What's new v14.1
February 2024 - Version 14.1 update
This section describes the new feature released for Privilege Cloud v14.1 February 2024.
Just-in-time permissions for vaulted credentials
CyberArk provides several methods to isolate and monitor privileged sessions while reducing the risks of standing access. The primary objective, in alignment with the CyberArk Blueprint, is to reduce the risk of stolen credentials with standing privileges. One primary method to achieve this objective is provisioning access by creating an ephemeral user with time-bound permissions to access resources tagged with certain attributes (known as attribute-based access control).
We understand that this approach is not suitable for all customers and use cases. For example, a user needs to access targets with a personal privileged domain account that is managed in a vault, but the security admin would like this account to have least privileges and to only be accessible when required, through just-in-time provisioning.
To address customer requirements and feedback, we have expanded the scope of session management with Zero Standing Privileges.
Users can now connect to targets with credentials that are managed in the Privilege Cloud Vault with little or no associated permissions. Upon connecting to a target system, users receive only a selected range of relevant permissions defined by the appropriate policy. At the end of the user’s session, these permissions are removed.
With this new workflow, users can access Windows targets on a just-in-time basis, with time-bound sessions. Security teams can meanwhile maintain the existing user profiles of an account, including key credential management and rotation policies.
This addition builds on our existing capabilities for users to access targets with Zero Standing Privileges without the risk and operational burden of an existing account or credential.
For more information, see Connect with a vaulted credential and elevated permission.
February 2024 - Version 14.1
The following features are introduced or enhanced in CyberArk Privilege Cloud version 14.1.
Click the following video to learn about v14.1 features:
Loosely connected devices - new and enhanced capabilities
The following capabilities are added for discovery and management of loosely connected device accounts:
Enhanced discovery rules for automated onboarding of discovered accounts
In light of the increasing number and variety of privileged accounts, it is crucial to quickly discover new accounts and onboard them according to your organization's requirements.
In this release, Privilege Cloud offers powerful new automatic discovery rules. The new discovery rule builder is a user-friendly and flexible tool that enables you to define advanced rules for accurate, automated account onboarding and ensure clearly-defined and secured account management.
At this stage, the discovery rules support rule settings only for local accounts discovered by the EPM scan mechanism that was released in our previous version. In future versions, this discovery rules will become the only mechanism for automated management of discovered accounts.
Learn more in Discovery onboarding rules.
Self service configuration of secrets rotation for loosely connected device accounts
To increase customers' self service capabilities, Privilege Cloud enables customers to independently configure the security key at the time of setting up the PAM-EPM integration.
See Manage loosely connected devices > Rotation configuration.
Configure an IP allowlist
You can now view and manage your allowed IP addresses to ensure tight security controls from your machines to Privilege Cloud.
An IP allowlist is required for Privilege Cloud customer-side components (CPM, PSM, PSM for SSH, CP, CCP, Secure Tunnel) to communicate with the Privilege Cloud SaaS environment.
PSM upgrade using Connector Management
In addition to upgrading Privilege Cloud CPM, the Connector Management tool now supports upgrade of the Privilege Cloud PSM. This upgrade step is now done easily and quickly thanks to the following Connector Management abilities:
Indication of a new PSM version
Updating the PSM component from the Connector Management service, within requiring any manual access to the Privilege CloudConnector running the PSM
Simple and quick steps instead of the legacy multi-step process
Indicators on succesful/failed upgrade
Learn more in Upgrade Privilege Cloud Connector > PSM component.
Upgrade the Privilege Cloud CPM and PSM components with proxy configuration through the Connector Management
You can now use Connector Management simple upgrades to upgrade the Privilege Cloud CPM and PSM components of a Privilege Cloud Connector that is configured for proxy.
This option applies to Privilege Cloud Connector machines that were previously configured for proxy.
CyberArk Password Vault Web Access (PVWA) User Login and Logon Message
The CyberArk Password Vault Web Access (PVWA) User Login and Logon Message connection component establishes a secure session with the CyberArk Privilege Cloud Portal, regardless of whether a user login message is involved. It is built on the Secure Web Application Connectors framework.
CyberArk has merged two connection components:
CyberArk Password Vault Web Access (PVWA) v12.2 or later with Logon Message
CyberArk Password Vault Web Access (PVWA) v12.2 or later
Going forward, you can use this unified connector component to establish a secure session with the CyberArk Privilege Cloud Portal, whether or not a user login message is involved.
New Technical Community group: Marketplace news and updates – Join today
We are thrilled to announce the launch of the Marketplace news and updates group where we will update you on both new and upgraded integrations and tools.
From now on, you will receive notifications whenever new content is available in the Marketplace or when we have new and updates about the Marketplace site.