New Identity Management Application is Generally Available
The new unified Identity Management (IDM) application is now Generally Available to all customers in Luna Control Center. The new application combines the functionality from User Admin and User Profile, Manage APIs and Contact Management into a single application, and supports editing your own profile and viewing your permissions, all in a brand-new look & feel.
The new application also allows Admins to:
Manage groups, resources, properties, and escalation contacts,
Manage users and APIs,
Reset multi-factor authentication,
Set account-wide default settings.
Access to the new application is open to all customers in Luna Control Center under the CONFIGURE menu at Manage Users & Groups.
New Certificate Provisioning System (CPS) user experience is now live.
The new Certificate Provisioning System (CPS) user experience is now
live for all customers and partners. This new CPS version has a
task-based interface that mirrors your own certificate provisioning
workflows. CPS shows certificate activity happening in the system and
even highlights certificates that need attention. The old CPS
application has been renamed “CPS (Legacy)” and will continue to be
available for a short time. We encourage you to move all your
workflows to the new application by the end of March 2018.
Enterprise Threat Protector (ETP) now includes the following enhancements:
Akamai Support Access
For debugging or troubleshooting purposes, you can temporarily grant Akamai Support administrative access to your organization’s ETP account. You can grant access for one hour, day, month, or year. This feature is available from the Utilities (Configuration > Utilities) page.
User interface update
New buttons allow you to easily apply or clear all filters on the Threat Analysis and the DNS Activity pages.
When configuring a Policy, Akamai Security and Custom Lists are now listed on separate tabs.
Enterprise Security Connector Improvements
The security connector includes a new user interface as well as new menus and settings.
A new workflow is required to set up the security connector. For example, to activate the security connector, you generate an activation code in ETP and enter this code in the security connector.
The network configuration process now requires that you apply settings for the management interface, data interface, and DNS nameservers.
A web-based console on the management interface is now available to configure network settings and perform additional operations on the virtual machine.
For more information on the setup and configuration of the security connector, see the Enterprise Threat Protector Security Connector Setup and Configuration Guide.
For customers who have IPv6 or dual-stack traffic enabled via Property Manager and who have enabled “Block the IP that triggered the threat for 10 minutes if set to Deny mode” option in their Web Application Firewall, Web Application Protector now inspects and blocks both IPv4 and IPv6 traffic.
New log format added to Log Delivery Service: IQIYI_CDN
The IQIYI_CDN log format includes the following fields: cdntype logver cdnid ghostip pcip date-time method url protocol cs(status) cs-bytes cs(Referer) cs(User-Agent) resp-time cache_status range tcpinfortt tcpinfortt_var qyid qypid
Single Sign On with SAML configuration has been redesigned with new
features to improve the configuration and overall login experience.
Integrated experience with direct login page eliminates custom
Multiple IDP support allows your users to choose the right IDP
server if you have more than one
Removal of SHA-1 message signing
Support for configuring SSO via your metadata.xml (URL or file)
After you identify the login username field, activate the
configuration and SSO is immediately available to you on the login
page. On the login page, enter your email address and the system
recognizes your active SSO configuration.
Deprecation Notice: All current customers of Single Sign On with
Luna who use a custom domain (*.luna-sp.com) will see a notification
to migrate in the new “Manage SSO with SAML” UI.
Please note that your current active SSO integrations are unaffected.
All customers with a custom domain configuration will continue to work
and you will receive an explicit notification to migrate.
Enterprise Threat Protector includes the following features and enhancements:
An ETP administrator can now enable Safe Search in a policy configuration. This feature allows you to block or prohibit adult and explicit content in search results that are completed by end users on Google or Bing search engines.
An ETP administrator can now report a domain is a potential threat and include supporting information for our analysts to review.
If an end user attempts to access a domain or IP address that is included in the Deny List, the end user is directed to an error page that indicates access to the domain is prohibited.
Protect laptops that are off-network with the Enterprise Client Connector, a DNS proxy application that you download from the ETP portal and configure for installation on enterprise users’ laptops. The Client Connector allows you to apply an ETP policy to DNS requests that are made outside the corporate network. With the Client Connector, you can detect an end user’s network conditions, send off-network DNS requests to ETP, log Client Connector activity, and identify the machine name. For information on setting up the Client Connector, see the Enterprise Threat Protector Client Connector Configuration Guide.
Identify the IP address of devices with the Enterprise Security Connector, a virtual machine that you deploy in your network to collect suspicious or malicious traffic, identify machines or laptops that are infected with malware or are making requests to malicious domains. This information is directed to the Security Connector based on the policy configuration. ETP reports on this data and allows administrators to correlate this data with threat event information. For information on setting up the Security Connector, see the Enterprise Threat Protector Security Connector Setup and Configuration Guide.