Oct 30, 2024 — Akamai Zero Trust Client 6.1.2 General Availability Release
21 days ago by kmieciek@akamai.com
Akamai Zero Trust Client 6.1.2 is now in general availability. Go to Akamai Control Center > Enterprise Center > Client & Connectors > Akamai Zero Trust Client to deploy the upgrade.
To learn more about the Akamai Zero Trust Client rollout process, refer to the rollout documentation.
New features and improvements
- Run custom scripts based on the user’s Access authentication state. With this release, you can integrate your own scripts that run when the user becomes authenticated or unauthenticated. These hook scripts are executed with end-user privileges and can be used to automate actions on the end-user’s workstation.
- New flag to disable Threat Protection during installation. When installing Zero Trust Client with the command line, you can now specify a new parameter to disable Threat Protection. This feature is particularly useful if you’d like to enable Threat Protection only for selected end-users in your organization.
- Client downgrade prevention. In future releases, Zero Trust Client won’t allow manually downgrading to an older version of the client. If the end-user attempts to install a version of the client that is older than the version they are currently running, the installation fails and client operation remains uninterrupted. You can specify an install parameter (
ALLOW_DOWNGRADE=yes
) to allow your end-users to downgrade the client using an older version of the Zero Trust Client installer. Note that this feature applies only to manual downgrade attempts. You can deploy OTA downgrades from Enterprise Center regardless of the status of theALLOW_DOWNGRADE
install parameter.
The downgrade prevention capability is only supported when downgrading to version 6.1.0 or later. This means:- You can’t manually downgrade to version 6.1.0 or later, unless the
ALLOW_DOWNGRADE
install parameter is specified and set toyes
. - You can manually downgrade from version 6.1.0 or later to version 6.0.2 or earlier, regardless of the status of the
ALLOW_DOWNGRADE
install parameter.
- You can’t manually downgrade to version 6.1.0 or later, unless the
- Multi-user support for Threat Protection-only mode. If the client is enabled for the Threat Protections service only, multiple users can use the same device. After a user authenticates to the client with their login credentials, a logout button is available for the user to log out of their account, enabling easy switching between users on the same workstation. To use this feature, enable Support multiple users per device in your SIA policy settings.
- New Threat Protection configuration settings. You can now contact your Akamai representative to show these configuration settings for the Threat Protection service:
- Block Unprotected Traffic. Blocks traffic that occurred before the Threat Protection service was enabled or the client was in protection mode. This behavior is enabled by default. However, you can show this setting to disable it.
- Skip DoT certificate check. Skips the certificate revocation check for DNS over TLS (DoT) if there is no connection to the Online Certificate Status Protocol (OCSP) server.
For more information, see Threat Protection Settings.
- Segmentation now honors the silent install parameter for configuring a forward proxy URL (
FORWARD_PROXY_URL
).
Limitations
- You may encounter issues when running SentinelOne 24.1.2.7444 together with Zero Trust Client 6.1.2 on macOS.
- On macOS, downgrading from version 6.1.2 to 6.0.2 isn't supported. To downgrade, first uninstall the client manually and then install version 6.0.2.
- On macOS, you cannot uninstall Zero Trust Client 6.1.2 by dragging the client icon to the Trash if Zero Trust Client is enabled with the Threat Protection service only. Instead, run the following command to uninstall the client:
sudo /Library/Application\ Support/AZTClient/macos/scripts/uninstall.sh
- Users enrolling or resetting the Access service in Zero Trust Client using Safari 18 as their default browser on macOS may experience enrollment failures. Additionally, if Device Posture is enabled in the IDP, enrolled users may face Device Posture related failures and quick test failures, resulting in Access timeout errors. The client may remain stuck in the enrolling state, and the IDP page in Safari may fail to detect the client with a grayed-out Configure option.
- Workarounds:
Use alternative browsers. Users may use other browsers such as Chrome or Firefox, or revert to a Safari version earlier than 18.
Disable Upgrade upgradable mixed content feature flag. To keep Safari 18 as their default browser, users can disable the Upgrade upgradable mixed content feature flag in Safari settings:- Go to Safari > Settings….
- Navigate to the Advanced tab.
- Check Show features for web developers.
- Navigate to the Feature Flags tab.
- Within the Networking section, uncheck Upgrade upgradable mixed content.
Akamai is actively investigating a permanent solution for this issue and will provide updates as they become available.
- Workarounds:
Supported macOS versions
Zero Trust Client 6.1.2 supports the following macOS versions:
- macOS 12 (Monterey)
- macOS 13 (Ventura)
- macOS 14 (Sonoma)
Required free disk space: ~200MB
Supported CPUs:
- Intel: x86_64
- Apple: M1, M2
Supported Windows versions
Zero Trust Client 6.1.2 supports the following Windows versions:
- Windows 10 Home/Enterprise/Pro 64-bit
- 1803 or higher
- Windows 11 Home/Enterprise/Pro
- 21H2
- 22H2
- 23H2
Required free disk space: ~200MB
Supported CPUs:
- x86_64
Segmentation Agent in Zero Trust Client 6.1.2 is compatible with Centra v50.9-5.50.24244.50358 or later.