OTP methods to send the verification code to a specified phone number. This option lets users verify whether the phone number is valid before the manual enrollment.
For more information, see SMS OTP and Voice OTP in the Advanced Authentication - Administration guide.
This release introduces the following options in the Login Options policy:
Logon timeout (seconds): This option allows you to set the maximum duration of the logon session. The user must specify the login credentials within this duration to prevent the session termination.
Logon inactivity timeout (seconds): This option allows you to set the maximum inactivity timeout of the logon session, and a user can remain idle within this duration.
For more information, see Login Options in the Advanced Authentication - Administration guide.
In this release, the FIDO 2.0 method is renamed to FIDO2.
After integrating a product with Advanced Authentication, the administrators can use the following API call to retrieve the Risk Score of an authenticated user after successful authentication:
api/v1/logon/{{logon_process_id}}/do_logon
Advanced Authentication provides the Home Affairs National Identification System (HANIS) method that facilitates citizens of South Africa to authenticate using their face that has been enrolled in the National Identification System. During authentication, the Advanced Authentication server forwards the user details to the third-party service provider that is integrated with National Identification System where the validation takes place. The user gets authenticated to the required resource or endpoint based on the validation result.
For more information, see HANIS Face in the Advanced Authentication - Administration guide.
|
Component |
Issue Description |
|---|---|
|
Administration Portal |
After the full synchronization of the Cloud Bridge External repository, the following error message is displayed: 'NoneType' object has no attribute 'append' |
|
Administration Portal |
When eDirectory is configured as the external repository in Advanced Authentication, and the user entries include multiple CN values, then synchronization fails and displays an error message. |
|
Administration Portal |
When an administrator tries to change the Cache expiration time in the Cache Options policy, the updated expiration time is not saved, and changes are not applied. |
|
Administration Portal |
When the Cloud Bridge Agent is down and the administrator tries to verify the configuration using the Test Configuration button, an invalid message Gateway Timeout is displayed without stating the cause. |
|
Administration Portal |
When the full synchronization on the Web server is in progress and if the fast synchronization is initiated on the Master server simultaneously, the full synchronization fails and results in an error. |
|
Enrollment Portal |
When a user tries to test the FIDO2 method in the Enrollment portal, the test fails, and the following message is displayed: expected 'status' to be 'string', got: error. |
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
© Copyright 2022 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/en-us/legal.