We are pleased to announce the latest update to the MyID Service. We’ve been working hard on new features that make creating and managing secure credentials even simpler.
The new and updated features include:
Cancel issued credentials from the dashboard
Cancelling credentials can already be automated from Active Directory, by removing a user from the MyIDaaS Active Directory security groups. This affects all their issued credentials but in some situations, there may be a need to cancel credentials on one computer only – for example when providing a new computer to the user or giving them temporary access. Administrators also need to deal with cases where the computer is being decommissioned or has been reported as lost or stolen.
You can now use the MyIDaaS Dashboard to cancel credentials for one user on a specific computer, or alternatively for all users that have credentials on the computer. This causes the credentials to be unassigned from the user and revoked meaning the certificate will no longer be able to be used. The service event history will record when this happened, who did it and importantly, allows the Administrator to record why they have done this.
PIN Unlock for Microsoft Virtual Smart Cards
Microsoft Virtual Smart Cards (VSCs) are protected by a User PIN, providing two factor authentication, something you have (the computer with a virtual smartcard and certificate) and something you know (the PIN). A security feature of a Microsoft VSC is that if the PIN is entered incorrectly too many times, the VSC will lock. This increases the security benefits, but also can cause headaches for Administrators – we’re all human, we forget PINs, or mistype them as we struggle to get going in early morning meetings.
Using the MyIDaaS dashboard, an Administrator can walk the user through the process of unlocking their VSC and setting a new PIN. The process involves the user reading out a ‘challenge code’ they see on the Windows Logon screen and the Administrator providing a response, generated by MyIDaaS. This feature also works when the computer is offline – no connectivity to MyIDaaS, or the internet is needed – so a simple phone call between the user and the Administrator can quickly get them up and running wherever they are in the world.
Automatic updates to the on premise Bridge and Provisioner components
MyIDaaS uses two on premise components to automate the requesting and issuing credentials – the Bridge which keeps the cloud service synchronised with user data in Active Directory, and the Provisioner which creates the credentials on each user’s computer. From this update, when a new version of the Bridge or Provisioner becomes available, it will automatically be downloaded and installed on your Bridge server, meaning your environment is always up to date with the cloud service. The group policy scripts created by MyIDaaS include a version check – when the computer boots it will detect the new version of the Provisioner and copy it onto the client computer. Please note that if you have created your own GPO scripts to manage deployment of the Provisioner, you should include this version check – the scripts provided can be used as examples.
Export list data
Often, it’s useful to download some of the information displayed on the dashboard – for example for creating offline audit records showing credential issuance events or providing information for management reports. The information tables shown in the dashboard now have a ‘download’ control – the data filter criteria that is in use will be applied to the downloaded information which is saved as a CSV file, ideal for use with spreadsheet software such as Microsoft Excel.
Updated platform support
The MyIDaaS Bridge software is now supported on Windows Server 2016, as well as Windows Server 2012 R2. We have also validated support for Intel Authenticate v2.5, including use of the enhanced capability for forcing certificate based authentication by blocking the user password in the Intel Authenticate policy.
Viewing 1 post (of 1 total)
The forum ‘MyID service announcements’ is closed to new topics and replies.