NetIQ CloudAccess and NetIQ MobileAccess |
Version 2.0 |
Release Notes |
Date Published: December 2013 |
|
NetIQ CloudAccess is an appliance that provides a simple, secure way to manage access to Software-as-a-Service (SaaS) applications for corporate users. It provides out-of-the box security and compliance capabilities for SaaS services including full user provisioning, dynamic credentialing, privileged user management, single sign-on (SSO), and compliance reporting. NetIQ MobileAccess is an appliance that enables user access to protected resources from mobile devices. It provides convenient access for users, as well as the ability for administrators to customize viewing options and remotely manage registered devices. This version includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the CloudAccess forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources. The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click Add Comment at the bottom of any page in the HTML version of the documentation posted at the NetIQ Documentation page. To download this product, see the CloudAccess product website. What's New?The following sections outline the key features and functions provided by this version:
NetIQ MobileAccessAdministrators can now enable user access to SSO, proxy, and SaaS applications from supported mobile devices. MobileAccess features are available for all application connectors that CloudAccess supports. Configurable options in NetIQ MobileAccess include the following:
The MobileAccess app that users install on their mobile devices enables them to access corporate and SaaS applications from those devices. Administrators can also make the MobileAccess app available to users in a private corporate store. Once users have installed the app and registered their device, they can access assigned applications using their corporate user name and password. Administrators can unregister user mobile devices in the administration console. So, if a registered mobile device is lost or stolen, or an employee leaves the company, you can ensure that unauthorized users cannot access corporate resources. Users can also unregister their own mobile devices if necessary, either from their device or from the appliance administration console. For more information about installing, configuring, and using NetIQ MobileAccess, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.
AppmarksAppmarks are bookmarks for applications that you can configure for your users. Once you have configured a connector for an application, you configure one or more appmarks to enable users to access the application in different ways. You can configure one or more appmarks for any proxy connector, SaaS connector, or SSO connector. When you configure an appmark, you specify whether you want the application to launch in a desktop browser or on a supported mobile device, or both. Appmarks offer significant flexibility, enabling you to customize your users’ experience using different view options and variables. For more information, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide. New and Updated ConnectorsThe following new and updated connectors are included in this release:
For more information about all connectors, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide. Ability to Use Google Analytics as an External DashboardCloudAccess now includes Google Analytics as an external dashboard, enabling administrators to monitor general system health and usage. You can monitor and generate reports for the following:
You can view and print or export the data to a .csv file. For more information about using Google Analytics as an external dashboard, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide. Enhancements and Software FixesNetIQ CloudAccess 2.0 includes the following enhancements, as well as software fixes that resolve several previous issues. Installation of Connector for Office 365 Fails when L4 Switch Is In Round Robin ModeThe installer for the connector for Office 365 now works correctly with all L4 switch configurations. (841341) Google Apps Mail Attachment LimitThe connector for Google Apps maximum attachment size for the Google Apps Mail proxy has been increased from 10 MB to 25 MB. Health Status Indicates that No Time Server Is ConfiguredCloudAccess now displays health status correctly when you add a node to the cluster. (816968) Reports May Not Accurately Show ApprovalsWhen you use policy mapping to map an Active Directory group to a Google Apps resource with approval required, the Overview report, the Resource by Resource report, and the Resource by User report now show the actual current state of the user's resource allocation. (789437) Some Authorizations Appear Twice in Reports with RolesReports with roles no longer display duplicate entries for users. (837443) System RequirementsThis version of the NetIQ CloudAccess product supports upgrades only from NetIQ CloudAccess 1.5. There are some major considerations that will determine the best way for you to upgrade your environment from CloudAccess 1.5 to CloudAccess 2.0. Updating your CloudAccess 1.5 environment to CloudAccess 2.0 requires manual steps, since upgrading an existing cluster through the update channel is not supported in this release. Before you begin the upgrade process, review the upgrade sections in Chapter 2 of the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide and plan your upgrade carefully to minimize impact to users.
The prerequisites for the NetIQ MobileAccess appliance, and the steps for installing and configuring the appliance, are the same as those for CloudAccess. For more information, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide. Installing This VersionTo install CloudAccess or MobileAccess, see Chapter 2 "Installing CloudAccess" of the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide. Verifying the InstallationComplete the following steps to verify that the installation was successful. To check the installed version:
Known IssuesNetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Initialization IssuesInitialization Takes a Long Time to Display
Changes to the Preferred DNS Server During Initialization Result in a Static IP Address
Re-running Initialization Resets Custom Branding to Default
Administration IssuesDeleting a Node from the Cluster Removes the Node from the Interface, but the VMware Image Still RunsLeaving the VMware image running allows users to authenticate to a node that does not exist on the Admin page. When you delete a node from the cluster, the appliance deletes the node from the interface, but the VMware image still exists and is running. (755006) Use the following procedure to delete a node from a cluster:
CloudAccess Cannot Set TenantName Attribute on Events Sent to Sentinel
Browser Errors If Kerberos Is Not Enabled in the Browser
Adding a Large Number of Users Takes Time
Provisioning IssuesUser Email Address Changes in Active Directory Are Not Provisioned to Salesforce
Approval-Based Provisioning Continues Despite Removing the User from a Mapped Group
Re-enabled User Has Role That Was Previously Assigned
eDirectory User Objects with Other Name Are Created with Unpredictable CN Value
Relaxed User Matching Does Not Work with eDirectory Renamed User Objects
Policy Mapping IssuesNo Connectors Are Displayed on the Policy Mapping Page
CloudAccess Does Not Reconcile Pending Approvals with Changes to Policy Mappings
Using Multiple Browsers or Browser Windows Can Result in Duplicate Mappings
Using Wildcards for Filtering on Roles Page Does Not Work As Expected
Reporting IssuesReports Display Information from Deleted Connectors
Mapping Report Displays Numeric Values Appended to Data in the Authorization Name Column
User IssueGoogle Users Can No Longer Log in After Enabling Single Sign-On
Time Synchronization IssueCloudAccess depends on timestamps to function properly. Time must be synchronized between each CloudAccess node in the cluster. If time is not synchronized, provisioning fails, configurations fail, and authentication for users fails. Ensure that all nodes in the cluster reside in the same time zone. Connector IssuesLogging Out of Identity Provider Welcome Page Does Not Result in Logout from SaaS Connectors
Admin Page Does Not Provide a Way to View SaaS Metadata
Access Connector Toolkit Does Not Provide a Logout Option
Office 365 Installer May Fail During CloudAccess Credential Validation or Login
Display Name Does Not Change in Office 365 after Changing in Identity Source
Renaming Authorization at Office 365 Account Requires Policy Remapping in CloudAccess
Office Web Apps Cannot Be Assigned or Unassigned Without SharePoint Online
CloudAccess Does Not Support Multiple Connectors for Office 365
Connectors for Office 365 that are Configured for Domain and Subdomains Do Not Work Correctly
Users Who Are Provisioned to Multiple Google Domains Cannot Access Original Mailbox
Service Provider-Initiated Login to Salesforce and NetIQ Access Manager Does Not Work CorrectlyIn Safari or Internet Explorer 9, if you attempt a service provider-initiated login from Salesforce, the Salesforce site does not send a SAML2 AuthnRequest XML document with the SAML Request. As a result, the Welcome page appears instead of the logged-in Salesforce page. This is Salesforce behavior and cannot be addressed in the Connector for Salesforce. This behavior does not occur in Internet Explorer 10. The same behavior occurs with the Connector for NetIQ Access Manager using Safari or Internet Explorer 9 or 10. (813313) Behavior of Service Provider-Initiated Login To Salesforce When Kerberos Is EnabledIf you have Kerberos enabled on your CloudAccess cluster, service provider-initiated login attempts to Salesforce may result in the browser being left at the OSP welcome page after authenticating to the OSP instead of being redirected back to Salesforce. This issue occurs only if Kerberos is enabled on the CloudAccess cluster, but it occurs regardless of whether Kerberos single sign-on (SSO) occurs to the OSP or another authentication is used instead (for example, when the workstation is not a member of the Active Directory domain). You can prevent or address this issue by changing an option on the Single Sign-On Settings page at Salesforce. This page includes a new radio button named Service Provider Initiated Request Binding with two options: HTTP POST (selected by default) and HTTP Redirect. If you have Kerberos enabled on your CloudAccess cluster, select HTTP Redirect instead of the default HTTP POST option. If you do not have Kerberos enabled on the CloudAccess cluster, you do not need to change this option. This issue occurs on workstations running Windows 7 and Internet Explorer 9, but does not occur with Firefox on Windows 7. Single Sign-On to Box.com Fails if User Session Timeout Is Set to 75 Minutes Or Longer
Field in Simple Proxy Connector Configuration Does Not Work Correctly
MobileAccess IssuesSafari on Mobile Devices Cannot Access OSP Welcome Page Once the MobileAccess Connector Is Enabled
Cannot Install MobileAccess App Using Link in Safari
Upgrade IssuesOffice 365 Admin Password Appears in the Windows Event Log
During Upgrade, Promote to Master Appears to Have Completed Unsuccessfully
Contact InformationOur goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you. For detailed contact information, see the Support Contact Information Web site. For general corporate and product information, see the NetIQ Corporate Web site. For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels. Legal NoticeTHIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NONDISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or nondisclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the US Government or by a US Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. © 2013 NetIQ Corporation and its affiliates. All Rights Reserved. For information about NetIQ trademarks, see http://www.netiq.com/company/legal/. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||