The team has been rather busy these past several weeks to bring you several improvements to existing, and shiny new features.
Tenant Access Permissions
Tenant access permissions is a great way to restrict which of your admin users have access to which tenants.
When accessing Tenant Access Permissions, you’ll be able to select which of your users should have access to which tenant. Once determined the Granular Admin Permissions the user is assigned will be applied to all tenants.
Convert user types
When adding a new Evo Cloud user, you can select the appropriate user type (User, Admin, or Guest). However, when users are synced to Evo via a configured directory (Active Directory or Google Workspace), they are automatically assigned the type of User.
For most a user type of User will match exactly to how they will be interacting with Evo. But for others who will interact with increased authorization they will require the user type of Admin.
Now. Rather than deleting and re-adding users with the correct user type or reaching out to Evo Support to make the switch from behind the scenes. The management of user types is under your administrative control – use it wisely!
Password Rotation for Active Directory
The one thing we’ve heard from several partners is needing the ability to rotate passwords, especially for elevated access accounts.
We’re happy to announce that when setting up elevated access accounts in Evo that are tied to Active Directory (Azure or On-Premise), you’ll have the opportunity to select whether you’d like the password to be rotated or not. And if yes, to what frequency.
Having this capability removes the stress of needing to manage it yourself, whether manually or programmatically. When the rotation has been enabled within Evo, it will be completed for you based on the frequency and desired password length.
Notices: To take advantage of the new Password Rotation functionality, you’ll need to either upgrade your Evo Secure Login LDAPs Agent or update your Evo Secure Login Azure Active Directory configuration.
- For LDAP agent upgrade instructions, refer to How do I upgrade the Evo LDAP Agent?
- For Azure Active Directory configuration details, refer to Sync with Azure Active Directory (AD).
Block IP Addresses – By Country Rule
Whether adding a rule for certain IP addresses or a complete country. The block IP address rule is a great way for you to restrict where systems or applications are accessed from.
Given today’s security concerns. We’ve recognized the need to block all access from a particular country, or countries if there is more than one, you’d like to restrict access from.
As a result, you’re now able to create a Block IP Addresses - By Country rule.
When blocking a country, there are currently no exceptions allowed.
Granular Admin Permissions
Granular Admin Permissions within Evo was previously known as Access Roles.
Why the name change? It better matches the functionality’s purpose. To allow you to set the granular permissions for your admin users, that can be shared amongst all tenants saving you the need to replicate a role.
A user can only be associated to a single role.
If the user’s role within your organization has changed which warrants the need for increased permissions, the user would need to be removed from their current role and assigned to a new role.
Evo Secure Login Mobile App
- Apple new app version 3.4.2.
- Android new app version 3.4.0.
Elevated Access Management
Previously you created an elevated account, and then created a group that account is to be associated. This also meant that that one account/group was associated to a single tenant (client).
With the recent improvements you can now create an elevated group for all tenants, or specific tenants (one to many). Each providing a different level of management capabilities, specifically around how often you may need to revisit the assignment grouping based on tenant or user changes.
Block IP Addresses – Custom
The team has been busy working both fixing and improving rules specific to blocking IP addresses.
Previously when you created a Block IP Address rule, you were only able to add a single IP address at a time. Which if you have a larger block of addresses to add (e.g.: x.x.x.0 to x.x.x.100) would be time consuming.
Now when you create a new Block IP Addresses - Custom rule, you’ll be able to specify a single IP address OR a block of IP addresses. Which saves time on needing to enter a block one address at a time.
Single Sign-On Reset Frequency Rule
Previously you were able to add as many SSO reset frequency rules.
However, as this is a global rule allowing for more than one SSO rule to exist at a time really didn’t make much sense, as the rules could clash.
As a result, for a Global SSO rule, we’ve restricted it to only allowing a single SSO rule to be created. If you need to refine the rule, we recommend you edit the rule frequency settings to better match your organizations needs. Otherwise, you can delete and add a new SSO rule.