• Votes

    2

    Offline mode: Allow computer to fail open

    Currently: If a user is offline, and if he has lost/broken one authenticator (if 2FA deployed with 'something you know' + 'something you have'), he can't login to his ...

  • Votes

    1

    Syslog message when user account is locked by AAF application

    It would be beneficial to have a syslog event generated when a user account is locked by AAF using the Lockout Policy. We created a Lockout Policy designed to lock a ...

  • Votes

    5

    Allow for customization of labels when AD password is not sync

    Typically, when you change your AD password, you have a message displayed after you successfully logon (OS or Mac Logon) which indicates: ‘"Enter password for sync". We ...

  • Votes

    9

    Add a "password never expires" option for the local user repository

    We need this option for the local Admin Account. The local Admin Account's password expires as any other user account. Please add a "password never expires" option to the ...

  • Votes

    3

    implement repository search order

    In an environment with multiple repositories, it should be possible to define a search order for the repository. The first match wins should be used for authentication. ...

  • Votes

    5

    Windows Client set default Domain in config.properties

    Add an option to the Windows Client to set a default Domain in config.properties. Example: defaultDomain: DOMAINNAME Expected behaviour: The user types USERNAME (without ...

  • Votes

    6

    Support RADIUS Authentication Methods CHAP and MS-CHAP

    Our IT-Security Department forbid the usage of PAP because of severe security issues. Please support at least MS-CHAP, otherwise we can't use the AA RADIUS for our ...

  • Votes

    3

    Windows Client Debug Log logrotate

    You can enable client debug logging by setting logenabled=true in the config.properties. But the logfiles will grow and grow. Please add an option to enable some kind ...

  • Votes

    2

    Support for code obfuscation

    The idea is to provide support for code obfuscation at the SDK for mobile app's. Mainly for commercial products like DexGuard. Some costumers has internal security ...

  • Votes

    3

    Remove validation of phone numbers to check for "+"

    For the users to use the SMS OTP, AA validates the phone number when the phone number does not exist and the user enters the phone number. This validation is is done for ...

  • Votes

    4

    Dynamic SMS gateway

    If there are more than one SMS gateways being used by an organization, there needs to be a dynamic configuration available for the same. The current example can if the ...

  • Votes

    1

    Enhance shared authenticators to allow RSA Tokens.

    As stated in the online documentation, the list of authenticators that can be shared is currently limited to TOTP, HOTP, Password, Fingerprint, Card, and FIDO U2F. ...

  • Votes

    2

    Add “SecureLogin” event to list of default events in Advanced ...

    Advanced Authentication should include a generic event called “SecureLogin” in its list of default events. It would also be helpful if SecureLogin were to use this event ...

  • Votes

    2

    Offline Help Doc

    Some clients (US Federal) have systems that cannot access internet and need to see Offline Help Files. Cannot get to https://netiq.com/documentation/.

  • Votes

    5

    Help Desk "Change User"

    Currently need to click on 'username' to get to 'change user'. Not as intuitive for new users. Can it be a separate button on top to click?

  • Votes

    3

    Radius Client Method - Disable Username Management

    Make it possible to turn username management off for the radius client method. --> Via the enrollment portal the user has the ability to change the username that is ...

  • Votes

    9

    Smartphone App: copy the OTP code to the clipboard

    By tapping the OTP code it is possible to copy the OTP code to the clipboard so it is easy to paste in other apps.

  • Votes

    5

    Disable/remove save button when (smartphone) method is enrolled, ...

    The save button is confusing for users if the method is already enrolled. Deleting an re-adding the method is easier to explain to users, especially if "Enroll TOTP ...

  • Votes

    3

    Allow multifactor when enrolling smartphone via /smartphone/enroll url ...

    As an Administrator of AAf, admin should be able to add MFA for direct smartphone enrollment url as well. Currently, the product (AAf 6.2) support direct smartphone ...

  • Votes

    5

    Support for Configuring SMS Sender Policy Using a JSON Body or CURL ...

    Currently when configuring the SMS Sender policy we only support submitting parameters in the http request URL. I was working with a customer that uses Avaya as their ...