I think it’s safe to say that everyone is looking forward to 2020 finally being over. While the year itself has been nothing short of awful, as I reflect on what we’ve accomplished as a company, and the advancements we’ve made on our platform, this has been a banner year, and we’ve finished the final quarter with a bang! This quarter was marked by three major product enhancements and net new capabilities:
All-new Windows Agents
The agent has been completely redesigned with an improved user interface, support for network-based login (when Bluetooth login is not available or desired), and auto-lock capabilities.
Improved User Interface
With our latest Windows agent we’ve introduced a brand-new user interface. In the past, the TruU login experience was inter-mixed with the native Windows experience and was very text-heavy with too many options for the user. The new agent features an interactive menu-based UI with far less options and text to make using the agent much more intuitive.
First-time pairing now utilizes a QR scan to simplify and add security to the pairing process as the action is explicitly started by the right user from their phone. The QR scan capability includes a policy-based “Remember Me” setting so that future interactions can skip the QR step, or if TruU is being deployed on a shared desktop Admins can choose to disable this option. All interactions and options are presented clearly to users through the TruU UI.
Support for Network-based Login
The new agent also represents a quantum leap forward in that it enables a Multi-Path login protocol for desktops. In addition to the proximity-based login that we have always supported through Bluetooth, the agent now also enables logins entirely through the network (orchestrated by TruU Identity Servers).
The agents can be configured by policy to communicate over the network only or a combination of network and Bluetooth where the agent intelligently chooses the protocol based on what’s available between the computer and the mobile device.
With this agent, we have also introduced an auto-lock capability which works when in proximity (Bluetooth) mode. This capability is controlled via policy and can be configured in one of two modes:
- To lock screen unless cancelled from mobile, or
- To remind user to lock screen through mobile.
This represents an incredible leap forward from a security perspective in that computers will now auto-lock within a few minutes of the user walking away from their computer as compared to the typical 30 minutes before auto-lock policies kick in due to idle time from group policy settings.
In working with our customers through their deployments of TruU, we’ve found that our existing Role Based Access Control did not provide enough granularity for how our customers manage the systems that our platform integrates with. We’ve had RBAC in the product for years with pre-defined Administrative Roles:
- Super Admins,
- Read-Only Admins,
- Digital Admins, and
- Physical Admins
Now, with our Delegated Administration feature, we start with these same 4 pre-defined Administrative Roles but give Super Admins the ability to modify all permissions and entitlements based on what is needed for their organization. Super Admins can now modify administrative rights for the pre-defined Roles, and / or add entirely new roles. Once the Roles are created, they can be assigned to Admin users as needed.
This feature gives our customers the ability to scope administrative rights based on: (i) functional areas, and (ii) specific adapters. These rights are fully enforced through an authorities framework in the TruU back-end and through the UI itself (e.g. if an Admin is only allowed to administer a specific SSO adapter, then he/she can’t select “All Adapters” when applying policies for authentication).
More Robust Physical Security
For our physical security customers, we’ve made major improvements for how we integrate with the Lenel Physical Access Control System, and how we add and configure LEAF readers.
Improved Lenel Integration
For our customers deploying TruU for physical access with integration with Lenel, we’ve made two big improvements to our Lenel Adapter:
- Simplified deployment and management are now possible through an Installer that removes the need to setup IIS and use certificates to install the Lenel Adapter.
- Explicit attribute mapping for matching Lenel users to directory users with complete flexibility to use any attribute from directory (as opposed to requiring UPN to match users).
Adding and Configuring LEAF Readers
For TruU customers using readers that support the LEAF standard (e.g. WaveLynx readers), we have released an iOS app for Admins to configure those readers for use with TruU. The app allows Admins to change the keys for the readers and to automatically register the readers with the TruU Identity Platform.