Entrust

Release 5.18

ActiveSync now supported for Microsoft Office 365 with OAuth 2 device code authentication

Identity as a Service now supports ActiveSync using OAuth 2 device code authentication. A new setting has been added to the ActiveSync Access page to migrate existing administration from using basic authentication to OAuth 2 device code authentication.

Group-based Policy

The existing Settings menu has been split into two menus: Configuration and Policies.

Configuration settings apply globally to the tenant. Using Policies, administrators can adjust settings on a per group basis. For example, you can configure users in different groups to use different levels of security, such as the length of the OTP and lockout attempts.

One-step Multi-factor Authentication

One-step multi-factor authentication is been added to RADIUS applications.

New settings have been added under RADIUS Application page to enable one-step multi-factor authentication and to specify the length of second factor response. When enabled, the user must enter their password and second-factor response in the same password field. Only temporary access code and token are supported as second-factor authenticators. Also, the second factor can be opted from the resource rules page. As a second factor authenticator, Soft token and Temporary access code are supported.

Changes to Administration Portal

The following enhancements have been made to the administration portal:

Trial Account Expiry

Trial accounts now expire after 60 days instead of 30 days.

Additional enhancements to OTP-based authentication

Administrators can now set the default OTP delivery attribute for each type of delivery - Email, SMS and Voice.

Users can now set their own OTP delivery attributes in the user portal.

Enterprise Service Gateway Deprecation

Entrust will only support the last four releases of the Enterprise Service Gateway (the current version and the three previous releases). Entrust recommends that customers always upgrade their Enterprise Service Gateway to the latest release because each release contains security updates to the Enterprise Service Gateway O/S.

Browser Deprecation

In August 2021 Microsoft will no longer support Internet Explorer 11 for Office 365 (Microsoft's statement). At that time, Identity as a Service will also cease support for Internet Explorer 11.

Changes to Identity as a Service APIs

The following changes have been made to the authentication API:

The following changes have been made to the administration API:

The following attributes have been added to models in the administration API.

The value NONE has been deprecated from the enumerated type OTPDeliveryType in OTPAuthenticatorSettings. Use of default attribute specific to delivery mechanism is recommended eg. otpSmsDefaultDeliveryAttribute, otpEmailDefaultDeliveryAttribute"