Enterprise Threat Protector (ETP) now includes these features and enhancements:

New user interface for a policy. A new user interface is now available for a policy configuration. Administrators can now more easily assign a policy action and the response that’s delivered to users. These changes apply:

• For an Akamai security category and a list in a policy, separate menus are provided to assign an action, the response to users, and a security connector.
• If you select the Block action, you can then select the block type in the Response to User menu. In this menu, you can select Error Page, a specific custom response, or if ETP Proxy is disabled, you can also select Refused Response. These settings allow you to apply the actions that were formerly called Block – Error Page, Custom – Response, and Block – DNS.
• To assign a Security Connector, you select the Block action and the Error Page response. After this is done, you can select a security connector from the Security Connector menu. These settings allow you to apply the action that was formerly called Block – Sinkhole. If you don’t want to assign a Security Connector to an Error Page response, in the Security Connector menu, you can select None.
• The Allow policy action is now available for custom lists and top-level domain (TLD) lists only.
• You can apply the same policy settings to all known and suspected threats associated with an Akamai security category, a custom list, or a TLD list.

For more information about configuring a policy, see the online help.

Security Connector 2.5.0 now in beta. Security Connector version 2.5.0 is now in beta and available for upgrade or download. This version allows your organization to direct malicious HTTP and HTTPS requests to Security Connector. To try version 2.5.0, contact your Akamai representative.

The latest update to the Identity Cloud Console includes the following bug fixes:

• Resolved an issue preventing permissions updates from being saved for agents with Entity Type Filters set to Limited Access in the Manage Agents section.
• Resolved an issue causing checkboxes to always submit as false on the Manage Profiles > Edit User Profile page.
• Resolved an issue with deleting plurals entries on the Manage Profiles > Edit Full Record page.
• Resolved an issue with the display and editing of settings with long values on the Edit Settings page in the Manage Properties and Manage Application sections.

Enterprise Application Access (EAA) 04/05/19 software release

The release includes new features, performance improvements, and bug fixes for EAA and EAA Client Connector products.

New features and performance improvements

EAA Connector migration:

Enterprise Application Access (EAA) connector migration. EAA connectors running on Ubuntu version 18.04 LTS is available for deployment. Akamai is requesting customers to upgrade the connectors to this release for increased security and better performance. Connectors running on Ubuntu version 14.04 LTS will be end-of-life on April 30, 2019. After this date, no security patches will be available. See Enterprise Application Access Connector Migration for best practices and migration process.

Identity capability improvements:

Responsive Mobile UI for identity provider (IdP). User can login to the IdP login portal from tablet or mobile device for better productivity.

Favorite Apps in login Portal. You can customize EAA login portal by moving the frequently accessed applications to the favorites section of the IdP login portal.

OIDC/Oauth 2.0 for Internal Apps. OpenID Connect 1.0 (OIDC) is a federated protocol that provides an identity layer that is built upon OAuth 2.0. It enables clients (applications or user agents, relying party) to verify the identity of the end user based on the authentication performed by the authorization server, or OpenID provider.

Chase Referral Support for Active Directory (AD). Organizations can have multiple Active Directory (AD) domains for different geographical regions. To sync all of the users in all groups, EAA has the global catalog server option.

Dashboard 2.0 Reports. EAA administrator can drill down to obtain detailed reports by clicking the hyperlinks on the dashboard.

New Splunk app for Admin Events. Splunk app now has access log events as well as admin events.

Access the EAA Management Portal from Control Center. Enterprise Application Access (EAA) Management Portal is accessible from the Control Center. You can manage groups and properties for your Akamai accounts and monitor, configure, resolve, and plan your products from the menu.

Login Portal languages. An EAA administrator can customize the text that appears in the Login Portal’s welcome banner, page title, legal disclaimer, username hint, password change label and new user signup label field. EAA supports text in English, German, French, Spanish, Japanese, Italian and Chinese.

Customize the Login Portal tab name in the browser. User can change the browser tab name for the Login Portal. The default tab name for the login portal of the IdP is Login in the browser window.

EAA Client Connector Enhancements:

Support for Apple Mojave OS. The EAA Client Connector runs on these operating systems (OS): * Microsoft Windows 7 or Windows 10 Enterprise (32-bit and 64-bit) * Apple macOS 10.11 El Capitan, macOS 10.12 Sierra, 10.13 High Sierra, or 10.14 Mojave

See network diagnostics in client skin. The Run Diagnostics function examines the status of the installation, connectivity, components, and configuration downloads from the EAA solution. Green check marks indicate success and red X marks indicate failure.

Save logs to local hard disk. EAA Client Connector allows the end user to save and also send a zipped version of the logs, device ID and version to the EAA administrator. The administrator can provide this information to Akamai support for troubleshooting.

Changes to configuration on-boarding. The configuration is manual to enhance security posture of the client.

Display client logs in Admin portal. The admin can click on View Logs to view all of the log types: INFO, DEBUG, and ERROR. To check a specific type of log, click Level and select the log types you want to view.

Common Interface File System (CIFS) Support. CIFS is supported in EAA Client Connector.

Self-Upgrade of EAA Client Connector. Users can check for updates in the client, and perform a self-upgrade if necessary.

Bug Fixes

Italian Email Notification enhancements. Added Italian language support email and SMS MFA templates.

Discovered apps performance improvements. Discovered apps page in client dashboard has faster performance.

Active Directory (AD) Group Search Improvement. AD group search performance is improved when admin searches for groups. Admins see faster results with less latency.

Software Design Kit (SDK) Improvements. Added all application related functionality, IdP deployment capability to the SDK.

Support for mixed IP environments. This release adds better support for both IPv4 and IPv6 environments. EAA Client Connector will fallback to IPv4, if IPv6 support is incorrectly configured in user network.

Known limitations

• When upgrading EAA Client Connector from beta to LA release (retaining the configuration), IdP page shows “reconfigure” as an option because IdP tokens have changed. It is a benign condition. This status will remain on the IdP page until the user clicks the reconfigure option and gets the new IdP token added for the LA release.This does not affect new seeding or configuration.
• When client is in disconnected state, status of the IdP page on first refresh incorrectly says “client is not installed”, the second refresh displays the right status that “client is not running”.
• When configuring the EAA Client Connector for the first time, clicking the diagnostics button may result in a configuration error while the TCP apps being configured. This is because EAA Client Connector diagnostics does not distinguish TCP with tunnel apps. As soon as all the tcp apps configured are started, all checks in diagnostics will become green. This only affects first time configuration.
• Changing MFA Helpdesk email: When the helpdesk email option is changed in System - Settings (for MFA), only the default IdP prompts to redeploy.  Any other IdP’s that have MFA enabled do not prompt “Ready for Deployment”. These can be deployed manually, but this may cause confusion for customers.
• IdP Configuring max session duration: When max session duration is configured to be less than Idle expiry – IdP deployment will fail.
• IdP portal rendering issues: When logged in user resizes the IdP portal browser window, users may experience these issues: a) EAA client download button will disappear. b) MFA registration buttons won’t work. c) User account actions such as ‘account settings, logout and change password’ will come as mobile browser.
• EAA Client Connector upgrade on Windows 7 or Windows 10: When trying to reinstall EAA Client Connector on an existing installation, upgrade may fail in cases with this error:  “There has been an error. Could not kill process with pid [pid]”. This is due to Windows OS locking the old processes. Work around is to try again and re-run the upgrade of EAA Client Connector.
• EAA Client Connector and IdP interaction: If the user closes the auth form by mistake during the authentication, user then has click re-authenticate/sync button.
• IdP default POP and configuration: When admin changes POP of the default IdP instance, corresponding directory configuration won’t be deployed the newly selected IdP POP. Customer admins can reach out Akamai support to correct the problem.
• EAA Client Connector does not support domains that use non-ASCII characters (EAAC003)
• EAA Client Connector intercepts traffic based on fully qualified domain names (FQDN) only (EAAC005)
• EAA Client Connector user interface language only supports English (EAAC012)
• EAA Client Connector may not work with forward proxies in the network (EAAC013)
• EAA Client Connector does not support Kerberos authentication (EAAC014)
• EAA Client Connector does not support Service Records (SRV) in a Domain Name System (DNS). Applications like Microsoft Exchange, which rely on this, require a VPN or corporate network.The EAA Client Connector can then access the application (EAAC022)
• EAA Client Connector does not support Extensible Messaging and Presence Protocol (XMPP) in DNS. The Pidgin application, which relies on this, requires a VPN or corporate network for this initial setup. The EAA Client Connector can then access the application (EAAC023). 
• File transfer protocol (FTP) does not work with EAA Client Connector. To work around this issue, modify the FTP server settings to select an external IP address of the firewall (or server external IP address). Provide an unroutable loopback IP like 127.50.100.1. Now the FTP client can use the server hostname instead of IP (EAAC024). 
• Client-access applications are not supported with docker-based connectors. (EAAC025)
• EAA Client Connector is not supported on macOS 10.13 High Sierra with case- sensitive Apple File System (APFS) (EAAC026)
• When an ACL rule is set to deny a user access to a client-access application, and if that user tries to access the application, the EAA Client Connector will only update the denied user’s eeaclient.log with a generic 403 error message (EAAC027)
• For tunnel-type client-access applications, if the application server is running multiple applications on the same IP address, same port, and using the same protocol, the access control list (ACL) rules might not be applied reliably and there is a vulnerability (EAAC028)
• VoIP applications like Skype have not been tested on EAA Client Connector and may have performance issues (EAAC029)
• EAA Client Connector will not work when Nmap Project’s packet sniffing (and sending) library (NPCAP) loopback adaptor is installed on a Windows machine (EAAC035). 
• The macOS firewall rule allowing EAA Client Connector traffic may be removed on Mac machines. When the machine reboots, users need to click Allow when prompted to accept incoming connections (EAAC037). 
• When you first install the EAA Client Connector on Windows, a Windows Security dialog prompts to install the network TAP driver. Click Install. Silent installation may be impacted by this limitation. To resolve the issue, deploy the TAP driver certificate before the silent install command line (EAAC040).
• EAA Client Connector zipped log files contains an empty akamai_dpclient.log. It can be ignored by user. (EAAC041)

Updates to mPulse and Real User Monitoring (RUM)

The latest Property Manager release includes the following changes for RUM customers:

• For new properties, the mPulse behavior is automatically turned on in the property configuration with a default (blank) mPulse app API key. Leaving this mPulse API key blank automatically creates a new mPulse app that corresponds to the property. After the property is active on the Akamai production network, all of your data (beacons) are directed to your mPulse app. mPulse replaces all product templates that previously had RUM as the default behavior with mPulse (with the default API key).

• If you have RUM on an existing property, and wish to use mPulse, remove the RUM behavior from the property.

• RUM and mPulse should not coexist on the same property. If you choose to use both RUM and mPulse, you need to explicitly provide an API key for the mPulse behavior. To locate the API Key of an existing mPulse app, log in to mPulse, select the mPulse app from the Home page, then click the General tab to view the API Key.

The latest update to the Identity Cloud Console includes the following features and bug fixes:

• Added individual record counts per entity type in addition to the total record count on the Manage Application page
• Moved all error messages into a single notification when multiple errors are received on a page
• Improved the way errors are highlighted on fields inside of plural entries on the Manage Profiles Edit Full Record page
• Resolved an issue with uniqueness violation errors being triggered for existing user data on the Manage Profiles Edit User Profile page
• Resolved an issue with exporting user data from the Manage Profiles page in the Console in China
• Resolved an issue loading large numbers of Console users on the Manage Agents page for applications outside of the US
• Resolved an issue preventing Customer Care Portal Agent Managers from revoking access for users with the User Profile Admin, User Profile Manager, or User Profile Viewer roles
• Resolved an issue with saving non-unicode characters in settings

This release also removes CORS support from the Configuration API.

Enhancements in Identity and Access Management Application

• If your account does not have a password policy set in the Settings tab, new users are now created with a 90-day password expiration policy instead of a 180-day expiration policy. Existing users will not be impacted by this change. It is highly encouraged that your account admins go to the Settings tab in Identity and Access Management app and set a password policy for the account.
• You can now enable or disable tracking cookies on the User Settings page.
• There are a few performance improvements and bug fixes.

Script Management Opt-In Service Worker Updates

The Service Worker served on a particular domain only updates with the latest version of the Akamai Script Management Service Worker in either of the following two instances:

• When a new version of the Property Manager configuration associated with that domain (and with the Script Management behavior enabled) activates.
• When a new version of a Script Management policy publishes within the Script Management application.

Note: The previously released SPOF reporting feature requires that you use a minimum Boomerang version of 1.621.0 as part of mPulse data collection.

The latest update for the case management release includes the following enhancements to the Case Management v2 API:

• List cases operation now returns a severity member in the response body.
• Two additional service and support levels are now supported: Plus and Advanced.

As part of our ongoing efforts to improve your reporting experience, we’re pleased to announce that the following traffic reports are now available in Luna Control Center:

• Traffic

• Traffic by Geography

• Traffic by Browser & OS

• URL Traffic

• URL Responses

• Unique Visitors

• Daily Unique Visitors

• Page Views

You can access the reports via Monitor > Reporting in Luna Control Center and under ‘Traffic Reports’ in the new Control Center.

These new reports offer a modern and personalized interface into your most important metrics and KPI’s for your delivery products. All of these reports also go paired with RESTful API access, the endpoints for which were announced in a separate release note on 24 January.

To provide better consistency between the data provided via Control Center and our RESTful API and Scheduled Reports interfaces, we’re introducing some changes to the format and composition of the data sent as part of your existing Recurring Reports. Please refer to the Scheduled Report Migration announcement for details.

For a detailed overview of where to find widgets in our new reports, as well as a format comparison for the scheduled reports, please refer to our Reporting Migration Guide.

The latest update for the Akamai University release includes:

• You may now generate discount codes while registering for training courses.
• You may now select the Contracted button while registering for training courses.