8.2.0 Release Notes
| Release Date | Product/Version | Platform | Notes |
|---|---|---|---|
| May 10, 2023 | HYPR Workforce Access Client for Windows 8.2.0 | Windows (10, 11) | Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots |
| May 10, 2023 | HYPR Workforce Access Client for Mac 8.2.0 | macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura) | Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots |
| May 10, 2023 | HYPR Mobile App for Android 8.2.0 | Android 8.0+ | |
| May 10, 2023 | HYPR Mobile App for iOS 8.2.0 | iOS 12.4+ | |
| May 10, 2023 | HYPR Server 8.2.0 | Server | Upgrade to 7.10 required before upgrading to 8.0.0 or higher |
| May 10, 2023 | HYPR Android SDK 8.2.0 | Android 8.0+ | |
| May 10, 2023 | HYPR iOS SDK 8.2.0 | iOS 12.4+ |
All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.
New Features
(HYPR Mobile App) Invalidate Registration Following New Device Biometric
As HYPR cannot guarantee the biometric of the authenticating user following a new biometric being added to the device, HYPR Mobile App will invalidate the existing pairing and require the device to be re-registered.
This functionality includes two associated new Feature Flags:
- ANDROID_INVALIDATION_FOR_NEW_BIOMETRIC
- IOS_INVALIDATION_FOR_NEW_BIOMETRIC
A new Error Code applies:
- Android 1111070: Operation failed. A new biometric was added to the device. Please re-register.
iOS still uses Error Code 10200
(Workforce Access Client for Windows) Contact Support Behavior Is Now Customizable on Windows As Well As Mac
The same customizations available for Contact Support in 8.0.0 Workforce Access Client for Mac are now available for Windows:
- The email field is no longer populated by a default email, and users must now manually enter an email address
- The Contact Support button label can now be changed; alternatively, a second button can be enabled to separate log transmission from a request for assistance
- The email sending the logs now contains the
errorCodeandtraceIdfrom the Workforce Access Client during a failed registration/authentication event
BETA FEATURE: (All HYPR) Single Registration
HYPR can be configured to only require pairing in one component of the HYPR system, instead of pairing separately with the HYPR Mobile App or the Workforce Access Client. When paired in one, users will be automatically prompted to complete the pairing on the other, and thereafter that pair will appear universally in all HYPR authentication rosters for that RP Application user.
BETA FEATURE: (Workforce Access Client for Windows) Workforce Access Clients for RDP Remote Sessions
...provided Network Level Awareness (NLA) is disabled. For a full description, including security considerations, see Accessing a Remote Desktop: Workforce Access for RDP Remote Sessions.
Enhancements
(Control Center) ADD Firebase Admin SDK Configuration Button
A button has been added to CC Advanced RP Application Login Settings to allow upload of Firebase configuration as a .JSON file.
(HYPR Mobile App for iOS) Contact Support Email Functions without an Email Client
Users can choose the destination email for log submission, independent of a native email client.
(Workforce Access Client for Windows) Manual Certificate Renewal
Users can now manually trigger certificate renewal for Security Keys.
Events
- RADIUS_ONBOARDED
This Event indicates a new RADIUS Integration server has been polled and is visible by Control Center; the Endpoint associated with this Event is/cc/ui/radius/onboard - WORKSTATION_INITIATED_DELETE is now OOB_DEVICE_UNPAIRED
- OOB_DEVICE_REG_COMPLETE is now OOB_DEVICE_PAIRED
- machineDomain parameter has been added to the Event Model
See Event Descriptions for a list of all HYPR Events and parameters.
Error Messages
- 1204027-1204046: RADIUS Integration Errors adapted to CC-based management of the HYPR RADIUS Server
- 1111070: Operation failed. A new biometric was added to the device. Please re-register.
This error is generated by the Invalidate Registration Following New Device Biometric feature.
To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.
APIs
You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.
General Improvements
- (Control Center) Empty AAGUID device names will now default to a value of "Passkey" instead of "FIDO key"
- (Control Center) Certificate and key validation checks have been streamlined for when the FIDO2_MOBILE_AUTHENTICATOR feature flag is enabled
- (Control Center) HYPR Authentication Policy no longer requests a PIN while pairing via a QR Code
- (Control Center - FIDO2) Username-less Control Center login is now possible using passkeys
- (HYPR Mobile App for Android) Unnecessary messaging has been removed
- (HYPR Mobile App for Android) HYPR requests a new Firebase token when the received value is NIL; it also logs the Firebase token creation where it did not before
- (HYPR Mobile App for iOS) A redundant confirmation screen was removed from the in-app QR Scan flow
- (HYPR Mobile App for iOS) Fixed behaviors that were slowing HYPR Mobile App performance
- (HYPR SDK for iOS) The server's cancellation errors for iOS are now differentiated into user cancellation and biometric failure errors
- (Workforce Access Client for Windows) The CONTROL_CENTER_HAAS Feature Flag is disabled to allow WFA clients to auto-upgrade
- (Workforce Access Client for Windows) The Desktop SSO success notification popup now closes itself after a short timeout
- (Workforce Access Client for Windows) Additional information is logged from the user login certificate
Upcoming Changes
Device Manager UI Changes
HYPR Device Manager 8.3 will combine branding changes (see below) with our latest functionality to bring you a new look and streamlined UI and messaging. Paired devices appearing here will also be reflected in the HYPR Mobile App and Workforce Access Client flows where applicable.
HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names to standardize their labeling. Some are still the old familiar titles you know and love.
We've included the full list here:
| New HYPR Name | Legacy HYPR Server Name |
|---|---|
| HYPR Cloud | HYPR Cloud |
| HYPR ON Prem | HYPR On Prem |
| RADIUS | HYPR RADIUS Server |
| New HYPR Name | Legacy HYPR Mobile App Name |
|---|---|
| HYPR for iOS | HYPR Mobile App for Android |
| HYPR for Android | HYPR Mobile App for iOS |
| HYPR Enterprise Passkey | HYPR FIDO2 Mobile Authenticator |
| New HYPR Name | Legacy HYPR Workforce Access Client Name |
|---|---|
| HYPR Passwordless for Windows | HYPR Workforce Access Client for Windows |
| HYPR Passwordless for Mac | HYPR Workforce Access Client for Mac |
| New HYPR Name | Legacy HYPR SDK and API Names |
|---|---|
| HYPR SDK for iOS | HYPR SDK for iOS |
| HYPR SDK for Android | HYPR SDK for Android |
| HYPR SDK for Golang | HYPR SDK for Golang |
| HYPR SDK for Java | HYPR SDK for Java |
| HYPR SDK for JavaScript | HYPR SDK for JavaScript |
| HYPR SDK for Python | HYPR SDK for Python |
| HYPR Server APIs | Server API |
| New HYPR Name | Legacy HYPR Integration Name |
|---|---|
| HYPR for Okta | Okta |
| HYPR for Workspace | Google Workspace |
| HYPR for OneLogin | OneLogin |
| HYPR for Azure | Azure |
| HYPR for Ping DaVinci | Ping DaVinci |
| New HYPR Name | Legacy HYPR Feature Name |
|---|---|
| HYPRspeed | Desktop SSO |
| New HYPR Name | Legacy HYPR Plugin Name |
|---|---|
| HYPR for AD FS | AD FS |
| HYPR for Ping Federate | Ping Federate |
| HYPR for SiteMinder | SiteMinder |
| HYPR for ForgeRock | ForgeRock |
Bug Fixes
- (Control Center) The WORKSTATION_CERTIFICATE_REQUESTED Event is no longer logged when settings should prevent its occurrence
- (Control Center - Integrations - All) User enrollment drawer is correctly sending personal emails
- (Platform - Integrations - Azure) User is now added to the correct Azure group by default, and this action is logged in HYPR
- (Control Center - Integrations - Azure) The API response to enable/disable the Integration now populates the capability field with either "HYPR" for the HYPR Login Experience, and "NATIVE" for the Azure Native Login Experience
- (Control Center - Integrations - HYPR Enterprise Passkey) Azure pairing with HYPR Mobile App for iOS now correctly displays in Device Manager after pairing
- (Control Center - Integrations - Ping DaVinci) The OIDC Redirect URL List now recognizes multiple addresses and only accepts a comma-separated format
- (HYPR Mobile App) Deleting a web account no longer corrupts pairing of workstation and web accounts when the server has a pending authentication request
- (HYPR Mobile App) QR Fallback Activation Code entry Submit button is fully functional
- (Platform - FIDO2) Keycloak authentication with
UV=requiredcorrectly fails in Safari when security key is not protected with a PIN; previously it may have succeeded - (Workforce Access Client for Mac) HYPR now correctly reflects when Require User Presence is disabled; previously when certificate-based authentication is Off and Require User Presence was disabled, registration was failing due to checks that should have been disabled as a result
- (Workforce Access Client for Mac) QR_Fallback now shows a HYPR error when the feature is disabled; previously it was showing a 500 error
- (Workforce Access Client for Mac) The Workforce Access Client for Mac crashes when requesting a certificate from Active Directory
- (Workforce Access Client for Windows) HYPR Enterprise Passkey pairing remains in the Workforce Access Client for Windows after polling CC; previously it was disappearing from the roster
Known Issues
- (Control Center) Amazon Web Services (AWS) Web Application Firewall (WAF) rule rejects images containing Extensible Metadata Platform (XMP) tags; see the Workaround in our Support documentation
- (Workforce Access Client - All) QR Fallback APP NAME value, if long enough, cuts off at the edge of the dialog box instead of wrapping