-
Planned
3
Reduce privileges for device service on Windows
Hello, When device service is installed on Windows, it installs a windows service that runs with local\system account permissions. We want to be able to run it using a ...
Comments (2) | by: Tomer A. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
5
Brute force / BOT Attack and Data leakage Prevention
A change in authentication flow can help prevent brute force bot attacks: 1. Information leakage - valid usernames & passwords discovery 2. User lockout due to bad ...
Comments (3) | by: Paul M. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
3
Native U2F Support beyond chrome browser
Since chrome support for FIDO U2F was added some time ago but now other browsers like Firefox support it as well. While it does work if enabled manually on older firefox ...
Comments (1) | by: Paul M. | over a year ago | Last activity over a year ago | Status changed over a year ago | Supported Platforms
-
Votes
2
Remember the last chain used to authenticate to the workstation
Current situation: When a user attempts to authenticate to a Windows workstation, the chains are displayed in the order that they were added in to the event in. Desired ...
Comments (1) | by: Tim S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
11
Certificate filter - Hide expired certificates
Please hide expired certificates in the "certificate list" during the PKI enrollment
Comments (2) | by: Kevin S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
1
only allow smartphone to access from the internet
Some, especially small companies, do not have a SPI-firewall or reverseproxy-server. Nobody should get access to the AA server from the internet, except...Smartphones. ...
Comments (1) | by: Sander F. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
7
Kerberos Authentication for internal AD users
It would be great, if we could allow internal AD members Kerberos integrated authentication.
Comments (3) | by: Werner H. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
4
view only admin category
In the Admin UI there's currently no way to configure a "view only" account. Therefore a new role should be introduced so that a user can login on the Admin UI to reflect ...
Comments (3) | by: Frank S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
5
Set CEF log forward policy per site
We want to forward the CEF logs to our enterprise logging solution that has data collectors all over the globe. It would be desirable to set the Syslog destination on a ...
Comments (1) | by: Tim S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
2
Multiple NAS Identifiers in a single RADIUS event
Request: We would like to assign multiple NAS Identifiers to a single RADIUS event. Use case: We have F5 BIG IP load balancer to balance RADIUS traffic to our web ...
Comments (1) | by: Tim S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
5
Extend REST-API - Assign User to existing OTP Token or Bulk import
Please add these two functions in the Rest-API 1) Assign Users to an Existing OTP Token which is imported 2) Import for OTP tokens with Serialnumber & set a flag to make ...
Comments (4) | by: Kevin S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
9
Ability to deactivate self enrollment for specific methods
In some cases it is desirable if a admin can configure that it is not possible for an user to (over)write specific methods in the self enrollment. For more flexibillity ...
Comments (1) | by: Kevin S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
4
Ability to select a 'local' export when importing a database
Current situation: When importing a database, you must define a http or ftp location of the backup. Desirable situation: When importing a database, I should be able to ...
Comments (0) | by: Tim S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Planned
6
search field for locked user for the helpdesk portal / ability to ...
It would be a good to add these two features. 1) Add search field to search for users in the locked users-list 2) If a user will be opened in the help desk (where you can ...
Comments (1) | by: Kevin S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
5
Option to hide QR Code in TOTP enrollment
It would be a good feature if there is an option to disable the QR-Code or hide the QR Code, if TOTP method is enrolled. If a user re-open an enrolled T-OTP over the ...
Comments (3) | by: Kevin S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
3
NAAF Client 5.6 should get the language for a parameter that it can be ...
NAAF Client 5.6 should get the language for a parameter that it can be changed by the end user. In our case the system locale can only be changed by the administrator and ...
Comments (1) | by: Núria B. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
1
On appliance install we ask for hostname (e.g server.domain.com). ...
Have seen many installs on POCs where customer enters hostname and not the FQDN. Maybe change on install to: FQDN hostname (e.g server.domain.com)
Comments (1) | by: Kevin P. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
2
When chains are created and user enrolls force that the chain must ...
While on POC customer enrolled Bluetooth and Proxcard. They then logged out and only had LDAP Password. They were surprised and asked if when they are chained like this ...
Comments (1) | by: Kevin P. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
2
Once a user has enrolled methods provide option to turn off LDAP ...
On a customer POC and they have Bluetooth and PIN as well as Proxcard and PIN enrolled however they still see LDAP Password as a method when logging into Desktop. They ...
Comments (2) | by: Kevin P. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
3
Set user attribute in repository after enrollment (LDAP hook)
Often AAF is working in conjunction with Identity Management / Access Management systems. In these cases it is desirable to know when users have enrolled (one or more) ...
Comments (2) | by: Mark v. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations