Oct 26, 2018 — Enterprise Application Access updates

Enterprise Application Access (EAA) new software release.

New features and performance improvements

  • User experience improvements - EAA Login Portal customization:

    • Italian Language support. The user's portal can be configured to display content in Italian. Once enabled, the browser’s language settings are used to determine the language being displayed, and users can override the language being selected.

    • Customization for help desk email addresses. The help desk email address found under EAA Management Portal > System > Settings can be customized to any address the organization chooses and all references to help desk will point to the new address provided.

    • Organization name customization in MFA notifications. All MFA notifications are sent from Akamai today. This release will provide customers with the capability to customize the Organization name presented in MFA notifications.

    • URL for new user sign up. An optional field can be exposed in the user's Login Portal that allows EAA administrators to customize the URL for new users to sign up.

    • Customization for application headers. EAA supports sending LDAP attributes as a custom header for applications.

    • Email Notification On/Off. EAA supports the ability to toggle system email notifications on or off from the EAA Management Portal.

  • Identity capability improvements:

    • Support for Integrated Windows Authentication (IWA). IWA allows end users to single sign on to their apps by virtue of logging into their device (desktop SSO). This feature can be leveraged when users are on a trusted network. EAA supports multiple operational modes for IWA.

    • Authentication only based on client certificates. Provides an SSO-like experience without the need of username and passwords. Users are logged into the IdP on presenting a valid certificate.

    • WS-Federation with SAML 1.1 support. WS-Federation and SAML 1.1 support facilitates SAML authentication to Sharepoint.

    • Multi-auth support per PCI-DSS guidance. PCI-DSS 3.2 defines multi-auth capability to require traversal through all factors of authentication before a success or failure is revealed at login. EAA supports multi-auth as part of the TOTP based mutli-factor authentication workflow, which provides additional protection against brute force attacks.

  • Enhancements with third party IdP integration using EAA’s identity access aware capabilities:

    • Support for EAA user workplace with third party IdP (for example, Shibboleth). EAA admins can present the EAA user workspace in conjunction with third party IdPs.

    • Authorization for third party IdP. Ability to leverage group information in policies when using third party IdPs, and an updated IdP deployment workflow.

  • EAA Management Portal Dashboard enhancements. The new dashboard provides a tiled view with actionable widgets. New tiles include OS/Browser distribution, login failure details, and user activity details.

  • Application off-loading when on trusted (on-prem) networks. Allows customers to define trusted networks on the basis of subnets within the IdP. When traffic comes in from a user inside a trusted network, admins can optionally allow the data path to flow directly through without being proxied via EAA. In such scenarios, EAA will still handle the authentication flow.

  • SIEM updates. Expanded information is provided to Splunk via the EAA Splunk app. Updates include information on response times, login event details, and resource IDs. There is no change required on the Splunk application available on Splunkbase.

  • Reporting enhancements. EAA users can query for a report without selecting any query parameters. EAA supports the following new preset reports:

    • Applications Accessed
    • Applications Failed login
    • Login Failure Details
    • Unique Users Count

Known limitations

  • Italian Language Support. The EAA remote-desktop aide and EAA Management Portal will continue to display content in English regardless of language selection.

  • Application Templates. SaaS apps cannot have profiles assigned at this time. Only access applications can have profiles assigned.

  • Certificate Limitations. When an existing CA certificate is updated, applications using this certificate are not marked for deployment.

  • Application Off-loading when on trusted (on-prem) networks. Only web applications are supported at this time; VNC/RDP/SSH application profiles are not currently supported.

  • Report enhancements. IdP URL will not be shown for the Applications Accessed and Applications Failed preset reports.

  • IWA Error. If a user performs a save on the Advanced Settings page and goes to the deployment page they may receive an error on the IWA field if there are changes to another previously enabled IWA. The work-around is to hard-reload the browser to clear the error.

Bug fixes

  • Text and displays in the EAA Management Portal:

    • Increased the size of the the external hostname configuration field in the EAA Management Portal > Preview Configuration tab.

    • Status tab is now Diagnostics.

    • Moved the sync option in the Status tab to the Advanced tab.

    • Removed the Diagnostic Tools from the tray.

    • Reduced the size of the window on the EAA Management Portal > Settings page.

  • Added support for InstallBuilder Package Code signing for MacOS and Windows 64 bit.