Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

ONELOGIN Product Notification

Return
Product Release

These release notes provide information about the June 2022 release of OneLogin. Please refer to the June 2022 Release Notes for details on enhancements, new features and resolved issues.

As part of our ongoing efforts to provide customers with the most stable and seamless service release experience, OneLogin has revamped our release process. Service releases now utilize a staggered deployment schedule over a period of time. With this new process, customers should expect new features and bug fixes to be gradually applied to our global customer base. 

If you don’t see a new feature immediately following our monthly release, you will soon, unless the feature must be enabled by your account manager.

Here's what happened in May at OneLogin:

  • Security & Authentication
  • Manageability & Reliability
  • Bug Fixes

 

Security & Authentication

 

Directories

 

Google Authentication option Removed from the Google Directory Connector 

 

As of May 29th, 2022, Google has fully deprecated its Allow Less Secure Applications option. More information on this deprecation can be found here. 

This means that administrators will no longer be able to use the Google Directory to authenticate users via the Google Directory Connector within OneLogin. Because of this change we have disabled the ability to select Google from the Authenticate User In drop down on the Basic tab of the Google Directory Connector. All users that are being synchronized with OneLogin from Google via the Google Directory Connector will be authenticated by OneLogin unless another authentication option has been configured through a feature such as Trusted Identity Provider (TIDP) via the article found here.  

 

Trusted Identity Provider (Trusted IdP)  

OIDC (OpenID Connect) Trusted IdP Configuration Allows Choice of Customizable Login Hint 

This feature allows OneLogin to send a customizable user attribute to the third-party Identity provider as the login_hint instead of the default username entered by the end user. In this release, only Trusted IdPs configured as OIDC provider will support this. 

The setting can be found on the Settings tab of the Trusted IdP that you are configuring. Now when you check the Send Subject Name ID or Login Hint in Auth Request you can choose any of the user fields defined for your users. This value will then be passed as the login_hint to the third-party identity provider you have configured the Trusted IdP entry to use. 

Manageability & Reliability 

Administration Portal

Only an Account Owner can see the Account Owner User Record 

Only an account owner will be able to view the settings of the account owner user record. For all other users who can view users, the account owner user record will be greyed out.

Newest Release Now Announced on Admin Dashboard 

The What’s New link has been removed from the user profile menu. This feature has been used in the past to provide administrators with updates on the most recent releases.  

Release Notes will be posted to theDashboard of the OneLogin Administration Portal going forward, so that administrators can see that there has been a new release when they first log in to the Administration Portal under the News & Updates section to the right. 

Bug Fixes 

  • Azure AD (Active Directory) now works as a TIDP during an IDP (Identity Provider) initiated authentication flow as well as during an SP (Service Provider) initiated authentication flow. 
  • The OneLogin Administration Portal will now show the user’s name in the upper right corner.  
  • IP addresses captured during the device registration process will now be accurately captured. Incorrect IP addresses that were being captured in the past were generating false warning alarms. 
  • An error will now be thrown when users that have the exact same email address are being imported into OneLogin from UltiPro/UKG.