PortWise Access Manager and Authentication Server 4.12 is released.

neXus is proud to announce the availability of PortWise Access Manager 4.12 and PortWise Authentication Server 4.12, the latest release of the award winning product suite that ensures secure and convenient connectivity for millions of users every day.

We have been hard at work designing, implementing and packaging of the suite and can finally say that 4.12 is ready for it’s prime time. We have had a lot of help from our customers and partners in the development of the product and we want to make sure to take the opportunity to thank everyone involved. Your efforts listening to our ramblings about security and usability, your ideas and feedback from both development and from beta-tests are very, very valuable for us. Thanks!

The release is packed with new features. Most notably is the much improved reach for our authentication and identities. Both when it comes to SAML and RADIUS. We have made a lot of improvements and redesign when it comes to our saml2int compliant SAML implementation. We can act both as Identity Provider and Service Provider in the same system, how many times you want. We can also join identity federations on behalf of any backend systems. SAML federations are based on trust and the servers prove there identities using private keys and certificates. Key rotation in federations are always a hard nut to crack but we think we have managed to get key rotation under control and very easy to maintain. Both when we change keys, a federation changes keys and when servers in a federation change keys. Corporate federations and also exiting new eIDs and other types of federations are on the rise and we handle the federations in a much more intuitive way when it comes to LOA, discovery, metadata handling and we have also added special handling of force re-authentication that we look forward to seeing live in eIDs scenarios.

We get more and more questions about RADIUS and that's very existing. With the help of RADIUS we can extend our reach of our authentication to all types of network devices, everything from iPhones to mainframes. We had RADIUS support since 2003, but from the sound of our customer it's about to take off with new powers. We have updated our RADIUS support and added more details in our log and auditing systems when it comes to RADIUS so that we are ready for the storm.

Our RADIUS and SAML support gets the extra push with the help of our authentication method support. We have been involved in the standardisation work when it comes to authentication method and specially in the OATH standard. OATH lowers the total cost of ownership for organisation because tokens can be bought from anywhere, just as long as it’s OATH compliant. To honor that work we have done a lot of changes to our OATH support when it comes to HOTP and TOTP. Both HOTP and TOTP tokens can now be mixed in the same authentication method so it’s possible for all end users to use the authentication method, regardless of what type of token the user have. We have also added TOTP to our pin and password protected OATH authentication method.

The easy to use two factor authentication method Invisible Token just got even better. Invisible Token is the automatic two step authentication that the user don’t have to bother about. Invisible Token 2.0 improves usability even further by simplifying the activation process. Invisible Token 2.0  includes a new flow called Simplified Provisioning that uses a step-up flow from one factor to two factors. When Simplified Provisioning is activated on a user, the user can activate Invisible Token by just entering a username and password. The next authentication requires the Invisible Token to be activated. The end user never have to enter anything a part from username and password. If the Invisible Token is disabled or removed, PortWise 4.12, automatically fallbacks to the normal provisioning flow. Invisible Token 2.0 also includes possibilities for other persons to activate the browser. A named employee, a person with a defined phone or email address or on a user defined contact persons can received a users activation code. This enables a boss, a teacher, a parent or even an IT help desk employee to help activate the browser in an emergency logon scenario.

As icing on the cake a part from our SAML enabled eIDaaS service, it’s also now possible to run your own Swedish Mobile BankID locally.

When it comes to platform support we have added Windows 2012 as a supported platform right next to the other Windows versions and RedHat and SUSE. PortWise Access Manager have added a Windows 8 version of Access Client so that Windows desktops can access any type of corporate information using SSL VPN tunnelling.

We are proud to announced that PortWise Access Manager and Authentication Server 4.12 is released and available for download today.