News

October 18, 2023

Maintenance release – PhenixID Authentication Services (PAS) 4.7.1

This new release includes defect fixes and addition of minor functtions for the 4.7 release, and is recommended for all 4.7 installations.

Bug fixes

The 4.7.1 release includes the following fixes

PHX-2963 resp_attributes type 6 (Service-Type) value returned incorrectly

Service-Type attribute in RADIUS always returned the wrong value.
Now updated and the Service-Type attribute can now be set using PropertyAddValve
PHX-3030 Wrong language is show in PSS if brower is set to Swedish

If Chromium based browser have Swedish as default language, the Password Selfservice service would show a mix of English and Swedish
PHX-3068 Signing, OCSP/CRL: Incorrect validation

Validation of OSCP/CRL tokens failes since wrong value is compared
PHX-3110 BankID – 400 response when signing gives Java error

BankIDSignValve and BankIDCollectValve woudl generate a java error if BankID returns a 400 response.
The solution also includes an update where the errorcode of the 400 response is forwarded to the application
PHX-3122 IOS redirect to native browser when using non native browser

Independent of which browser is used when initiating a BankID authentication, iOS devices will redirected back to default web browser
PHX-3170 Add loginhint to OIDC to auth-request

Support for “login_hint” in OIDC auth-request is missing
PHX-3188 Clear “SAMLSignApproved” with the rest of the SAML attributes on a new SAMLRequest

Attribute SAMLSignApproved is not cleared
PHX-3189 validateSchema for SAML SignMessage causes freeze/crash in some environments

validateSchema function in SAMLAuthRequestDecoder freezes/chrashes, preventing SignMessage to be parsed

New/updated features

PHX-3021 Add support for basic authorization in bankid proxy module

Support basic authorization header in BankID proxy/api
PHX-3102 SithsEidCollectAuthenticationStatusValve that returns Inera response intact as json

Return the intact Inera response as json
PHX-3108 BankID 6.0 Phoneauth via proxy/api

Phoneauth endpoint according to BankID 6.0 added in BankID proxy/api
PHX-3112 OpenID Connect Session Management 1.0

Support for OpenID Connect Session management 1.0 implemented
PHX-3126 Add BankIDPhoneSignValve

Add BankIDPhoneSignValve according to BankID 6.0
PHX-3127 Make it possible to expand requirement from request in BankIDAuthenticateValve and BankIDSignValve

Add the possibility to add requirements in a request when using HTTP API with BankID valves
PHX-3171 BankID 6.0 Phonesign via proxy/api

Add Phonesign endpoint according to BankID 6.0 to BankID proxy/api
PHX-3187 Make AssertionConsumer strict scoped attribute validation option

Let the administrator decide by config if AssertionConsumer should use strict scoped valdiation or not

See patch release information for 4.7.1 and read the full release notes for PhenixID Authentication Services 4.7 here:

September 20, 2023

PhenixID – New Release: Identity Provisioning 6.3.3

PhenixID is proud to announce the new release of PhenixID Identity Provisioning (PIP) 6.3.3. The new releases improves the stability, compatibility, and security of your solution, and is recommended for all installations.

MAINTENANCE RELEASE

IMPROVED FUNCTIONALITY

PIP-721 Add a body option to the REST DELETE Handler action
REST DELETE Handler now have the possibility to include a body to the delete requests
PIP-723 Add a Copy post action
Select a post in the LDAP tree that you want to create an copy of and point to the OU where the copy should be saved
PIP-731 Improve SQL action to handle errors
Any errors in a SQL write action is now also included as an attribute in the return value of the action

BUG FIXES

PIP-720 Syntax Attribute Validation is not emptied after a successful syntax is read
PIP-722 Retrieving large multivalues will eventually take the enumerating LDAP connection, causing corruption and closed LDAP connection
PIP-724 WriteToLDAP: Not always setting error attribute on failure
PIP-725 Policy Debugger: Large text attributes are slow to render
PIP-726 Settings multiple schedules from policy tab does not get saved
PIP-727 Import objects dialog: No error handling for missing icons
PIP-729 Import Prefix writes to Schedule reassign
PIP-732 Write to LDAP action sometimes does not write Binary to ldap
PIP-735 Session transmitter does not work

Read the full release notes for Identity Provisioning 6.3.3 here

August 31, 2023

New Release: PhenixID Signing Workflow 2.3.0

PhenixID Signing Services Workflow 2.3.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.

HIGHLIGHTS

The highlights for the 2.3 release includes the ability to delete signing errands and the possibility to anonymize the information about a specific user (GDPR compliance)

Deleting errands

All errands are saved in the SWF database for future reference, althought the actula document can be deleted after a configured lifetime. Organizations might have policiys to delete information about digital errands after a specific time. It could also be that errands that arent successul (maybe someone refused to sign) chould be removed right away to avide clutter. Added in 2.3 there are 3 different ways to delete an errand

Scheduled jobs – configure the lifetime of errands for a specific state
Delete signing errand via GUI
Delete siging errand via API

Anonymizing signer

Siging errands in SWF database include information about the people set to sign, information that could include AD usernaname, e-mail address or social security number (“personnummer”). General Data Protection Regulation (GDPR) adopted by European Union in 2016 regulates the use and ownership of personal data. It includes the right for any person to be forgotten and have their information removed from any data storage.

To help the administrator to comply with GDRP, SWF 2.3.0 includes the possibility to anomynize a user. The administrator can execue a job to anonymize a user based on either UUID, personnummer, username or email address. At anonymization, errans including the user that has asked to be forgotten are updated and all information about this user are replaced with “anonymized”, however still present in the errand database. For example, a errand including users john.doe and jane.doe, where john.doe is anonymized will still be present but when opened it says that the signers are “jone.doe” and “anonymized”.

IMPROVED FUNCTIONS

In addition, several features have received minor improvement including:

Added additional Java arguments for Hazelcast in the startup scripts to get the best performance results
Set notifyUser parameter via API
Minor GUI improvements

BUG FIXES

IGA-434 Can’t change language
IGA-438 Empty defaultLanguage config value cause crash

Read the full release notes for Signing Workflow 2.3.0 here

August 29, 2023

New Release – PhenixID Authentication Services (PAS) 4.7

PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 4.7. The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.

HIGHLIGHTS

The highlights for the 4.7 release include support for BankID RP-API v6.0, support for new Skolfedartion and multiple SAML updates.

BankID Säker Start RP-API v6.0

PAS 4.7 now have support for BankID RP-API v6.0 released mid May. This release is part of BankID “Säker Start” to improve security for BankID users by removing support of starting a BankID transaction where the user fills in their Personnummer. Services should instead use QR Code or Autostart, both already supported by PAS in earlier versions. It is strongly recommended to update to RP-API v6.0, by updating to PAS 4.7, since BankID will end support for earlier versions already May 1st 2024

PAS 4.7 supports both new v6.0 and previous version, making it possible for the administrator to migrate to v6.0 in a controlled and secure manner. PhenixID will help with guides on best-practice for migration. Don’t hesitate to contact PhenixID for more information about BankID Säker Start and what is needed on the service

Skolfederation

In March, Skolfederation together with Internetstiftelsen released a new version of Technical Profile for SAML WebSSO for Skolfederation. PAS 4.7 release complies with this new profile and are ready to be used for all entities connected to Skolfederation

SAML and EFOS

Several updates for the SAML protocol has been added to fully comply with the EFOS specification. These updates are generic and will be beneficial for all SAML installations

Improved functions

In addition, several features have received minor improvement including:

MyApps have been updated to comply with WCAG
Improved error handling using authenticators
Improved debug logging for HTTP valves

Miscellaneous bug fixes

Defect fixes recommended for all users, including

PHX-2899 Internal SAML: Entity not found
PHX-3029 Dispatch based on query string in OIDCToSAMLBroker
PHX-3047 FrejaEID login on same device does not take you back to the original app after auth
PHX-3083 EFOS – SAMLResponse must be signed
PHX-3084 EFOS – Include information on what failed to validate
PHX-3086 EFOS – Error in SAMLAuthSigning documentation
PHX-3087 EFOS – SAMLAuthForSigning error when not logged in
PHX-3088 EFOS – PrincipalSelection value missing in SAMLAuthForSigning
PHX-3089 EFOS – signMessageDigest addtribute always added – not documented
PHX-3090 EFOS – Encrypted signMessage doesnt work
PHX-3091 EFOS – PAS crash when Assertion is encryted and signed
PHX-3092 EFOS – Config example for solution missing
PHX-3094 EFOS – Requestedauthncontext missing if no dispatcher
PHX-3095 EFOS – Multiple AuthnContextClassRef
PHX-3096 EFOS – AssertionConsumerServiceURL fail for LOA4/HOK
PHX-3097 EFOS – Holder-of-Key generates validation error

Read the full release notes for Authentication Services here:

June 30, 2023

Patch Release – PhenixID Authentication Services (PAS) 4.6.2

This new release includes defect fixes for the 4.6 release, and is recommended for all 4.6 installations.

Bug fixes

The 4.6.2 release includes the following fixes

PHX-3037 Add PKCE support to the OIDC RP Relay authenticator

Now supports PKCE when acting as Relying Party in OIDC. See documentation of Open ID Connect Relying Party under Authenticators for how to enable in your setup
PHX-3049 WCAG MyApps

MyApps GUI now updated to align with WCAG 2.1
PHX-3100 XML Parser security improvments

Updated handling of XML parsing
PHX-3104 OIDCToSAMLBroker when session already available

OIDCToSAMLBroker returns login data when an authenticated OIDC session already exists and prompt is set to “none”

See patch release information for 4.6.2 and read the full release notes for Authentication Services 4.6 here:

June 21, 2023

Patch Release – PhenixID Authentication Services (PAS) 4.6.1

This new release includes defect fixes for the 4.6 release, and is recommended for all 4.6 installations.

Bug fixes

The 4.6.1 release includes the following fixes

PHX-3010 Add success URL redirect option to SithsEID

SithsEID now includes the possibility to configure success URL
PHX-3024 SithsEidSignValve is not working in PAS 4.6

Issue resolved
PHX-3051 Signing broken using HSM

Problem when using HSM for signing now resolved
PHX-3064 SAML Request security improvements

Security improvements when processing SAML requests

PHX-3070 The OIDCToSAMLBroker does not handle prompt=none

Issue resolved. If parameter prompt is set to value “none”, no user interaction is needed

See patch release information for 4.6.1 and read the full release notes for Authentication Services 4.6 here:

April 19, 2023

New Release – PhenixID Authentication Services (PAS) 4.6

PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 4.6. The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.

HIGHLIGHTS

The highlights for the 4.6 release include updated HTTP API for BankID, Freja eID and SITHS, addition of Freja eID in “verify user” template and valves for BankID SIGN with QR code support.

BankID QR code support via HTTP API
Updated BankID logotype accorinding to BankIDs new release
Freja eID QR code support via HTTP API
Freja eID can now be used in the Verify User template
Use SITHS-eID as API authenticator
Possibility to disable appswitching in BankID authenticator scenarios

Improved functions

In addition, several features have received minor improvement including:

Key rollover for SAML Service Provider Authenticators
Secured sensitive endpoints as default
Added support for dynamically setting Assertion Consumer Service URL in the AuthNRequest for SAML Service Provider Authenticators
Disabled support for TLS versions prior TLS 1.2

Miscellaneous bug fixes

Defect fixes recommended for all users, including

PHX-2995 – Fixed PDF preview rendering issues while zooming and changing page
PHX-3003 – Resolved HSQLDB backup issues using default backup location
PHX-3007 – Mitigated cross-site scripting vulnerability

Read the full release notes for Authentication Services here:

April 5, 2023

PhenixID – New Release: Signing Workflow 2.2.0

PhenixID Signing Services Workflow 2.2.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.

HIGHLIGHTS

The highlights for the 2.2 release includes the addition of Admin user role and the possibility to use Tags on errands

Admin user

In previous versions of SWF, there was two different roles for users:

Signers who is allowed to sign documents in errands assigned to them
Solicitors – apart from the same permissions as the signer – is allowed to create and manage siging errands

But what do you do if a specific Solicitor gets unavailable (for example gone on vacation or sick leave) and you need to handle a specific errand belonging to that Solicitor? The SWF 2.2 release includes a new role, admin, which can perform everything a Solicitor can do but also manage all errands created by any Solicitor. Simply put, a specific Solicitor can only see errands he/she has created while a admin user can see both errands created him/herself but also errands created by other Solicitors.

Tags

Some information might be available at creation of an errand, but isnt really applicable until the errand has finished. As an example, at create you might know that this document that is signed is a employment contract or you have information that this document should be archived in a specific archive. When the errand has been signed by all signers decisions should be made depending on that earlier information. Using the earlier examples, the employment contract should be sent to HR and the archive intended might mean that the document should be saved on a specific location.

This release introduces the use of Tags. Tags is a way to save information through the lifetime of the errand. At creationg Tags can be set and the settins of these tags can then be read until the errand is deleted. This could be specificaly benefitial when using the API to create and query errands. At completetion the script that implements the use of SWF API can querry about the tag settings and use that information to take decisions

IMPROVED FUNCTIONS

In addition, several features have received minor improvement including:

Possibility to control the format of a Swedish personnummer. If forcing the format ot 12 digits the administrator of the system can always be sure that the return value from for example BankID or Freja eID can always be matched with the solicitors input
Generic GUI improvments for increased usability

BUG FIXES

IGA-402 Setting expire date manually sets expire date one day before actual setting
IGA-412 Admin list filter and nav not visible when filtering

Read the full release notes for Signing Workflow 2.2 here

March 8, 2023

PhenixID – New Release: Identity Provisioning 6.3.2

PhenixID is proud to announce the new release of PhenixID Identity Provisioning (PIP) 6.3.2. The new releases improves the stability, compatibility, and security of your solution, and is recommended for all installations.

MAINTENANCE RELEASE

BUG FIXES

PIP-710 Three view showing incorrect states
PIP-711 Actions interface does not synch changed objects
PIP-712 Common Connection Pool unstable
PIP-713 LDAP Query: Binary attributes not working
PIP-714 Policy Runner: DEBUG logging stops snooping
PIP-715 Run Policy: Mapping parameters wrong

Read the full release notes for Identity Provisioning 6.3.2 here

March 1, 2023

New Release – OneTouch for iOS and Android

PhenixID is proud to announce the new release of PhenixID OneTouch for iOS and Android. The new release improves the stability, compatibility, and security of your solution, and is recommended for all users.

HIGHLIGHTS

The latest OneTouch release includes:

Dark mode support
Adaption to iOS and Android graphical user interface framework
Profile cards updates
Miscellaneous user interface updates

This latest version (5.1.1 for iOS and 5.2.3 for Android) are available in the on the following platforms:

iOS 12 or later
Android Lollipop (Android version 5) or later

Apps available for download here:

January 26, 2023

PhenixID – New Release: Identity Provisioning 6.2.2

PhenixID is proud to announce the new release of PhenixID Identity Provisioning (PIP) 6.2.2. The new releases improves the stability, compatibility, and security of your solution, and is recommended for all installations.

HIGHLIGHTS

IMPROVED GENERIC WORKFLOW

Addition and updates of features to improve the workflow for the administrator working with the tool daily. This helps that administrator to complete tasks simpler and faster. Updates include

Now possible to sort multivalues in session attributes
Actions are always sorted by categories (user are free to decide the category of a specific action)
Import objects dialog can now be set to (default selected) to hide objects that are identical to objects already existing in the configuration
New action that will remove duplicate multivalues in selected attributes

POLICIES

Enforcement of explicit policies sorting now available – possible to prioritize policies used frequently.
The actions tab on a policy will now allow selection of and operating on multiple actions simultaneously.

DATA SOURCES

When working with a file data source (CSV), its now possible to decide if whitespaces should be remover or kept.
For the LDAP data source, it is now possible to configure a number of maximal attempts to try connecting before failing hard.

LIBRARIES

Identity Provisioning is now tested and bundled with java 17.0.4_1 from Azul, and the release contains several other fixes that are recommended for all customers.

The SOAP library has been updated from Axis1 to Axis2, mainly for hosting of SOAP web services

Miscellaneous bug fixes

Bugfixes and updates of current featureset

Read the full release notes for Identity Provisioning 6.2.2 here, Identity Provisioning 6.2.1 here, and Identity Provisioning 6.2.0 here

March 1, 2022

PhenixID Authentication Services – Ny release 4.3

Nya versionen i korthet:

Utökade möjligheter för logging

Varje autentisering loggar nu Trace ID om konfigurerat
Utökad loggning för SAML
Utökad loggning för BankID & SITHS eID

Nyheter i Elektroniska Underskrifter

Editerbar font och längd på den synliga signaturen
Ny lokalisering av PDF- förhandsgranska
Gränssnittsuppdateringar i enlighet med tillgänglighetsdirektivet, WCAG

Uppdateringar för Svenska eID’n

BankID (backend and frontend)
Freja e-ID
SITHS e-ID

Windows inloggning

Använd eID eller andra tredjepartsmetoder för webbinloggning mot Windows 10 & 11 enheter

I 4.3 kan alla MFA metoder som PhenixID har stöd för användas. Läs mer här

Flera nya integrationer

Läs mer:

In English

Highlights:

Extended Logging Capabilities

Every authenticator now logs using Trace ID if configured.
Added granularity for SAML logging
Added granularity for BankID & SITHS eID logging

New features in Electronic Signatures

Custom fonts and length of visual signatures
New localisation of the PDF- preview
UI updates in regards to Web Content Accessibility Guidelines, WCAG.

Swedish eID updates

BankID (backend and frontend)
Freja e-ID
SITHS e-ID

Windows web sign-in

Enable web sign-in for Windows 10 & 11 devices. Any MFA method that are supported from PhenixID Authentication Services can be used. Read more here

Several new integrations

December 16, 2021

SWEDISH: Elektroniska underskrifter – ny release

PhenixID Signing Services Workflow 1.13 improves the stability, compatibility and security of your solution, and is recommended for all installations.

NY VERSION AV:

MED PRIORITERAD WORKFLOW!

Elektroniska underskrifter har under året blivit en av det mest konkreta exemplen på digitaliseringens framfart. Organisationer inom både offentlig och privat sektor vill hitta lösningar som kan fungera tillsammans med befintlig IT-infrastruktur.

Produkten vi släppte tidigare i år har fått nya funktioner som ytterligare ska underlätta för elektroniska underskrifter både individuellt och i så kallat workflow.

NYA FUNKTIONER

Skräddarsy ordningen av undertecknare för varje ärende genom att ange en prioritet för grupper av personer som elektroniskt ska signera en handling. Alla processer för meddelanden och påminnelser stöds för en sekventiell ordning av undertecknare.

PDF/A-1a validering

Då en EU-godkänd elektronisk PDF-dokument ska vara av fil-formatet PDF/A-1a har vi underlättat hantering av dessa dokument. Vid uppladdningstillfället valideras att formatet på PDF-dokumentet alternativ informerar slutanvändaren att dokumentet inte är av korrekt PDF-format.

MER…

Personer delaktiga i ett ärende får påminnelse/notifiering innan förfallodatum infaller.

Möjlighet att skräddarsy Ämne och Meddelande som ska gå ut tillsammans med ärendet.

Uppgraderat Log4j2 bibliotek med anledning av CVE-2021-4422

NYA INTEGRATIONER

Läs alla release notes för Elektroniska underskrift – Workflow här

PhenixId Signing Workflow fullständiga dokumentation finns här

Se video från YouTube-kanal “Elektroniska underskrifter – Demo av workflow”

Se PhenixID’s Produktutbildningar här

August 19, 2021

PhenixID Authentication Services – New release 4.1

PhenixID are proud to announce the new release of PhenixID Authentication Services (4.1) that improves the stability, compatibility and security of your solution, and is recommended for all installations. The new release contains several new features both for administrators and end users.

PAS now includes full support för FIDO2.

Benefits for the organisation

Users can associate their FIDO2 tokens with their organizational userID. The user only needs to activate the FIDO token once (to PhenixID Authentication Services) instead of activating it for every service/application used.
All services/applications can connect to PhenixID Authentication Services using standard protocols (SAML2, OIDC) to consume FIDO authentication.
No need for applications/services to develop own FIDO2 support.

Enrollment portal for handling of tokens

Self-enrollment of FIDO2 tokens
Self-administration of FIDO2 tokens
Delegated administration of FIDO2 tokens

One Touch quick mode for Apple Watch / Android Wear.

One Touch quick mode enables the functionality to confirm/reject assignments directly from the push notification message on the device.

PhenixID Authentication Services 4.1 have support to use Apple Watch together with One Touch for strong authentication. This functionality works also on devices that are based on Android Wear.

SITHS eID

New SITHS valves. Allows for authentication through API.

Several new integrations

OpenID Certification

The OpenID Foundation enables organisations to be certified to specific conformance profiles to promote interoperability among implementations.

PhenixID have achieved certifications for these OpenID Provider conformance profiles:

Basic OP
Config OP
Form POST OP

https://openid.net/certification/

WCAG

Improved functionality for WCAG (Web Content Accessibility Guidelines).

WCAG updates for all authenticator templates
WCAG updates for Password Self Service UI. Improved functionality in regards to the WCAG

Read full release notes here

PhenixID Authentication Services Product Page

SWEDISH

Vi på PhenixID är stolta att presentera vår senaste version av PhenixID Authentication Services (PAS 4.1) som bl.a. tillför ökad kompatibilitet, stabilitet och säkerhet till era installationer, den är rekommenderad till alla installationer. Versionen innehåller uppdateringar för både slutanvändare samt administratörer

PAS innehåller nu fullt stöd för FIDO2

Fördelar för organisationen

Användare kan aktivera sina FIDO2-enheter med sitt organisatoriska användarID.
Användaren behöver bara aktivera en FIDO2-token en gång (till PhenixID Authentication Services) istället för att aktivera den för varje tjänst som används.
Alla tjänster/applikationer kan ansluta till PhenixID Authentication Services med standardprotokoll för federation (SAML2, OIDC) för att använda FIDO2 som autentiseringsmetod
Inget behov av applikationer/tjänster för att utveckla eget stöd för FIDO2

Portal för enkel aktivering

Självservicesportal – Användaren kan aktivera sina tokens på ett säkert sätt
Självserviceadministration – visa och inaktivera FIDO2-tokens
Delegerad administration –Administratörer kan hantera flera autentiseringsmetoder för användare inklusive FIDO2

One Touch quick mode för Apple Watch / Android Wear

“Quick mode” med One Touch gör det nu möjligt att bekräfta/avvisa notifieringar angående autentisering direkt via push-meddelandet på enheten.

PhenixID Authentication Services 4.1 har stöd för att använda Apple Watch tillsammans med One Touch för stark autentisering. Den här funktionen fungerar också på enheter som är baserade på Android Wear.

SITHS eID

Nytt SITHS-valv som möjliggör autentisering via API.

Flera nya integrationer

PhenixID uppnått OIDC certifiering

OpenID Foundation gör det möjligt för organisationer att bli certifierade för specifika profiler för att främja interoperabilitet mellan implementeringar.

PhenixID har uppnått certifieringar för dessa OpenID Provider profiler:

Basic OP
Config OP
Form POST OP

https://openid.net/certification/

WCAG

Förbättringsarbete enligt WCAG (Web Content Accessibility Guidelines).

WCAG-uppdateringar för alla inloggningsmallar
WCAG-uppdateringar för gränssnittet i Password Self Service.

Läs alla tekniska nyheter här

PhenixID Authentication Services Produktsida

June 11, 2021

PhenixID – Checklista för digitala identiteter

Planera för hösten redan nu genom att lära av andra och deras erfarenheter kring hantering av digitala identiteter. Nedan visar vi ett antal användarfall som kanske kan göra din vardag enklare, säkrare och med stor sannolikhet billigare.

Ta bort lösenordet

Lösenord som användare ska komma ihåg är inte en del av framtiden även om det är en del av nutiden. Säker inloggning kan genom att använda andra metoder än lösenordet. Kontakta oss så berättar vi mer om vår erfarenhet kring lösenordsfira miljöer där man inte tummat på säkerheten.

“Självhjälpslösenordsåterställarapplikation” 🙂

I vissa scenarion så är och kommer lösenord vara närvarande ett par år till. Då är det viktigt att säker återställning av glömda lösenord kan ske smidigt och effektivt.
Läs mer hur Password Self Service kan få bort kostsamma tidskrävande processer.

Delegerad administration i skolan

Det finns inom skolan ofta en obalans när det kommer till ‘vem som vet’ och ‘vem som har möjlighet’ att skapa och administrera konton. IT-avdelningen blir inte sällan en flaskhals av tidskrävande administration samtidigt som pedagoger kan känna en maktlöshet kring att äga sitt digitala klassrum.
Kontakta oss så beskriver vi olika lösningar som är anpassade för skolverksamhet där rätt person gör rätt saker.

Digital inventering över användare och deras status

Ett bra varulager kräver bra processer och regelbundna inventeringar. Detsamma gäller digitala lagringsytor och processer. Vi hjälper våra kunder sätta upp digital inventering i alla olika datakällor som lagrar identiteter.
Kontakta oss för en inventeringsdemo.

Låt resursägare ändra själv

För att lyckas med digitaliseringen så bör resursägare, applikationsägare eller personalansvariga själva ha möjligheten att ändra data som de är ägare till, istället för att be IT om hjälp. Det kan gälla audit, eller hantering av access m.m.

Skapa smidiga beställare/godkännare-flöden för identiteter

Ett aktuellt ämne gällande digitalisering är processen kring förändringar av identitetsdata. För att optimera din verksamhet så behöver dessa flöden vara enkla att använda samtidigt som de behöver vara heltäckande. Se denna film för hur detta skulle kunna gå till.

Låt användare logga in EN gång

Att användare ska behöva komma ihåg konton och lösenord till en organisations alla tjänster är svårt och kostsamt. För att lösa detta kan du se till att alla tjänster litar på samma centrala punkt (en IDP) som hanterar inloggning för allt och alla samt möjliggöra Single Sign-On. Då kan ni spara kostnader samt öka både säkerhet och användarvänlighet.

April 8, 2021

New Release: PhenixID Identity Manager 5.6.0

PhenixID are proud to announce a new release of PhenixID Identity Manager (PIM) 5.6.0. The web-based delegated management tool have several user experience updates as well as back-end improvements.

The new release improves the stability, compatibility and security of your solution, and is recommended for all installations.

Highlights:

WCAG

Web Content Accessibility Guidelines (WCAG). PhenixID continuously improve PhenixID Identity Manager to be more accessible to people with disabilities.

Improvements for this specific release contains navigation assistance and structural code adjustments to furthermore clarify where in a form you are if you for instance are navigating without a mouse. One noteworthy iteration has to do with be more descriptive with HTML labels that is more WCAG friendly instead of web code structured in divisions (div). See video below.

Important note!
Since changes are made (see release notes) the appearance in a form might look a little bit different. The idea is to make all control work the same and have the same features seen from a WCAG perspective. Verify all forms where you have controls listed in the release notes to verify they look the same.

Create your own custom view

It now possible for any customer to create their own custom view. The customised view will be an additional tab for authorised users.

See video below.

Assign a form to a predefined search

It is now possible to add a restriction filter to a predefined search. When selecting a user from the result set only a specified form will be displayed. See video below.

Read full release notes here

See all our Online Courses here

PhenixID Identity Manager (4-5 MAY)
PhenixID Authentication Services (26-27 MAY)
PhenixID Signing Services (28 MAY)
PhenixID Identity Provisioning (18-19 MAY)
Master class – Delegated access and identity (OAuth and OpenID Connect) (11 MAY)
Master class – Identity Federation (SAML2) (11 MAY)
Master Class – PIM integration with PIP (20 MAY)
Master Class – PIM integration with PIP (TBD)

January 20, 2021

New Release: PhenixID Authentication Services 4.0

PhenixID are proud to announce the new major release of PhenixID Authentication Services 4.0. The new release contains several new features both for administrators and end users.

Highlights:

User experience

We have extended versatility to our PhenixID One Touch client (that is included in the offering) to do anonymous assignments/or QR-code login to diversify end-user friendly log in methods. This enables a higher security posture since no username or password is exposed! See video below:

Furthermore the PhenixID One Touch client now supports “on same device app- switching” for a smooth user journey.

Reporting, Audit, Visibility

In our continuous efforts to add system intelligence and awareness we have implemented a heartbeat responder in order to assure the system is responding.

A popular logging feature that we now have added is trace_ID to make it easier to follow an authentication from start to end from a log perspective.

SITHS eID (Swedish only)

En video som visar inloggning via PhenixID Authentication Services med Inera´s nya SITHS eID som inloggningsmetod.

Metoder som används i filmen:

Dator – SITHS-kort
Dator – Mobilt SITHS eID
Telefon – Mobilt SITHS eID

PhenixID MFA adapter integration med Microsoft ADFS för Inera´s nya SITHS eID metoder för autentisering. Inloggningen i denna film sker genom att använda metoden QR-kod.

QR-kod på dator
QR-kod på mobil.

Extended database handling

As the industry keeps pushing for a smooth and resource efficient environment we have from this release decided to further unlock tailor options.
With this release it is now possible to separate different parts of the authentication flow and utilize different data source setups. The new improved design will help administrators to tailor their database setup.

For upgrade assistance, please contact PhenixID Support or read the 4.0 Upgrade Guide.

See all new features in this release

See all our Online Courses here

PhenixID Identity Manager (27-28 JAN)
PhenixID Authentication Services (17-18 FEB)
PhenixID Signing Services (19 FEB)
PhenixID Identity Provisioning (10-11 FEB)
Master class – Delegated access and identity (OAuth and OpenID Connect) (12 FEB)
Master class – Identity Federation (SAML2) (3 FEB)
Master Class – PIM integration with PIP (25 FEB)

Resent PAS integrations resources

June 10, 2020

New release: PhenixID Identity Manager 5.4.2

PhenixID are proud to announce two new releases of PhenixID Identity Manager (PIM) 5.4.1 & 5.4.2.

The new releases improve the stability, compatibility and security of your solution, and is recommended for all installations.

Highlights:

1. New Identity Manager View – SQL Grid

This will add a new view to an IM role and show a grid of an SQL query.

For more information, please read PSD1153

2. Linked List Custom Control

A new custom control is created to support drop down lists to integrate with each other.

Use case: You have a drop down list where you for example can select different companies. If you select for example company PhenixID then that value is sent to other drop down lists and trigger what to display in those underlying lists.

For more information, please read PSD1147

3. Support For AES Encryption

Different types of data that needs to be encrypted, for example the password for the IM service account. If you like to encrypt attributes, or any other data, you can now use AES-128 to do this, functionality added in version 5.4.1 of PIM.

For more information, please read PSD1142

4. Custom Mandatory Popups

If you have a create or an edit form where some control is set as mandatory. PIM includes a mandatory parameter to set for these information fields. The control has however a standard popup which links to the attribute which can in some cases be misleading for the user.

PIM now has a filter that can be used instead of the mandatory checkbox which you can use to create your own custom popups.

For more information this, please read PSD1150

5. Update Of Bundled Apache Tomcat

We always try to stay in sync with current Tomcat releases. Since the Ghost Cat bug was discovered we have updated Tomcat to 8.5.53 form the 5.4.1 release. Ghost Cat bug had to do with vulnerability using the AJP connector, PIM can in some scenarios use AJP with Microsoft IIS.

For more information about Ghost Cat bug, please read TrendMicroBloggGhostCat

We have also updated our recommendations regarding the use of AJP with IIS. If you are using AJP and are upgrading to IM 5.4.1 you need to read PSD1079 for configuration changes.

Read full Release notes here: 5.4.1 & 5.4.2

More information about Identity Manager can be found here

Link to playlist YouTube

April 23, 2020

PhenixID Identity Provisioning 5.1

PhenixID are proud to announce the new major release of PhenixID Identity Provisioning 5.1.0. The new release improves the stability, compatibility and security of your solution, and is recommended for all installations.

Highlights:

Added Features

Possibility to use password encryption using AES Encryption
Import schedule using reassign rule
Added support for sorting global parameters
Support for SMTP with TLS 1.2

New Actions

1. Added a number of actions to handle information from or to Json objects

- Convert Json To Structured Csv
- Convert Structured Csv To Json
- Convert Json To Session Attributes
- Create Json Object
- Handle Json Array
- Rest Post Handler

2. Microsoft Dynamics CRM Actions

Use PhenixID Identity Provisioning to setup automatic user provisioning from Microsoft Dynamics CRM.

Read more here.

3. Sitevision Actions

Use PhenixID Identity Provisioning to setup automatic user provisioning from SiteVision.

Read more here.

4. Visma Enterprise HRM Actions

Use PhenixID Identity Provisioning to get data from Visma Enterprise HRM.

Read more here.

5. Tieto Education

Tieto Education actions for PhenixID Identity Provisioning.

Read more here.

Updated Actions

1. Add Static Attribute

2. Add Data From Bolagsverket – Swedish only

Använd denna action för att hämta information från Bolagsverket för en utvald organisation.

Läs mer här

3. Navet Action -Swedish only

Uppdaterad funktionalitet för att hämta information från Skatteverkets tjänst Navet. Nu stödjs även navetProtectedPublicRecords och navetEncounteredDeath som sessions attribut.

Läs mer här

4. Google Actions

Use PhenixID Identity Provisioning to setup automatic user provisioning to Google Apps.

Google apps actions have been updated with new functionality.

Read more here.

NEXT STEP:

Read full release notes here

PhenixID Authentication Services product page

More Integrations can be found here

Visit our Identity Provisioning Youtube channel

April 16, 2020

Easy and secure authentication

Trusting the digital identity continues to be a hot topic for organisations, and when employees are working from home, easy and secure end user validation is even more important. PhenixID are proud to announce the new major release of PhenixID Authentication Services 3.2. The new release contains several new features both for administrators and end users.

Highlights:

Improved One Touch mobile application

PhenixID One Touch has now incorporated PhenixID Pocket Pass functionality adding the offline code generator into the One Touch profile. The activation process will detect if the mobile phone has biometrics enabled for fingerprint/face and use this functionality as a replacement for a pin-code. This provides ease of use to the end-users to have everything in one application. Furthermore, administrators will have a streamlined enrollment process.