LogonBox SSPR 2.3.19 – Available Now

Windows two-factor authentication

Introduction

LogonBox is pleased to announce the immediate availability of LogonBox SSPR 2.3.19.
This release includes support for Twilio SMS and improvements to the SSH User Directory, Credentials Provider and validated emails for OTP authentication.

Twilio

LogonBox now supports Twilio directly for sending SMS messages. Previously this was configurable by using a custom SMS task with a trigger.
With this release, you can now select Twilio as an SMS provider in Authentication Flows->Authentication Options->SMS, then enter your Twilio SIDs and Token in the Twilio tab that appears.

This feature is pre-configured and free to use on our cloud services during the evaluation period. There will be options to purchase credits to continue using our Twilio service in production with no requirement to set up a Twilio account yourself.

SSH User Directory improvements

The SSH User Directory now supports password locks (using faillock) on RedHat systems.
Previously this supported account locks only (using passwd -l), which is still supported.

When reading the /etc/passwd file when synchronizing users, the previous limitation of a 32KB file size no longer applies, meaning it is now possible to synchronize a greater number of users.

Credentials Provider improvements

We have improved how the Desktop Credentials Provider registers itself with the server.
We have released a new version of the Credentials Provider separately (version 4.11) that contains further improvements and fixes around password resets and integration with our VPN.

One Time Password validated emails changes

Due to how OTP worked previously with validating a user’s email address, if that user’s directory email changed at any point, any OTPs would still be sent to the old address.
We have made some changes to address this:

If you are using directory emails, users will not need to validate their email on their first login.
If a user’s email address changes on the directory, then any new OTPs will be sent to the new email as expected.
If you add an Additional Email to the user’s account in LogonBox, the user will also have the option to send an OTP to that address.

When Use Directory Email is enabled, users will no longer see a list of validated emails in My Credentials->OTP.

If you have turned off Use Directory Email, then validated emails for OTP will work as previously, using emails stored in LogonBox only.

Changes to admin user login

A new Show Administration Link option is now available in Authentication Flows->Authentication Options->Admin. This option will add an Administration link underneath the user login page, which you can use to switch to the admin login page instead of manually visiting /app/admin.

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on with your admin account, navigate to Server Status from the main dashboard and click Update. You may also be prompted automatically on login if you have Updates, Features & Licensing->Update Prompt turned on.

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:

https://docs.logonbox.com/app/manpage/en/article/6172513

Our support team will upgrade Cloud customers over the coming week.

Changes

Here is a summary of the changes in this release.

Features

  • Twilio SMS support was added and set to default on a cloud evaluation.
  • SSH Directory now supports password and account locks on Redhatsystems (faillock and passwd -l).
  • SSH Directory can now read in /etc/passwd files larger than 32KB.
  • We have improved how the Desktop Credentials Provider registers itself with the server.
  • Changes added to validated emails with OTP (AD email changing, use Additional Emails).
  • New option to show Administration link.

Bugs

  • AD user’s Fullname attribute incorrectly using AD’s description attribute.
  • End users now receive Account Suspended emails again.
  • Completed profile counts are now consistent (graphs vs profile counts on the Users menu).
  • Added some missing database cascades, which prevented some resources from being deleted.
  • You can now delete realms on the Windows version.
  • Let’s Encrypt adds the intermediate certificate.
  • Profile status gets updated when PIN and Questions are in use.
  • Fixes to Windows H2 database to add cascades on delete.
  • Added some missing i18 strings for Lock Threshold, Window and Time.
  • On the Windows install, you can now delete Realms again.
  • Added permissions to fix 403 error on My Resources->Passwords.
  • Added missing i18n strings on some AD attributes (givenName, sn, displayName) visible in User Directory->User Attributes and on the end user My Profile.

Credentials Provider 4.11

  • The LogonBox Directory version now prevents logon from email addresses and shows a suitable warning.
  • Verification of password now base64 encodes the password rather than using plain text when passed as part of the passwordCheck API.
  • The LogonBox VPN startup link works as expected again.