• Allow action for risky and file sharing domains. With the Allow action, traffic is directed to its destination unless ​ETP Client​ is deployed on the user’s machine. If ​ETP Client​ is set up for the full web proxy, traffic is directed to the proxy. This action is useful to organizations that want to forward some user traffic to ​SIA​ Proxy while still allowing other users to access content directly.

• Updated user interface to manage a delegated or tenant administrator. If your organization uses the delegated or tenant access feature, a new user interface now makes it easier for ​SIA​ super administrators to find users who are assigned the delegated or tenant administrator role.

This release resolves issues in ​ETP Client​. To support the client with ​SIA​ Proxy:

• Proxy authorization. In an ​SIA​ policy, the new Proxy Authorization option allows ​SIA​ Proxy to authorize connections from the on-premises proxy in a proxy chaining configuration. Proxy credentials that you configure in ​SIA​ and in the on-premises proxy are used to authenticate traffic from the on-premises proxy. In ​SIA​, you create these credentials on the Proxy Credentials tab of the Utilities page. You must then configure these same credentials in the on-premises proxy.

  Note: This feature is not available by default. To use this feature, contact your ​Akamai​ representative.

• ​SIA​ Proxy Certificate expiration. ​SIA​ now sends an email notification when the TLS man-in-the-middle (MITM) certificate you uploaded or generated for ​SIA​ Proxy is about to expire. An administrator that’s set to receive communication emails for system issues will now receive a reminder to update the certificate when it expires in 30 days or less.

• New name for ​ETP Client​ configuration setting. The Automatic security patch upgrade setting is now called Automatic Upgrades for Critical Patches. If you enable this setting, ​SIA​ automatically upgrades ​ETP Client​ to fix security vulnerabilities and major issues in ​ETP Client​.

• New name for CDN Optimization policy setting. The CDN Optimization setting is now called Forward Public IP to Origin. This setting forwards the user’s public IP address to authoritative DNS servers and web servers, and it identifies the geolocation of clients. This setting applies to both DNS and HTTP traffic.

• PingOne available as an identity provider type. If your organization is licensed for ​SIA​ only, you can now create a PingOne identity provider (IdP). Previously, you could only add and manage a PingOne IdP if your organization was also licensed for Enterprise Application Access.

You can configure acceptable use policy Proxy as a Secure Web Gateway (SWG) that performs URL filtering, anti-malware scanning, and applies acceptable use policies to each user. To do this, you’ll need to send all web traffic to ​SIA​ Proxy.

General updates include:

​SIA​'s Secure Web Gateway (SWG) performs URL filtering and anti-malware scanning on all web traffic.

• Deploy custom lists in less than 30 seconds. Like other configuration settings in ​SIA​, you can now deploy custom lists in less than 30 seconds.

• Migrate quick lists to custom lists. Quick lists are now discontinued. If you configured an Allow or a Deny quick list, you can migrate this data to custom lists. On the Quick Lists page (Configuration > Quick Lists), click the Migrate Quick Lists button to migrate your quick list data to an Allow custom list and a Deny custom list. Migrated quick lists are added to all policies, allowing you to manage these lists as part of a policy configuration. By default, the migrated Allow list is granted the bypass policy action, while the migrated Deny list is assigned the block policy action.

  After migrating quick lists, make sure you deploy all pending changes. Once the migration is complete, the Quick List page is no longer available at your next login.

  Note: If your organization never configured quick lists, no action is needed. In this case, the Quick Lists page is no longer available from the navigation menu.

• Associate locations to a scheduled report configuration. You can now configure a scheduled report to show events based on a location or multiple locations. By default, scheduled reports are configured to show events based on all locations.

• View data and configuration settings available to a tenant administrator. If an ​SIA​ super administrator assigns the tenant administrator role, a Filter data by tenant administrator field now allows you to view data and settings available to a tenant administrator. After you specify a tenant administrator in the field and navigate ​SIA​, the filter shows configuration settings and event data based on the locations, policies, and lists the tenant administrator can manage.

• New tab names on the Activity page. The DNS tab is now called the DNS Summary tab, and the Proxy tab is now called the Proxy Summary tab.

In addition to selecting a specific date or date range, the calendar filter that appears on the Dashboard, Events, Activity, and Indicator Search pages now allows you to specify a start and end time in a 24-hour clock format. This enhancement filters data to show events and domain history changes that occurred within the specified time.

• Exception Lists. An ​SIA​ administrator can now create a list with the domains and IP addresses they want directed to the origin without Transport Layer Security (TLS) decryption or ​SIA​ protection. An exception list bypasses ​SIA​ Proxy. This feature allows your organization to maintain the privacy of users who access trusted websites with sensitive information. Like a custom list, you create an exception list and assign it to a policy configuration.

• Bypass action for Exception Lists. When you add an exception list to a policy, the bypass policy action is automatically assigned to the list. This action resolves requests to the origin IP address. If ​SIA​ proxy is enabled, the request is not decrypted with TLS. It is sent directly to the destination web server. While no event is logged on the Event Analysis page for bypassed traffic, domains are logged on the Network Traffic tab of the Activity page.

• Client Connector now called ​SIA​ Client. Client Connector is now called ​SIA​ Client. The tab on the Utilities page and the client configuration settings now refer to the new ​SIA​ Client name.