• Planned

    3

    Reduce privileges for device service on Windows

    Hello, When device service is installed on Windows, it installs a windows service that runs with local\system account permissions. We want to be able to run it using a ...

  • Votes

    5

    Brute force / BOT Attack and Data leakage Prevention

    A change in authentication flow can help prevent brute force bot attacks: 1. Information leakage - valid usernames & passwords discovery 2. User lockout due to bad ...

  • Votes

    3

    Native U2F Support beyond chrome browser

    Since chrome support for FIDO U2F was added some time ago but now other browsers like Firefox support it as well. While it does work if enabled manually on older firefox ...

  • Votes

    2

    Remember the last chain used to authenticate to the workstation

    Current situation: When a user attempts to authenticate to a Windows workstation, the chains are displayed in the order that they were added in to the event in. Desired ...

  • Votes

    11

    Certificate filter - Hide expired certificates

    Please hide expired certificates in the "certificate list" during the PKI enrollment

  • Votes

    1

    only allow smartphone to access from the internet

    Some, especially small companies, do not have a SPI-firewall or reverseproxy-server. Nobody should get access to the AA server from the internet, except...Smartphones. ...

  • Votes

    7

    Kerberos Authentication for internal AD users

    It would be great, if we could allow internal AD members Kerberos integrated authentication.

  • Votes

    4

    view only admin category

    In the Admin UI there's currently no way to configure a "view only" account. Therefore a new role should be introduced so that a user can login on the Admin UI to reflect ...

  • Votes

    5

    Set CEF log forward policy per site

    We want to forward the CEF logs to our enterprise logging solution that has data collectors all over the globe. It would be desirable to set the Syslog destination on a ...

  • Votes

    2

    Multiple NAS Identifiers in a single RADIUS event

    Request: We would like to assign multiple NAS Identifiers to a single RADIUS event. Use case: We have F5 BIG IP load balancer to balance RADIUS traffic to our web ...

  • Votes

    5

    Extend REST-API - Assign User to existing OTP Token or Bulk import

    Please add these two functions in the Rest-API 1) Assign Users to an Existing OTP Token which is imported 2) Import for OTP tokens with Serialnumber & set a flag to make ...

  • Votes

    9

    Ability to deactivate self enrollment for specific methods

    In some cases it is desirable if a admin can configure that it is not possible for an user to (over)write specific methods in the self enrollment. For more flexibillity ...

  • Votes

    4

    Ability to select a 'local' export when importing a database

    Current situation: When importing a database, you must define a http or ftp location of the backup. Desirable situation: When importing a database, I should be able to ...

  • Planned

    6

    search field for locked user for the helpdesk portal / ability to ...

    It would be a good to add these two features. 1) Add search field to search for users in the locked users-list 2) If a user will be opened in the help desk (where you can ...

  • Votes

    5

    Option to hide QR Code in TOTP enrollment

    It would be a good feature if there is an option to disable the QR-Code or hide the QR Code, if TOTP method is enrolled. If a user re-open an enrolled T-OTP over the ...

  • Votes

    3

    NAAF Client 5.6 should get the language for a parameter that it can be ...

    NAAF Client 5.6 should get the language for a parameter that it can be changed by the end user. In our case the system locale can only be changed by the administrator and ...

  • Votes

    1

    On appliance install we ask for hostname (e.g server.domain.com). ...

    Have seen many installs on POCs where customer enters hostname and not the FQDN. Maybe change on install to: FQDN hostname (e.g server.domain.com)

  • Votes

    2

    When chains are created and user enrolls force that the chain must ...

    While on POC customer enrolled Bluetooth and Proxcard. They then logged out and only had LDAP Password. They were surprised and asked if when they are chained like this ...

  • Votes

    2

    Once a user has enrolled methods provide option to turn off LDAP ...

    On a customer POC and they have Bluetooth and PIN as well as Proxcard and PIN enrolled however they still see LDAP Password as a method when logging into Desktop. They ...

  • Votes

    3

    Set user attribute in repository after enrollment (LDAP hook)

    Often AAF is working in conjunction with Identity Management / Access Management systems. In these cases it is desirable to know when users have enrolled (one or more) ...