Week 23, 2023

Exciting updates this week! Introducing the "Link User" capability for consolidated user management, a powerful "Compromised Session" check, and the ability to snooze notifications for failing users. Read on for more details!

Have you ever faced challenges while investigating users due to their multiple accounts? Are you concerned about unauthorized usage of personal email accounts to access company resources? According to our 2023 State of Identity Security report, the average company has 340.5 personal accounts (Gmail, Yahoo, Hotmail, iCloud, etc.) with access to sensitive data.

We have exciting news for you! This week, we have released the new "Link User" capability, enabling you to consolidate multiple user profiles into a single comprehensive view. What's more, you can link accounts across different platforms. For example, if you have separate accounts in Okta, Google Admin, and Microsoft with different email addresses, you can now link them together effortlessly.

To access the account linking functionality, navigate to the User 360 profiles located at the bottom right of the page. Alternatively, you can find the option under the "Actions" tab, which will direct you to the relevant section. You will notice a convenient search bar, allowing you to search for associated accounts and link them with a simple click of a button. Should you ever need to unlink these users, the process is equally straightforward.

We have exciting plans in store for further enhancements to this feature, and we would love to hear your feedback. Let us know if you find the "Link User" capability useful, and stay tuned for more updates!

πŸͺ Introducing the "Compromised Session" Check for Okta Integration

We are thrilled to announce the addition of a new feature called the "Compromised Session" check to our Okta integration. This powerful check is designed to enhance the security of your login sessions by alerting you of successful logins from two or more IP-Device pairs within a single session.

To further strengthen the protection against unauthorized access, Okta provides a setting known as "Enforce Device Binding for Creating Sessions." This setting ensures that redirect requests are restricted to the browser where they originated. While it is possible to disable this feature for compatibility with the Classic Engine, Okta strongly advises against doing so.

By enabling device binding, Okta ensures that state tokens are redeemed only by the authorized user who initiated the authentication flow. Disabling this feature may bypass the essential checks that safeguard the integrity of the authentication process.

For more information on how to enable or configure the "Enforce Device Binding for Creating Sessions" setting, please refer to Okta's support article.

Snooze Notifications for Failing Users

We are excited to announce the latest feature addition to our platform: Snooze Notifications for Failing Users. As part of our ongoing efforts to provide a seamless user experience and enhance the customization options, we have introduced the ability to exclude specific users from checks for a defined period of time.

By utilizing this feature, you can temporarily exclude a user from a specific check, effectively snoozing the associated notifications. You have the flexibility to choose the duration of exclusion based on your requirements. The options include indefinite exclusion, exclusion for a pre-defined number of days, or exclusion for a custom number of days.

During the snooze period, there will be no alerts, Slack/Teams messages, or emails related to that specific check for that user. However, once the specified duration ends, if the user fails the check, the notifications will resume as usual. It's important to note that you retain complete control and can include the user in the check again at any time.

We hope this will provide you with greater flexibility and control over your notification preferences, allowing for more efficient monitoring and management of user checks.

Bug Fixes and Minor Improvements

- View Failing Users for a Check. When clicking through to users list, only the users protected population will be displayed. - Auth0. IdP Type and IdP Name are now shown within the Auth0 cards in User 360 profiles.

Last updated