Monthly Recap

October 2024 #

• Time Context in Policy: Added time in context attributes for policies, allowing policies to be written against properties of the current time (in UTC) when authorization is performed.
• Desktop App: Updated the desktop app menu by changing the name of the menu button, adding new menu categories, and reorganizing the menu options.
• Log Stream: Added a StrongDM organization identifier to logs emitted through Log Stream.
• UK Region Support: Added support for the UK region, allowing StrongDM to be used in the UK or US; updated the documentation to include tabbed contents for each region for information related to Admin UI URLs, node installation, binary downloads, MFA configurations that use Okta Verify, and SSO configurations that use Okta.

September 2024 #

• New StrongDM Experience: Updated the Admin UI with a new left navigation menu, and updated both the Admin UI and desktop app with a refreshed layout, colors, and styling.
• Couchbase: Made the Couchbase resource type generally available in the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
• Single Session Enforcement: Added the Enforce Single Session setting, which allows admins to restrict concurrent sessions for logged-in users to a single session for the Admin UI and a single session for the desktop app.
• Email Support for Identity Sets: Added support for email addresses to pass through Identity Sets, so that all Identity Aliases in the Identity Set are the user’s corresponding email address.

August 2024 #

• Duo Device Trust Generally Available: Released support for Cisco Duo Device Trust.
• Ping Identity SSO (OIDC): Released Ping Identity SSO (OIDC).
• Kubernetes Management in Beta: Added beta support for Kubernetes Management tools, which includes Resource Discovery and Principal Bindings for Kubernetes clusters.
• CLI, SDK, and Terraform Support for PBAC: Added CLI, SDK, and Terraform support for Policy Based Action Control (PBAC), enabling admins to automate the delivery of policies into production environments.
• Enhanced StrongDM UI and UX: Announced the new StrongDM experience for the Admin UI and desktop app. Starting as early as September 10, the desktop app will have a refreshed layout, colors, and styling. Then on September 17, those changes along with updates to the left navigation menu of the Admin UI will be applied to all environments.

July 2024 #

• Policy Based Action Control Generally Available: Released Policy Based Action Control for Postgres, which allows Enterprise organizations to use policies to respond to particular actions on supported Postgres resource types. Now policy can be enacted for over 180 specific actions on Postgres resources, including CRUD operations, and can be combined with the context, MFA, and justification requirements that are available for other resource types. In addition, this release adds the Policy Editor and builder controls to the Admin UI, enabling admins to create policies in the Cedar policy language.
• Okta Verify MFA Support Generally Available: Added Okta Verify as a multi-factor authentication (MFA) option for your StrongDM users.
• Desktop App Enhancements: Updated the desktop app with usability enhancements, including a new location for the Account menu and a new option to connect to all resources.
• Customizable Loopback Ranges: Added the ability for admins to modify the loopback range available on local machines, so that resources may be assigned to a larger range of IP addresses and ports than was previously possible on only 127.0.0.1. This is significant for organizations that require more resources than the number of ports that were originally available, or around 60,000.

June 2024 #

• Policy Based Action Control in Beta: Beta for Policies includes Policy Based Action Control, which allows policies to respond to particular actions on supported resources. In addition, the beta introduces the Policy Editor that enables you to create your own policies by writing them in the Cedar policy language or by using the set of builder controls to create them easily, even if you are unfamiliar with Cedar.
• Rename of Remote Identities to Identity Aliases: Changed “Remote Identity” to “Identity Alias” and introduced Identity Sets. An Identity Alias is a username that is used when connecting to a resource, and an Identity Set is a group of Identity Aliases that are allowed to be used to connect to specific resources. Admins can now add the Identity Aliases of StrongDM users to Identity Sets, and configure resources to use those Identity Sets for connection.
• MongoDB Sharded Clusters: Added support for the MongoDB (sharded cluster) resource type with load balancing. Also expanded MongoDB support in general to cover versions 7 and 8.
• Microsoft Defender Integration for Device Trust: Added support for Microsoft Defender as a Device Trust provider.
• Multi-factor Authentication Guide: Added a guide that covers the MFA options for user authentication to StrongDM as well as options for adding MFA prompts on resource connection through policies.

May 2024 #

• Keyfactor EJBCA CA Integration for SSH: Released Keyfactor EJBCA SSH, a new third-party certificate authority (CA) integration that allows certificate-based SSH resources to authenticate using certificates issued by Keyfactor EJBCA. This third-party CA type is available for organizations that have the Enterprise plan enabled.
• HashiCorp Vault AWS Auth: Added AWS EC2-based authentication and AWS IAM-based authentication methods to HashiCorp Vault secret store integration.
• Okta Verify Multi-Factor Authentication Support in Beta: Added Okta Verify as an MFA option.

April 2024 #

• Keyfactor EJBCA CA for RDP: Released Keyfactor EJBCA RDP, a new third-party certificate authority (CA) integration that allows certificate-based RDP resources to authenticate with certificates issued by Keyfactor EJBCA. This third-party CA type is available for organizations that have the Enterprise plan enabled.

March 2024 #

• Context-Based Policy: Released context-based policy features in the Admin UI. Available to Enterprise organizations, context-based policy allows admins to require MFA or text justifications or to require approval workflows to be followed in order to allow users to access resources. Policies can consider conditions such as the geographic location of the user and the Device Trust score of the user’s machine when making access decisions.
• Approval Workflows: Released approval workflows, the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied. This release separates the approval criteria from access workflows, which enables the same approval steps to be reused by multiple workflows and/or policies. As such, organizations with workflows enabled now have two access pages in the Admin UI: Access Workflows, for defining what can be requested and by whom; and Approval Workflows, for defining approval criteria, such as auto-approval, manual approval, and so forth. Approval workflows may be created and managed in the Admin UI, CLI, and SDKs.
• Third-Party CA: Released third-party certificate authority (CA) integrations that allow Enterprise organizations to bring their own CA provider for SSH and RDP certificate generation. Third-party CA integration allows any supported CA, instead of the default Strong CA provided by StrongDM, to be used for authentication of certificate-based RDP and SSH resources. At this time, StrongDM supports the following third-party CA integrations:
  • Active Directory Certificate Services CA
  • AWS Private CA
  • Google Certificate Authority Service (CAS)
  • HashiCorp Vault CA for RDP
  • HashiCorp Vault CA for SSH
• Installers: Updated the PKG (macOS) and EXE (Windows) installers to install Virtual Networking Mode (VNM) if run with admin privilege.
• API Key and User Permission Level Enhancements: Updated the SDKs and Terraform provider to allow a user’s permission level to be modified (for example, change User to DBA, or change DBA to Team Leader). When creating an API key and selecting the Delegate scope to enable this behavior, there is a new option, Allow Changes to Admins, which is a new scope on API keys that allows admin users to be modified via the SDKs and Terraform as well. This update applies to server version 85.46.0 and higher, all SDK (Go, Java, Python, Ruby) versions 7.0.0 and higher, and Terraform provider version 8.0.0 and higher.

February 2024 #

• Explicit Routing: Released Explicit Routing, an advanced feature that allows network administrators to define their organization’s network topology by segmenting gateways, relays, and resources into explicitly declared peering groups. The CLI, SDKs, and Terraform are supported.
• Certificate-Based RDP: Released the RDP (Certificate Based) server resource type and added support for Identity Aliases.
• Certificate Authority Field: Changed the “Secret Store” property on certificate-based RDP and SSH server forms in the Admin UI to “Certificate Authority” to allow selection of a desired certificate authority (default is Strong CA).
• Updated Slack App: Updated the StrongDM integration for Slack to a new version, which offers channel-based approvals, multiple-resource requests, improved request/resource filtering, and various UI/UX improvements. Current users of the Slack app will need to reinstall it, as the new version requires additional scopes to be approved. Please note that if your organization does not update its Slack app to approve the new scopes, it will still be compatible with the latest changes and will receive the UI updates. However, users will not be able to use channel-based approvals until the app is updated.
• Log Stream Data File Format: Changed the file format and path location of replay data stored to Amazon S3 with Log Stream enabled.

January 2024 #

• Certificate Rotation: Added the Certificate Authorities page to the Admin UI, enabling Strong CA certificates to be managed and rotated.
• StrongDM Desktop Update: Updated the desktop app with various usability enhancements, including a dynamic Resource Center window that may be resized and moved anywhere on any screen.
• Installers: Added the PKG (macOS) and MSI (Windows) installers to the Download & Install page of the Admin UI.
• Fixed Duration for Access Requests: Added a fixed duration setting for access requests on the Workflows settings page of the Admin UI.
• Analytics Dashboards: Revitalized the Admin UI Reports Library with new dashboards providing in-depth analysis of access grants to resources, organization posture and risks, and more.