CyberArk Identity Release Notes

Release 24.2 (available February 9, 2024) introduces the following changes.

See CyberArk Identity Release Notes - Previous Versions for changes in previous releases.

Related services

Workforce Password Management

See WPM Release Notes for update notes specific to Workforce Password Management.

Secure Web Sessions

See What's New for update notes specific to SWS.

Identity Compliance

See CyberArk Identity Compliance release notes for update notes specific to Identity Compliance.

Identity Flows

See What's new for update notes specific to Identity Flows.

Early access features

Early access features are made available on a case-by-case basis by request. Early access features might see more frequent updates compared to GA features.

Contact your account representative to enable early access features.

The following tables describe features that are currently in an early access state.

Windows Cloud Agent

Windows Cloud Agent early access features

Feature

Description

Initial release version

Support for federated users and additional authentication options

The Windows Cloud Agent now supports a WebView component for the endpoint login UI, in addition to the native Windows Cloud Agent login UI.

The WebView-based experience offers all of the benefits of the native Windows Cloud Agent experience, plus the following advantages:

  • support for federated users

  • enhanced authentication options

See CyberArk Identity Windows Cloud Agent for more information.

24.2

Single sign-on

Single sign-on early access features

Improvement

Description

Initial release

Single logout (SLO) now includes external IdPs

With this release, federated users who log out of a SAML or OIDC web application are seamlessly logged out from the external IdP.

To configure SLO, see Configure Single Logout.

23.11

Customer Identity

Customer Identity early access features

Feature

Description

Initial release version

Monthly Active Users report and alerts

The Monthly Active Users (MAU) report is a built-in report that provides an overview of the MAU quota purchased, and the number of active users per month who have logged in or signed up to CyberArk Identity or an external app for the selected period.

This report now indicates whether your purchased MAU plans are active or completed, and the number of remaining and consumed MAU reports for each plan. Administrators receive an email notification when the remaining MAUs drop below a configured percentage. The default is 30%.

22.9

Lifecycle management

Lifecycle management early access features

Feature

Description

Initial release version

Inbound provisioning using CyberArk Identity Flows

You can add Identity Flows to inbound provisioning rules to automate the workflow during synchronization between the source and target. For instructions, see Inbound Provisioning with CyberArk Identity Identity Flows.

23.1

Authentication

Authentication early access features

Feature

Description

Initial release version

Security Insights

CyberArk Identity Security Insights enables you to increase your tenant's security posture, enhance security best practices and mitigate potential security risks. Each alert includes details about the age, type, severity, number of findings, and the last time they were found. You can gain greater knowledge with the alert's description, findings, history, and steps for remediation.

Alerts include:

  • Admins without configured phishing-resistant factors

  • Policies with a single authentication challenge for the default authentication profile

  • High-risk users accessing applications within the last 30 days

  • Admins without self-service password reset

  • Policies with weak password configuration

See Manage Security Insights for more information.

24.2

Sign-in APIs now support multiple identifiers

CyberArk Cloud Directory users can now sign in to CyberArk Identity with their email address or phone number.

If an email address or phone number is used in multiple user accounts, sign-in will fail.

22.3

New single sign-on templates

New single sign-on (SSO) application templates are added to the CyberArk Identity Web App Catalog on a regular basis, independent of the product release schedule.

See Recent SSO application templates for a list of recently added templates.

Component versions

The following table lists the latest component versions.

Component versions

Component

Version

CyberArk Identity

24.2.219

User Behavior Analytics

24.1.200

Windows Cloud Agent

24.2.219

Windows Device Trust

23.5.208

Mac Cloud Agent

24.2.219

Mac Device Trust

23.8.219

Android CyberArk Identity mobile app

24.2.100

iOS CyberArk Identity mobile app

24.2.101

Windows CyberArk Authenticator

23.5.208

Mac CyberArk Authenticator

23.8.219

Browser Extension - Chrome

24.2.1

Browser Extension - Edge Chromium

24.2.1

Browser Extension - Firefox

24.2.2

Connector

24.2.219

Known issues

Single sign-on

Known issues for single sign-on

Issue

Description

Single logout is not working for the Confluence and Aha apps.

Signing out of Confluence or Aha with single logout configured does not sign the user out of CyberArk Identity.

There is currently no workaround.

Mac Cloud Agent

Known issues for the MCA

Issue

Workaround

The Mac Cloud Agent installer shows the Gatekeeper warning the first time it is installed on a device.

  1. Go to System Preferences > Security & Privacy > General, then click Open Anyway.

  2. Click Open on the warning screen that appears.

    After you make these changes, the Gatekeeper warning does not display again for the Mac Cloud Agent on that device for the logged in user.

The self-service account unlock is not currently supported.

None

The user may not able to see the device location.

Go to user policy Endpoint Policies > Common Settings > Mobile Settings > Restriction Settings, then under Report mobile device location, select Force for Permit administrator to see device location. Then unenroll the user and enroll again.

Mac login MFA options show FIDO2 and Radius if they were configured in the authentication profile; however, these MFA challenges are currently not supported.

Always make sure authentication challenges configured in the authentication profile are available to your users and configured for each user.

The CyberArk Menu Item is not removed from the UI after you unenroll until the next login or restart.

You might receive a certificate error during munkiimport after tenant migration.

Workaround: Re-enroll the Mac

The Apple Device Enrollment Program (DEP) needs to be configured explicitly to work with the 19.6 Mac Cloud Agent. Contact support if you plan to use DEP.

None

CyberArk Identity mobile app

Known issues for the mobile app

Issue

Workaround

For iOS devices running in the Zoom display mode (Settings > Display & Brightness > Display Zoom: 'Zoom'), the Mobile Authenticator code gets truncated.

Use only the Standard display mode.

For Android devices, re-enrollment of the existing users doesn’t work on the older versions of the app (23.11 and below).

Update to the latest version of the CyberArk Identity mobile app, available from Google Play.

Authentication

Known issue for Authentication

Issue

Workaround

OIDC federation sign in fails due to an extra Authorization header with a null value.

None

System requirements

See System requirements and supported browsers for more information about browser and device support.