Skip to main content

9.3.0 Release Notes

HYPR 9.3.0 is an Enterprise Channel Release.

The Enterprise Release Channel caters to customers requiring a less frequent cadence of upgrades, specifically on a quarterly basis, thereby allowing them more time to adapt and implement changes without disrupting their business operations.

The Standard Release Channel is designed for customers who are equipped to accommodate monthly updates, providing regular and more frequent access to new features and improvements. All Standard Release features are available in the next scheduled Enterprise Release.

New Section

To enable our customers to be more proactive in anticipating industry changes that affect HYPR architecture and topology needs, we have created the Breaking Changes section of the Release Notes. This section may be updated after the GA Release as information becomes available to HYPR.

Minimum Supported Versions

Release DateHYPR ProductMinimum RequirementNotes
July 15, 2024HYPR Passwordless for Windows 9.3.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
July 15, 2024HYPR Passwordless for Mac 9.3.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma 14.1 [not 14.0])Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
July 15, 2024HYPR Mobile App for Android 9.3.0Android 8.0+
July 15, 2024HYPR Mobile App for iOS 9.3.0iOS 12.4+
July 15, 2024HYPR Server 9.3.0Java Development Kit (JDK) 17+Upgrade to 7.10 required before upgrading to 8.0.0 or higher
July 15, 2024HYPR SDK for Android 9.3.0Android 8.0+
July 15, 2024HYPR SDK for iOS 9.3.0iOS 12.4+
July 15, 2024HYPR SDK for Java 9.3.0Java Development Kit (JDK) 17+
Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

New Features

[Control Center] FIDO2 Custom Configuration

  • Transport handling accommodations for HYPR version-specific changes
  • API calls help you evaluate, configure, and use established control points

[HYPR Affirm] UI, Branding, and Customization by RP Application

  • Company Identity
  • Logo
  • Background Image

[docs.hypr.com] - Documentation Portal Updates
The Product Documentation site has been updated to honor customer feedback and to accommodate recent branding changes. Take a few minutes to understand the new layout.

  • The legacy site, previously classicdocs.hypr.com, has been fully incorporated into the noew portal as of 9.3.0

  • All previously public ZenDesk articles can be found at docs.hypr.com

  • In HYPR 9.5, all Zendesk articles will be available in the main Product Documentation portal, docs.hypr.com

HYPR SDK for Python Enjoy more HYPR freedom with the newest addition to our SDK. Check it out here.

Enhancements

  • [All HYPR] Single Registration: Web-to-workstation: Improvements to removal/unpairing consistency across the HYPR ecosystem

  • [Control Center] Enterprise Passkey BLE and WiFi authentication toggles are now present under Login Settings

  • [Control Center] HYPR Support Access: Improvements to UI, Audit Trail, and save behaviors

  • [Control Center] That pesky comma hanging out in the Add New Application dialog in CC Advanced Mode has finally been removed

  • [Control Center; HYPR Mobile App - Both] General UI, flow, and messaging improvements

  • [HYPR Adapt] General UI/UX Improvements

  • [HYPR Adapt] - Risk Policy improvements based upon customer feedback

  • [HYPR Affirm] The entries in the activity log more closely match the labeling and verbiage of the Idenity Verification steps

  • [HYPR Affirm] UI/UX and flow Improvements across all of Affirm

  • [HYPR Affirm] Code Customization types now include sending emails, sending SMS, and SMS verification

  • [HYPR Affirm] Multiple approvers can be added with progressive logic

  • [HYPR Affirm] Approvers can be authenticated using OIDC; API calls are available

  • [HYPR Affirm] IdV flow has been updated so that if a reference image exists, document upload in Photo ID and Liveness is skipped

  • [HYPR Affirm] A password reset option has been added for Okta users as a possible outcome for IdV flows

  • [HYPR Affirm] In addition to being verified against cached images, reference images in the Identity Verification Flow are also verified against the database

  • [HYPR Mobile App for iOS; HYPR SDK for iOS] General performance updates

  • [HYPR Passwordless for macOS] Successful signals reporting responses have been changed to status 204

  • [HYPR Passwordless for macOS] Device Signals now include the following data:

    • System ID
    • CrowdStrike ID
    • Network data
    • Location data
    • Signals are sent after /rp/wsapi/client/authorization/complete
  • [HYPR Passwordless for Windows] Feitian security keys Answer to Read (ATR) values have been updated

  • [HYPR Passwordless for Windows] Feitian security keys have been updated to use HYPR 8.x nomenclature

  • [HYPR Passwordless for Windows] Updated the bundled YubiKey mini-driver to version 4.6.1

  • [Integrations - Okta] Added a job for uploading aliases to Control Center from Okta during upgrades

  • [Platform - Keycloak] Control Center and Keycloak now have parity in options on the login screens

  • [Platform - Keycloak] Improved messaging, events parity, and traceability between Control Center and Keycloak

  • [Platform - Keycloak] Misleading brute force logs have been omitted

Events

The following Events and parameters were added or re-added in 9.3.0:

  • ADAPT_POLICY_ASSIST
  • AFFIRM_WORKFLOW_RESULT
  • KEYCLOAK_ADMIN_EVENT
  • KEYCLOAK_USER_EVENT
  • MOBILE_CANCELLED_NEW_CERTIFICATE
  • POV_EXPIRATION_SET
  • POV_EXPIRATION_CLEARED
  • SMARTKEY_RECOVERY_PINS_RE_GENERATED
  • WEBSITE_AUTH
  • tokenType has been added to log entries (not Audit Trail Events) to accomodate multiple access token types

The following Events were removed/deprecated as of 9.3.0:

  • ADAPT_CREATE_EVENT_HANDLER
  • AFFIRM_WORKFLOW_INVITE_CREATED
  • AFFIRM_WORKFLOW_LOOKUP_CARRIER_DATA
  • AFFIRM_WORKFLOW_MAGIC_LINK
  • AFFIRM_WORKFLOW_VERIFICATION_REQUEST_CREATED

The Label column in the Event Parameters section of the Event Descriptions article has been removed and the Paramater column has been alphabetized.

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

The following Errors have been added to HYPR:

The following Errors have been updated to reflect changes in HYPR:

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

  • Get the CC admin settings for a security key (POST /rp/wsapi/smartkey/checksettings) payload attribute justVerifySerialNumber is now used to indicate HYPR Passwordless is not performing an enrollment action

  • Get deregistered certificates (GET /rp/api/rpapp/{appId}/certificate/deregistered?from={startDateTime}) has been moved from Workstation > Registration to Workstation > Certificates

  • Single Registration calls and examples have been corrected

  • Retrieve HYPRspeed challenge information (GET /rp/api/client/desktopsso/challenge) has been removed in favor of the POST call using the same endpoint: Send a challenge for the desktop client to process

  • [HYPR Adapt API] Risk Policy CRUD and assignment operations have been added:

    • GET/cc/api/appconfig/adapt: List a policy configuration.

    • PUT/cc/api/appconfig/adapt: Update a policy configuration.

    • DELETE/cc/api/appconfig/adapt/{appId}: Delete a policy configuration.

    • POST/cc/api/appconfig/adapt/assign: Assign a Risk Policy to an RP Application.

    • GET/cc/api/appconfig/adapt/assignments: Unassign a Risk Policy from an RP Application

  • [HYPR Affirm API]

    • Where it appears, the attribute escalateAfterMinutes has been changed to inviteNextApproverAfterMinutes

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

Upcoming Changes

Entra ID External Authentication Use HYPR as an Entra ID External Authentication Method (EAM), so HYPR can be made available as an external method to users. Contact HYPR if you are interested in early adoption of this feature.

Smart Card PIN Unblocking Key (PUK) PIN Reset HYPR accommodates smart card and security key PUK PIN reset functionality from the desktop.

HYPR Enterprise Passkey - FIDO2 Gateway Fallback HYPR providea a fallback mechanism in the event which an existing WiFi or BLE configuration has challenges. HYPR Mobile App will communicate through Control Center to complete CTAP operations with the HYPR Passwordless client.

Control Center: Standard Mode: Expansions to UI, Branding, and Customization Custom Branding expands to add HYPR Passwordless client UI customization from Control Center, and brings forward the legacy UI Branding for the HYPR Mobile App and Push Notifications.

[Control Center] An Entra ID Provisioning API Microsoft's new API allows HYPR to programmatically create an Azure FIDO2 credential (login.microsoft.com). With this API, HYPR users will no longer need to login into Microsoft's website to pair the Enterprise Passkey separately.

Bug Fixes

  • [Control Center] Fixed: Control Center is not picking the proxy value from the environment variable

  • [Control Center] Fixed: SVG image upload/display failure in the UI Management screen

  • [Control Center] Fixed: The rp_user_alias table is not being cleared of the user data after the user's last device is deleted

  • [Control Center] Fixed: The User Management enrollment drawer doesn't show multiple existing users with the same primary email address

  • [Control Center] Fixed: QR fallback fails to login to Control Center 9.2

  • [Control Center; HYPR Mobile App for Android; HYPR Mobile App for iOS] Fixed: Single Registration: Workstation-to-web - Various issues surrounding user, pairing, and app removal

  • [HYPR Mobile App for iOS] Fixed: Using Enterprise Passkey, advertise is called during FaceID authentication

  • [HYPR Adapt] Fixed: QR Authentication timeout and QR Authentication scan are not generating Events

  • [HYPR Adapt] Risk Reports Fixes

    • Policy Evaluation is now correctly auto-refreshing
    • Username drill-down link functions as expected
    • Event date/time correctly reflects the actual timestamp
    • Labeling, sorting, and classification improvements
  • [HYPR Affirm] Fixed: After the approver leaves the video call to approve, the video remains and is frozen

  • [HYPR Affirm] Fixed: If the requester is in video before the approver, the approver cannot see the requester

  • [HYPR Affirm] Fixed: Name comparison status is not showing Consider results.

  • [HYPR Affirm] Fixed: Document-upload not handling failure cases gracefully

  • [HYPR Affirm] Fixed: With the Affirm flow status in Control Center disabled, a user can still complete the IdV flow

  • [HYPR Mobile App for Android] The Login History screen has been truncated to display no more than 50 entries

  • [HYPR Mobile App for Android] Fixed: Error information overlay displays when tapping the successful authentication entries in the Login History screen

  • [HYPR Mobile App for Android] Fixed: Enterprise Passkey: Unable to unlock the workstation using a passkey if the HYPR Mobile App is backgrounded upon receiving the Test of User Presence prompt.

  • [HYPR Mobile App for Android] Fixed: Enterprise Passkey: An error is not displayed on completing authentication on app that was resumed from being backgrounded, but which required User Presence; the user now sees an appropriate message

  • [HYPR Mobile App for Android] Fixed: FIDO2 Gateway: When the workstation is unreachable, Android sends two advertise requests within 4s repeating every 30s

  • [HYPR Mobile App - Both; HYPR SDKs for Android and iOS] Fixed: Devices cannot authenticate if allowlisted facetIDs have been enabled prior to registration

  • [HYPR Passwordless for macOS] Fixed: Uninstalling doesn't restore the default unlock screen

  • [HYPR Passwordless for Windows] Fixed: Fingerprint registration UI failed to appear during Yubikey Bio pairing, resulting in an error despite successful registration

  • [HYPR SDK for Android] Fixed: In an Entra domain-joined environment, when deleting the workstation and then the credential, the user stays in the group, Paired with Azure

  • [Integrations - Okta] Fixed: /cc/ui/rpUser/self is generating a 404 error using Device Manager with Okta or using a Magic Link to Device Manager

Known Issues

  • [HYPR Control Center - Adapt] FIDO2 authentication attempts are not blocked when FIDO2 is not exempted and the Authentication Failure Threshold is exceeded

  • [HYPR Control Center - Adapt] 'Adapt unavailable' selected option is not saving properly

  • [HYPR Enterprise Passkey + HYPR Mobile App for Android] When deregistering the linked security key for a hybrid account, the workstation pairing is also removed

  • [HYPR Mobile App for iOS] The text below the logo on the home screen still says "True Passwordless Security" and has not been updated to "Identity Assurance"

  • [HYPR Passwordless - Both] QR Fallback - The RP application name is cut off when the tenant name is long

  • [HYPR Passwordless for Windows] Deleting a fingerprint from the middle of the list doesn't re-order the rest of the list

  • [HYPR Passwordless for Windows] HYPR displays an error when a paired Yubikey Bio MPE has the maximuum number of fingerprints stored already

  • [HYPR Affirm; Keycloak] HYPR Affirm is not added to Keycloak's HYPR authenticator after upgrading to 9.3

Breaking Changes

Google Firebase Cloud Messaging Discontinued

Google Firebase will terminate the usage of legacy Firebase Cloud Messaging (FCM) APIs, effective June 20, 2024. This will affect most HYPR customers; if you have not taken measures to accommodate this change, please contact HYPR Support ASAP.

Android Configuration (Migration from 8.7.X to 9.1.X)

  • Project-wide:

    targetSdk 33 -> 34
    minSdkVersion 23 -> 26
    kotlin version 1.7.22-> 1.9.20
  • gradle-wrapper.properties:

    https\://services.gradle.org/distributions/gradle-7.6-bin.zip -> https\://services.gradle.org/distributions/gradle-8.4-bin.zip
  • project:build.gradle:

    kotlin version  1.7.22-> 1.9.20
    com.android.tools.build:gradle:7.2.2 -> com.android.tools.build:gradle:8.1.4
    com.google.gms:google-services:4.3.14 -> com.google.gms:google-services:4.4.0
    com.guardsquare:dexguard-gradle-plugin:1.3.24 -> com.guardsquare:dexguard-gradle-plugin:9.4.21
  • app:build.gradle:

    • Implementation:

        androidx.appcompat:appcompat:1.5.1 -> androidx.appcompat:appcompat:1.6.1
      com.google.android.material:material:1.7.0 -> com.google.android.material:material:1.10.0
      androidx.lifecycle:lifecycle-process:2.5.1 -> androidx.lifecycle:lifecycle-process:2.6.2
      com.google.code.gson:gson:2.10 -> com.google.code.gson:gson:2.10.1
      org.apache.commons:commons-lang3:3.12.0 -> org.apache.commons:commons-lang3:3.13.0
      com.google.mlkit:barcode-scanning:17.0.0 -> com.google.mlkit:barcode-scanning:17.2.0
      androidx.core:core-ktx:1.9.0 -> androidx.core:core-ktx:1.12.0
      androidx.lifecycle:lifecycle-viewmodel-ktx:2.5.1 -> androidx.lifecycle:lifecycle-viewmodel-ktx:2.6.2
      org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.7.22 -> org.jetbrains.kotlin:kotlin-stdlib:1.9.20
      com.google.firebase:firebase-messaging:23.1.0-> com.google.firebase:firebase-messaging:23.3.1
    • annotationProcessor:

      androidx.lifecycle:lifecycle-common-java8:2.5.1 -> androidx.lifecycle:lifecycle-common:2.6.2
  • You might need to add this (depending on your setup) in app:build.gradle:

    android {
    ...
    compileOptions {
    sourceCompatibility = JavaVersion.VERSION_1_8
    targetCompatibility = JavaVersion.VERSION_1_8
    }
    kotlinOptions {
    jvmTarget = "1.8"
    }
    ...
    }