Skip to main content

8.5.0 Release Notes

HYPR 8.5.0 is an Enterprise Channel Release.

The Enterprise Release Channel caters to customers requiring a less frequent cadence of upgrades, specifically on a quarterly basis, thereby allowing them more time to adapt and implement changes without disrupting their business operations.

The Standard Release Channel is designed for customers who are equipped to accommodate monthly updates, providing regular and more frequent access to new features and improvements. All Standard Release features are available in the next scheduled Enterprise Release.

Minimum Supported Versions

Release DateProduct/VersionPlatformNotes
September 27, 2023HYPR Passwordless for Windows 8.5.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
September 27, 2023HYPR Passwordless for Mac 8.5.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura)Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
September 27, 2023HYPR Mobile App for Android 8.5.0Android 8.0+
September 27, 2023HYPR Mobile App for iOS 8.5.0iOS 12.4+
September 27, 2023HYPR Server 8.5.0ServerUpgrade to 7.10 required before upgrading to 8.0.0 or higher
September 27, 2023HYPR Android SDK 8.5.0Android 8.0+
September 27, 2023HYPR iOS SDK 8.5.0iOS 12.4+
Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

New Features

[Control Center] Device Manager UI Changes
HYPR Device Manager brings you a new look to match our branding changes (see below). Paired devices appearing here will also be reflected in the HYPR Mobile App and HYPR Passwordless client flows where applicable.

[Control Center - Integrations - Enterprise Passkey]
HYPR now accommodates both X.509 certificates and FIDO2 binding in the same pairing

HYPR now includes information in its QR codes to process both X.509 certificates and FIDO2/WebAuthn parameters, enabling support for hybrid domain joined machines and devices.

[Control Center; HYPR Passwordless] Improved workstation token security controls
HYPR takes additional precautions around the identifying values passed between Control Center and the HYPR Passwordless clients using an Installation token.

[HYPR Mobile App - Both] HYPRspeed matches IdP white labels to the HYPR tenant URL
To accommodate cases where server white label names may differ from the HYPR tenant value, HYPR now uses an IdP white label mapping to validate the URL before proceeding with pairing or authentication.

Early Release: [HYPR Mobile App - Both; HYPR SDK for Android; HYPR SDK for iOS]
Bluetooth/Bluetooth Low Energy (BLE) and WiFi Support for Enterprise Passkey for Azure on Windows 10

Both Android and iOS devices can now pair and authenticate via a Windows 10 workstation using Bluetooth/BLE radio or using the same WiFi network as the workstation. If enabled, HYPR will offer users the choice between Bluetooth and WiFi connections to complete an Enterprise Passkey pairing or authentication.

Enhancements

  • [Control Center] Device Manager 2.0 General UI Improvements: streamlining, flow, and consistency
  • [Control Center - Events] The policyId parameter has been added to the Events structure
  • [Control Center - FIDO2] HYPR core model has been updated to reflect currently required WebAuthn fields
  • [Control Center - FIDO2] Origin verification now allows for and checks multiple origin URLs
  • [Control Center - Integrations - Azure AD] Streamlined Azure Native Login group membership behavior upon pairing a device using the HYPR Passwordless client
  • [Control Center - Integrations - Enterprise Passkey] General UI and data flow improvements, including a User Management icon indicating if a FIDO2 pairing no longer exists in Azure
  • [Control Center - Integrations - OneLogin] HYPR will accept OneLogin user accounts lacking an email; HYPR will not register these accounts until an email is provided
  • [Control Center - Integrations - RADIUS] RADIUS reports failure due to lack of a valid local configuration in the log
  • [Platform - HYPR PAM] Added proxy support to the HYPR PAM module
  • [Platform - Okta] Okta authentication has been changed to occur client-side to reduce unnecessary warnings
  • [HYPR SDK for Android, HYPR SDK for iOS] credentialId, fido2Username, rpId are now logged in the Event logs under additionalDetails
  • [HYPR SDK for iOS] HYPR-generated QR codes with embedded deeplinks will open a browser using either the HYPR Mobile App or the default camera scanning functionality
  • [HYPR SDK for iOS] SDK consumers can add and customize their own complexity rules to the new PIN UI
  • [HYPR Passwordless - Both] Include machineUserPrincipalName, machineUserEmail and machineUserDisplayName in generated QR codes

Events

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

  • /rp/api/oob/client/... APIs making device list calls now perform session validation checks
  • /rp/api/versioned/fido2/attestation/result: authenticatorDisplayName field added to Fido2RegisteredUser

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

Upcoming Changes

HYPR Adapt (Beta)

Create risk-based authentication adaptation for your HYPR users. Limit login frequency and control how long they are resultingly blocked.

Future versions of HYPR Adapt will adapt to behavioral changes such as:

  • Sudden change of location
  • Shifts in the time of authentication compared to established patterns
  • Country deny lists

Watch this space for updates as HYPR Adapt evolves.

HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names to standardize their labeling. Some are still the old familiar titles you know and love.

We've included the full list of products and features that will be included under the grouping, HYPR Authenticate. HYPR Authenticate includes the suite of components that make up the HYPR system: Control Center (including Integrations and Plugins), HYPR Passwordless, the HYPR Mobile Apps, and the SDKs.

New HYPR NameLegacy HYPR Server Name
HYPR CloudHYPR Cloud
HYPR ON PremHYPR On Prem
RADIUSHYPR RADIUS Server
New HYPR NameLegacy HYPR Mobile App Name
HYPR for iOSHYPR Mobile App for Android
HYPR for AndroidHYPR Mobile App for iOS
HYPR Enterprise PasskeyHYPR FIDO2 Mobile Authenticator
New HYPR NameLegacy HYPR Workforce Access Client Name
HYPR Passwordless for WindowsHYPR Workforce Access Client for Windows
HYPR Passwordless for MacHYPR Workforce Access Client for Mac
New HYPR NameLegacy HYPR SDK and API Names
HYPR SDK for iOSHYPR SDK for iOS
HYPR SDK for AndroidHYPR SDK for Android
HYPR SDK for GolangHYPR SDK for Golang
HYPR SDK for JavaHYPR SDK for Java
HYPR SDK for JavaScriptHYPR SDK for JavaScript
HYPR SDK for PythonHYPR SDK for Python
HYPR Server APIsServer API
New HYPR NameLegacy HYPR Integration Name
HYPR for OktaOkta
HYPR for WorkspaceGoogle Workspace
HYPR for OneLoginOneLogin
HYPR for AzureAzure
HYPR for Ping DaVinciPing DaVinci
New HYPR NameLegacy HYPR Feature Name
HYPRspeedDesktop SSO
New HYPR NameLegacy HYPR Plugin Name
HYPR for AD FSAD FS
HYPR for Ping FederatePing Federate
HYPR for SiteMinderSiteMinder
HYPR for ForgeRockForgeRock

Bug Fixes

  • [Control Center] Authentication graph now shows the correct number of authentications
  • [HYPR Mobile App for iOS] When the authentication policy is set to PIN + Native and the MOBILE_PIN_COMPLEXITY feature flag is enabled, the Native authentication would fail; it no longer fails when this condition is true
  • [Platform - Okta] Username with a plus sign can register; previously emails including (+) caused a 409 error after registration, preventing account activity
  • [HYPR Passwordless for Windows] Provision for multuple smartkeys to be enabled for login/authentication; previously if another method was tried first, Yubikey enrollment would fail

Known Issues

  • (Control Center) Amazon Web Services (AWS) Web Application Firewall (WAF) rule rejects images containing Extensible Metadata Platform (XMP) tags; see the Workaround in our Support documentation
  • (Control Center - Advanced Mode) Push notification authentication fails due to an invalid Firebase key
  • The following issues are slated to be fixed in 8.5.1:
    • (HYPR Passwordless for Mac) Unable to unlock using HYPR after upgrade from 8.4 to 8.5; on M1 and Intel Macs, after updating from 8.4 to 8.5, users are unable to:
      • Use the HYPR Mobile App to unlock from online
      • Unlock while offline
      • Use the recovery PIN when the workstation is locked
      • The standard login using HYPR works
    • (HYPR Passwordless for Mac) Devices disappear from the listing of paired devices if the server returns an invalid answer
    • (HYPR Passwordless for Mac) macOS Sonoma cannot register new devices; HYPR Passwordless client gets stuck waiting for the certificate
    • (HYPR Passwordless for Mac) On macOS Sonoma, when trying to unpair a device, HYPR Passwordless does not render descriptive text in its dialog box
    • (HYPR Passwordless for Mac) The HYPR Passwordless UI on macOS Sonoma renders incorrectly
  • The following is an Apple issue that affects HYPR directly, but which we cannot fix:
    • (HYPR Passwordless for Mac) MacOS Sonoma doesn't hide the desktop when locking the screen