Identity Administration Release Notes

Release 23.9 (available September 8, 2023) introduces the following changes.

See Identity Administration Release Notes - Previous Versions for changes in previous releases.

What's new

The following new features are now available.

Secure Web Sessions

See What's New for details on upgrade notes specific to SWS.

Identity Compliance

See CyberArk Identity Compliance Release Notes for details on upgrade notes specific to Identity Compliance.

Improvements and behavior changes

This release includes the following product improvements.

Authentication

Improvements to authentication features

Improvement

Description

Changed the default behavior for continuing with authentication challenges and notifying users after a failed challenge.

Previously, by default we allowed users to proceed with authentication challenges even if they failed an authentication challenge. After the last relevant MFA challenge, we notified users of their failed authentication without identifying the failed challenge. This made it more difficult for bad actors to gain access; however, it also made it more difficult for users to sign in.

Identity Administration security is robust, so hiding the failed challenge is not necessary. Starting with release 23.9, the default behavior changes to immediately notify users when they fail an authentication challenge. This improves the user experience without compromising security.

The following policy settings control this behavior. The default values for both settings are false starting with 23.9.

  • Authentication Policies > CyberArk Identity > Continue with additional challenges after failed challenge

  • Authentication Policies > CyberArk Identity > Do not send challenge request when previous challenge response failed

Values in your saved policy sets remain unchanged. This change only impacts the default policy set and any new policy sets.

See Notify users of a failed MFA challenge for more information.

Fixed issues

This section lists the issues fixed in this release.

Core Services

Issue Resolution

Retrieval of groups using the group email Id was not supported for Google directories.

This is fixed.

The Identity browser extension did not automatically sign in if you have a custom domain that includes the country code in the top-level domain (for example, mycompany.my.idaptive.app.au).

This is fixed.

Component versions

The following table lists the latest component versions.

Component

Version

Identity Administration

23.9.203

Identity Security Intelligence

23.9.206

Browser Extension - Chrome

23.9.1

Browser Extension - Edge Chromium

23.9.1

Browser Extension - Firefox

23.9.2

Connector

23.9.203

System requirements

See System requirements and supported browsers for more information about browser and device support.