Introducing the new Kaltura iOS player plug-in v1.1

With support for the following:

- Multiple player instances - Automatic detection and reporting of advertisements - Playlists

The latest update for API Gateway includes the following features and enhancements:

New features:

• You may now access API Dashboard in Luna Control Center to view various charts with data about your APIs. The data appears with only a five-minute delay which lets you discover and troubleshoot issues proactively. (BETA ONLY)

Enhancements:

• In the API Endpoint Definition API, you may now import and re-import API definition files by making an application/json request to ease file upload.
• You may now add descriptions to OAuth scopes that you create in API Definitions.
• You may now define and validate any JWT public and private claims. You are no longer limited to using only reserved claims in a token.
• The dialog box that appears when switching from RESTful to GraphQL caching now includes clearer messaging to ease workflow.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

Update to custom lists in a policy. All custom and top-level domains lists are no longer included in a policy configuration by default. Administrators can now assign individual lists to a policy.

New user interface for Custom Lists. A new user interface is available on the Custom Lists page (Configuration > Lists). In the new design, administrators can now associate domains and IP addresses to a custom list when creating the list. Likewise, administrators can now add top-level domains when creating a top-level domains list.

Strict delegated access. When enabled for an organization, an ETP super administrator can assign a strict delegated administrator role and the locations and policies the delegated administrator is allowed to manage. A delegated administrator with restricted access can:

• create locations and policies
• manage assigned location and policies
• view events and other reporting data based on the locations and policies they can access

A strict delegated administrator cannot view locations and policies they did not create. They also cannot view other configuration areas of the product such as the Utilities page.

Support for dynamic DNS in limited availability. Dynamic DNS for a location configuration is now in limited availability. When enabled for an organization, an administrator can configure a location with a persistent DNS hostname that resolves to dynamic IP addresses. To enable this feature, contact your Akamai representative.

Property Manager Enhancements

We have improved the Property Manager UI as well as the Property Manager API (PAPI):

• View JSON - PAPI developers can now view or download the JSON for the entire configuration or for individual rules.  This takes all the guesswork and time consumption out of the complex task of writing correct PAPI JSON that will pass syntax and validation checks.  Look for the “View JSON” buttons in the Property Manager editor.
• PAPI Performance Improvements - We have improved performance for the PAPI endpoints to get an activation (for checking activation status) and list property hostnames (to see the list of hostnames and edge hostnames for the configuration).
• Edge IP Binding Fix - When adding a new hostname with Edge IP Binding turned on (which requires the Edge IP Binding optional module), the resulting edge hostname now gets the correct Edge IP Binding target automatically.
• No Caching Rules Validation Check - To prevent accidental caching of sensitive information, Property Manager now generates an error if you remove all caching rules in the configuration. 
• High Water Mark Limits for CP codes - We have re-enabled the CP code high water mark limits.  When creating CP codes from the CP Code behavior or from PAPI, you will now see how many CP codes you have available.  To get the limit increased, please reach out to your account team.
• Configuration Manager Upgrade Improvements - Configuration Manager is reaching End of Life (EOL) on June 1st of 2019.  As part of this effort, we continue to improve the automatic Property Manager upgrade process.  If you have active Configuration Manager configurations, you should have received email notifications.  For more details, please see the [CM EOL Community announcement|https://community.akamai.com/customers/s/customer-community-document/aS80f0000004CYQCA2/doccc0001535].

Log Delivery Service (LDS): GPG Decryption Provisioning

When enabling GPG encryption on your LDS configuration, a provisioning request is created automatically. You no longer have to raise a request manually with Akamai Technical Support.

Enterprise Threat Protector now protects your network from threats that target HTTP and HTTPS traffic

These features are available:

• ETP Proxy. Proxy server that intercepts suspicious HTTP and HTTPS traffic, examines the full URL in a request, and determines which websites are safe for end users to access. You can enable this feature in a policy configuration (Configuration > Policies). When ETP Proxy is enabled, you can select an action for risky domains and file sharing domains. Risky domains are domains that may be a threat because they are newly registered or discovered. File sharing domains are domains for file sharing applications or services.

• URL-based Threat Intelligence. ETP Proxy inspects the URL and, based on the policy configuration, blocks traffic that’s known to be a security threat. ETP can block traffic to a specific URL without blocking the entire domain. A new Classify policy action is also available for custom lists, risky domains, and file sharing domains. When a threat is detected, the Classify action assigns the corresponding policy action in the Akamai Security tab.

• HTTPS Traffic Analysis. ETP Proxy requires that you create an Akamai certificate or generate a certificate signing request that’s signed by your organization’s certificate authority (CA). These certificates function as TLS certificates for the ETP proxy to intercept suspicious traffic. If you are creating an Akamai certificate, you must install the root certificate on end-user machines. The certificate feature is available on the Utilities page (Configuration > Utilities > Certificates).

• Inline Payload Analysis. Feature offered with ETP Advanced Threat that enables ETP Proxy to scan downloadable content on a risky website or in a file sharing application. Multiple static analysis engines are used to scan documents and executables for zero-day threats and other attacks that are typically undetected by antivirus engines.

• New Reporting pages. New pages are available for reviewing ETP Proxy activity (Monitoring > Activity > Proxy) and network traffic that’s directed to ETP (Monitoring > Activity > Network Traffic).

• New Acceptable Use Policy (AUP). New categories and detailed subcategories are available in a policy configuration for administrators to control access to websites or specific website content.

Enterprise Application Access (EAA) 10/26/18 software release

The release includes new features, performance improvements, and EAA component bug fixes.

New features and performance improvements

User experience improvements: Login Portal (end-user) customization

  Italian Language support. The end-user portal can be configured to display content in Italian. Once enabled, the browser’s language settings are used to determine the language being displayed, and users can override the language being selected.

Customization for help desk email addresses. The help desk email address found under EAA Management Portal > System > Settings can be customized to any address the organization chooses and all references to help desk will point to the new address provided.

Organization name customization in MFA notifications. All MFA notifications are sent from “Akamai” today. This release will provide customers with the capability to customize the Organization name presented in MFA notifications.

URL for new user sign up. An optional field can be exposed in the end-user Login Portal that allows EAA administrators to customize the URL for new users to sign up.

Customization for application headers. EAA supports sending LDAP attributes as a custom header for applications.

Email Notification On/Off. EAA supports the ability to toggle system email notifications on or off from the EAA Management Portal.

Identity capability improvements

Support for Integrated Windows Authentication (IWA). IWA allows end users to single sign on to their apps by virtue of logging into their device (desktop SSO). This feature can be leveraged when users are on a trusted network. EAA supports multiple operational modes for IWA.

Authentication only based on client certificates. Provides an SSO-like experience without the need of username and passwords. Users are logged into the IdP on presenting a valid certificate.

WS-Federation with SAML 1.1 support. WS-Federation and SAML 1.1 support facilitates SAML authentication to Sharepoint.

Multi-auth support per PCI-DSS guidance. PCI-DSS 3.2 defines multi-auth capability to require traversal through all factors of authentication before a success or failure is revealed at login. EAA supports multi-auth as part of the TOTP based mutli-factor authentication workflow, which provides additional protection against brute force attacks.

Enhancements with third party IdP integration using EAA’s identity access aware capabilities

Support for EAA user workplace with third party IdP (eg.Shibboleth). EAA admins can present the EAA user workspace in conjunction with third party IdPs.

Authorization for third party IdP. Ability to leverage group information in policies when using third party IdPs, and an updated IdP deployment workflow.

EAA Management Portal Dashboard enhancements

The new dashboard provides a tiled view with actionable widgets. New tiles include OS/Browser distribution, login failure details, and user activity details.

Application off-loading when on trusted (on-prem) networks

Allows customers to define trusted networks on the basis of subnets within the IdP. When traffic comes in from a user inside a trusted network, admins can optionally allow the data path to flow directly through without being proxied via EAA. In such scenarios, EAA will still handle the authentication flow.

SIEM updates

Expanded information is provided to Splunk via the EAA Splunk app. Updates include information on response times, login event details, and resource IDs. There is no change required on the Splunk application available on Splunkbase.

Reporting enhancements

EAA users can query for a report without selecting any query parameters. EAA supports these new preset reports,

• Applications Accessed
• Applications Failed login
• Login Failure Details
• Unique Users Count

Known limitations

Italian Language Support. The EAA remote-desktop aide and EAA Management Portal will continue to display content in English regardless of language selection.

Application Templates. SaaS apps cannot have profiles assigned at this time. Only access applications can have profiles assigned.

Certificate Limitations. When an existing CA certificate is updated, applications using this certificate are not marked for deployment.

Application Off-loading when on trusted (on-prem) networks. Only web applications are supported at this time; VNC/RDP/SSH application profiles are not currently supported.

Report enhancements. IdP URL will not be shown for the Applications Accessed and Applications Failed preset reports.

IWA Error. If a user performs a save on the Advanced Settings page and goes to the deployment page they may receive an error on the IWA field if there are changes to another previously enabled IWA. The work-around is to hard-reload the browser to clear the error.

Bug fixes

These bugs were addressed and resolved in this release,

Text and displays in the EAA Management Portal

• Increased the size of the the external hostname configuration field in the  EAA Management Portal > Preview Configuration tab.
• Status tab is now Diagnostics
• Moved the sync option in the ‘Status’ tab to the ‘Advanced’ tab
• Removed the ‘Diagnostic Tools’ from the tray
• Reduced the size of the window on the EAA Management Portal > Settings page

InstallBuilder Package Code

Added support for InstallBuilder Package Code signing for MacOS and Windows 64 bit.

The latest update for Akamai Test Center includes:

• Notification emails now include a detailed summary of test runs.

• Default test definitions and test cases are created for new accounts. This feature is gated and will be available to only few customers in the beginning and released to all customers in a phased manner.

• Various stability improvements and bug fixes.

Client Connector version 2.0.4 is now in beta and available for download. This version of Client Connector protects end-user machines that are on or off the corporate network.

If your organization previously installed version 1.3.1, you can upgrade to 2.0.4. To download and test 2.0.4:

1. In the Enterprise Threat Protector (ETP) navigation menu, select Configuration > Utilities.
2. Click the Client Connector tab.
3. From the Versions Management tab, hover over Client Connector version 2.0.4 for a Windows or Mac operating system and click the download icon.

After testing and approving the connector, an administrator can choose to force an upgrade on end-user machines or allow end users to initiate an upgrade. For more information, see the ETP online help or the Enterprise Threat Protector Client Connector Configuration Guide.

Secure FTP (SFTP) for Log Delivery Service (LDS)

You can now configure secure delivery for your log deliveries via Secure FTP (SFTP) with password authentication. To enable secure delivery, select the “Send via Secure FTP” checkbox when you set up your log delivery.

Known limitations: There is currently no synchronous connectivity test during setup.