Click here to sign up for our mailing list
Hello and welcome to this HelloID Access Management product release video for June 2020.
HelloID Access Management is an cloud based solution to control who has access to your business applications. By offering Single Sign On, access will made easier for the end user. HelloID also offers a wide integration with many two and multi factor devices, like Yubikey, Soft token, Oauth tokens, SMS, Radius, and many more. HelloID is an good alternative for ADFS, Okta, One Login and Azure P1 license.
In this video I first I’d like to start with a PowerPoint presentation and then demo you the new functionalities.
So let’s start with the PowerPoint presentation. In this release we have six new items. We improved the Certificate Management, so now you’ll get an alert either 30 days, two weeks, one week, or every day in the last week before a certificate is going to expire. This is for the apps but also if you have a custom domain that is going to expire. This is pretty helpful if you are using ADFS, so now you will be notified if your certificate is going to expire.
The next item is that, as an end-user, I can now manage my own second factors, so I can add and remove, remove was already available but now you can also add new factors.
Another new option is that the password reset is removed for external IDPs, so now it’s only available for local HelloID users.
Another small change is that we now have list box instead of a string of IP addresses in the IP restriction box.
We also have a small change in the group view, now you can see the source IDP per group. This makes it easier to identify the correct group especially if they have duplicate names across different IDP’s.
The last item is the AMR claim that’s now also available for Open ID for the IDP, I have another short PowerPoint presentation to explain this mechanism before demoing the new functionalities.
Improve Certificate Management
This was already available, so suppose you have HelloID as an IDP and different apps that were protected by different multi factors, then this is not a desired situation: you want to have one single factor on the HelloID portal. So you want to have one factor protecting those different apps and today you are already be able to do that by sending the AMR claim in the Open ID Connect session. That was already available. You also have the option that HelloID was the Search Provider, the SP, and that, for example, Azure AD was the IDP, and of course this is the Open ID connection so then you also want to have the AMR Claim in this connection with HelloID as the SP and Azure as the IDP. So you want to move this two factor upwards to the Azure IDP, so we also included the AMR claim if HelloID is the Search Provider and Azure is, for example, the IDP. In this setup you only have one multi factor that is protecting the Azure IDP but simultaneously is protecting HelloID and the applications. Okay, now let me demo the new functionalities to you.
This is the email alert that you will receive if the certificate for an application or custom domain is about to expire, and you will receive this email either 30 days, two weeks, one week, or every day in the last week before the certificate will be expired. It will be sent to the email that’s listed at Tools4Ever as the main contact person for your portal.
Manage second factors
Another item is that every user, and I’m showing this now as Administrator but you can also do this as an end user, you already had the security option and in this option you can manage your own second factors. You were already able to remove them but now you can also add new factors, so let me remove this soft token and now I’ll re-add this second factor. And again, this is a new option that was not available, so as an end user I was not able to manage my own second factors, only as part of the enrollment process. So let me add this QR code, now it’s re-added and of course I can remove and add it again as an end-user myself.
Hide reset password for non local users / External IDPs
The next item is that we removed the password reset for external IDPs, so if I go to users, I cannot reset passwords anymore for a domain user, I can still do it for local HelloID users, but not for external IDP users anymore.
IP Restriction As List instead of text-box
On to the list box, I can show that in Policy, Edit, go to Network and here I can start adding IP addresses in an easier way, I can still use the format I am used to but the editing is more easy that editing a comma separated string of IP-addresses.
This is the end of this video. Thank you for your time and attention.
Please let us know if you have any additional questions. You can post your question in youtube or send it to email@example.com. Please subscribe to our channel to receive frequent updates about improvements and changes in HelloID.
For now have a wonderful day.