Release Notes

Product Name: bc-yubikey-enrolment 2.2.1 (Build 2.2.1.1) GA

Valid on: 2024-02-15

2.2.1
—–
– Updated documentation to correctly refer to allow_self_enrol entry in config.json.

2.2.0
—–
– PIN complexity requirements can now be configured using Device Policy (requires Paradox [SE] 3.4.0 and BEM 9.2.0 or greater)
– Added support for cross-domain gateways, specifically App-XD (requires Paradox SE 3.4.0 or greater). For this to work, the “Yubikey Client API” application must be configured on the App-XD gateway. It is supplied as part of the BEM product.
– Added the ability to seed the gateway name in the application config file. The expected format is:
{
“appxd_gateway” : “myappxd.domain”
}

– Added the ability to upload an App-XD gateway encryption key as config file to BEM

NOTE: if the above are not found, the application will use any App-XD gateway and encryption key configured in Paradox SE

2.1.0
—–
– All connected yubikeys are now shown and can be managed (previous version could only show a single connected yubikey)
– Enrol On Behalf Of (EOBO) functionality has been added to allow users designated as enrollers to enrol yubikeys for other users
– Enrollers also have the ability to revoke yubikeys registered to other users
– New application config file to allow using a secondary BEM server for yubikey management. The format expected is as follows:
{
“server” : “<address of BEM server configured for yubikey>”,
“tenant” : “mdm”,
“allow_self_enrol” : false
}

“server” defaults to the same BEM as paradox (SE) is using
“tenant” defaults to “mdm”

The “allow_self_enrol” parameter determines whether a non-enroller user will be shown the option to enrol with a One Time Password (OTP) This defaults to false

2.0.2
—–
– Updated to latest version of the app
– Rebuilt with renewed code signing certificate

2.0.1
—–
– Rebuilt with renewed code signing certificate

2.0.0
—–
– Unused, version number incremented in line with all other apps

1.0.0
—–
– First release of the Yubikey Management app

Documentation on how to use the app
——————————————
The use of the application is mostly self explanatory but Admins will need to configure BEM and should refer to BEM documentation for how to do that.

Interoperability with other Becrypt Products
———————————————————
– BEM Web 9.2.0 or later is required to manage the functionality of this application.
– This application has been tested and confirmed to work with the following versions of Paradox SE: 3.3.3, 3.4.0.