What's new

This section provides a brief description of changes and improvements in the Axidian Privilege by version.

3.4

Authentication

• Added support for the Kerberos authentication protocol for sessions opened via RDP Proxy.
• Added support for X.509 certificate authentication.
• Added support for authentication via the OpenID Connect protocol.
• Improved authentication in RDP and SSH sessions: if a permission is granted for a user account and the user has authenticated in Axidian Privilege, their login and password are automatically filled in the sign-in form on the resource.
• Added the ability to specify the login format for accounts when connecting via SSH.
• The ConsoleApp utility now supports sign-in on behalf of a specific Axidian Privilege user, enabling individual privileges and access control differentiation.

Integrations

• Extended AAPM functionality — added integrations with Ansible Lookup Plugins and Python SDK for managing Axidian Privilege credentials.
• Added the ability to launch SSH sessions from an Ansible playbook.

Other changes

• Added clipboard support for sessions opened via Web Proxy.
• Added a health check mechanism for Axidian Privilege servers, components, and services. Results are displayed on the dashboard in the new PAM servers widget.
• Improved the report generation mechanism — reports on sessions, events, and permissions are now generated in the background. Generated reports can be downloaded in the Reports history section.
• Added access server information to session and event cards.

3.3

• Open web sessions with the new Web Proxy component.
• Open RDP and SSH sessions in a browser with the new Web Terminal component.
• A new Dashboard section is added.
• Session opening without re-authentication is added.
• Set the days of the week in permissions.
• Configuration now includes the ability to set automatic logout on inactivity from user and management consoles.
• Support for the Ed25519 algorithm for SSH keys is added.
• Improved blocking mechanism: blocking now applies not only to users, but also to PAM administrators. When blocked, access to the system is completely terminated.
• Support for Microsoft SQL Server in SQL Proxy is added.

3.2

• Authentication by SSH keys in SSH Proxy is added.
• Creation of internal users is added.
• Licensing is changed. To connect to ad hoc resources and PostgreSQL Proxy, special licenses are now required. Connecting to PostgreSQL Proxy works in early access mode until December 31, 2026, after which you need to purchase licenses.
• Automatic detection of permissions that have not been used for a long time is added. The validity period of permissions is determined in the configuration.

3.1

• Now administrators can add tags to resources.
• Now you can change the text of the connection reason prompt. This option is set in the session policy.
• Session search is improved. Now it is possible to search by session termination state and reason.

3.0

• Managing windows services.
• Copying permissions.
• Proxying SQL sessions for PostgreSQL.
• Session termination when user is inactive.
• Boost library is now linked to work with regular expressions. In this regard, there are small changes in the syntax of regular expressions when specifying a list of allowed and prohibited commands in SSH sessions.
• New settings in policies to manage requirements for generated passwords and manually entered passwords.
• RDP sessions without local disk redirection.
• SSH server key fingerprints verification.
• Operations with custom service connection types.
• New installation, upgrade and configuration wizard.

2.10

• OpenLDAP support.
• Blocking a user.
• Changing encryption key and/or encryption algorithm of PAM database without stopping PAM.
• Specifying multiple RADIUS servers to authenticate PAM users.
• Setting policy for user groups.
• Connecting to ad hoc resources.
• Native SIEM support via CEF and LEEF log format.
• Maximum account password length is increased up to 4096 symbols.
• Blocking settings for incorrect OTP input.
• S3 storage support.
• Enabling Restart of Proxy Service Containers.