8.5.0 Release Notes
HYPR 8.5.0 is an Enterprise Channel Release.
The Enterprise Release Channel caters to customers requiring a less frequent cadence of upgrades, specifically on a quarterly basis, thereby allowing them more time to adapt and implement changes without disrupting their business operations.
The Standard Release Channel is designed for customers who are equipped to accommodate monthly updates, providing regular and more frequent access to new features and improvements. All Standard Release features are available in the next scheduled Enterprise Release.
Minimum Supported Versions
| Release Date | Product/Version | Platform | Notes |
|---|---|---|---|
| September 27, 2023 | HYPR Passwordless for Windows 8.5.0 | Windows (10, 11) | Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots |
| September 27, 2023 | HYPR Passwordless for Mac 8.5.0 | macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura) | Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots |
| September 27, 2023 | HYPR Mobile App for Android 8.5.0 | Android 8.0+ | |
| September 27, 2023 | HYPR Mobile App for iOS 8.5.0 | iOS 12.4+ | |
| September 27, 2023 | HYPR Server 8.5.0 | Server | Upgrade to 7.10 required before upgrading to 8.0.0 or higher |
| September 27, 2023 | HYPR Android SDK 8.5.0 | Android 8.0+ | |
| September 27, 2023 | HYPR iOS SDK 8.5.0 | iOS 12.4+ |
All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.
New Features
[Control Center] Device Manager UI Changes
HYPR Device Manager brings you a new look to match our branding changes (see below). Paired devices appearing here will also be reflected in the HYPR Mobile App and HYPR Passwordless client flows where applicable.
[Control Center - Integrations - Enterprise Passkey]
HYPR now accommodates both X.509 certificates and FIDO2 binding in the same pairing
HYPR now includes information in its QR codes to process both X.509 certificates and FIDO2/WebAuthn parameters, enabling support for hybrid domain joined machines and devices.
[Control Center; HYPR Passwordless] Improved workstation token security controls
HYPR takes additional precautions around the identifying values passed between Control Center and the HYPR Passwordless clients using an Installation token.
[HYPR Mobile App - Both] HYPRspeed matches IdP white labels to the HYPR tenant URL
To accommodate cases where server white label names may differ from the HYPR tenant value, HYPR now uses an IdP white label mapping to validate the URL before proceeding with pairing or authentication.
Early Release: [HYPR Mobile App - Both; HYPR SDK for Android; HYPR SDK for iOS]
Bluetooth/Bluetooth Low Energy (BLE) and WiFi Support for Enterprise Passkey for Azure on Windows 10
Both Android and iOS devices can now pair and authenticate via a Windows 10 workstation using Bluetooth/BLE radio or using the same WiFi network as the workstation. If enabled, HYPR will offer users the choice between Bluetooth and WiFi connections to complete an Enterprise Passkey pairing or authentication.
Enhancements
- [Control Center] Device Manager 2.0 General UI Improvements: streamlining, flow, and consistency
- [Control Center - Events] The
policyIdparameter has been added to the Events structure - [Control Center - FIDO2] HYPR core model has been updated to reflect currently required WebAuthn fields
- [Control Center - FIDO2] Origin verification now allows for and checks multiple origin URLs
- [Control Center - Integrations - Azure AD] Streamlined Azure Native Login group membership behavior upon pairing a device using the HYPR Passwordless client
- [Control Center - Integrations - Enterprise Passkey] General UI and data flow improvements, including a User Management icon indicating if a FIDO2 pairing no longer exists in Azure
- [Control Center - Integrations - OneLogin] HYPR will accept OneLogin user accounts lacking an email; HYPR will not register these accounts until an email is provided
- [Control Center - Integrations - RADIUS] RADIUS reports failure due to lack of a valid local configuration in the log
- [Platform - HYPR PAM] Added proxy support to the HYPR PAM module
- [Platform - Okta] Okta authentication has been changed to occur client-side to reduce unnecessary warnings
- [HYPR SDK for Android, HYPR SDK for iOS]
credentialId,fido2Username,rpIdare now logged in the Event logs underadditionalDetails - [HYPR SDK for iOS] HYPR-generated QR codes with embedded deeplinks will open a browser using either the HYPR Mobile App or the default camera scanning functionality
- [HYPR SDK for iOS] SDK consumers can add and customize their own complexity rules to the new PIN UI
- [HYPR Passwordless - Both] Include
machineUserPrincipalName,machineUserEmailandmachineUserDisplayNamein generated QR codes
Events
See Event Descriptions for a list of all HYPR Events and parameters.
Error Messages
To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.
APIs
/rp/api/oob/client/...APIs making device list calls now perform session validation checks/rp/api/versioned/fido2/attestation/result:authenticatorDisplayNamefield added toFido2RegisteredUser
You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.
Upcoming Changes
HYPR Adapt (Beta)
Create risk-based authentication adaptation for your HYPR users. Limit login frequency and control how long they are resultingly blocked.
Future versions of HYPR Adapt will adapt to behavioral changes such as:
- Sudden change of location
- Shifts in the time of authentication compared to established patterns
- Country deny lists
Watch this space for updates as HYPR Adapt evolves.
HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names to standardize their labeling. Some are still the old familiar titles you know and love.
We've included the full list of products and features that will be included under the grouping, HYPR Authenticate. HYPR Authenticate includes the suite of components that make up the HYPR system: Control Center (including Integrations and Plugins), HYPR Passwordless, the HYPR Mobile Apps, and the SDKs.
| New HYPR Name | Legacy HYPR Server Name |
|---|---|
| HYPR Cloud | HYPR Cloud |
| HYPR ON Prem | HYPR On Prem |
| RADIUS | HYPR RADIUS Server |
| New HYPR Name | Legacy HYPR Mobile App Name |
|---|---|
| HYPR for iOS | HYPR Mobile App for Android |
| HYPR for Android | HYPR Mobile App for iOS |
| HYPR Enterprise Passkey | HYPR FIDO2 Mobile Authenticator |
| New HYPR Name | Legacy HYPR Workforce Access Client Name |
|---|---|
| HYPR Passwordless for Windows | HYPR Workforce Access Client for Windows |
| HYPR Passwordless for Mac | HYPR Workforce Access Client for Mac |
| New HYPR Name | Legacy HYPR SDK and API Names |
|---|---|
| HYPR SDK for iOS | HYPR SDK for iOS |
| HYPR SDK for Android | HYPR SDK for Android |
| HYPR SDK for Golang | HYPR SDK for Golang |
| HYPR SDK for Java | HYPR SDK for Java |
| HYPR SDK for JavaScript | HYPR SDK for JavaScript |
| HYPR SDK for Python | HYPR SDK for Python |
| HYPR Server APIs | Server API |
| New HYPR Name | Legacy HYPR Integration Name |
|---|---|
| HYPR for Okta | Okta |
| HYPR for Workspace | Google Workspace |
| HYPR for OneLogin | OneLogin |
| HYPR for Azure | Azure |
| HYPR for Ping DaVinci | Ping DaVinci |
| New HYPR Name | Legacy HYPR Feature Name |
|---|---|
| HYPRspeed | Desktop SSO |
| New HYPR Name | Legacy HYPR Plugin Name |
|---|---|
| HYPR for AD FS | AD FS |
| HYPR for Ping Federate | Ping Federate |
| HYPR for SiteMinder | SiteMinder |
| HYPR for ForgeRock | ForgeRock |
Bug Fixes
- [Control Center] Authentication graph now shows the correct number of authentications
- [HYPR Mobile App for iOS] When the authentication policy is set to PIN + Native and the MOBILE_PIN_COMPLEXITY feature flag is enabled, the Native authentication would fail; it no longer fails when this condition is true
- [Platform - Okta] Username with a plus sign can register; previously emails including (+) caused a 409 error after registration, preventing account activity
- [HYPR Passwordless for Windows] Provision for multuple smartkeys to be enabled for login/authentication; previously if another method was tried first, Yubikey enrollment would fail
Known Issues
- (Control Center) Amazon Web Services (AWS) Web Application Firewall (WAF) rule rejects images containing Extensible Metadata Platform (XMP) tags; see the Workaround in our Support documentation
- (Control Center - Advanced Mode) Push notification authentication fails due to an invalid Firebase key
- The following issues are slated to be fixed in 8.5.1:
- (HYPR Passwordless for Mac) Unable to unlock using HYPR after upgrade from 8.4 to 8.5; on M1 and Intel Macs, after updating from 8.4 to 8.5, users are unable to:
- Use the HYPR Mobile App to unlock from online
- Unlock while offline
- Use the recovery PIN when the workstation is locked
- The standard login using HYPR works
- (HYPR Passwordless for Mac) Devices disappear from the listing of paired devices if the server returns an invalid answer
- (HYPR Passwordless for Mac) macOS Sonoma cannot register new devices; HYPR Passwordless client gets stuck waiting for the certificate
- (HYPR Passwordless for Mac) On macOS Sonoma, when trying to unpair a device, HYPR Passwordless does not render descriptive text in its dialog box
- (HYPR Passwordless for Mac) The HYPR Passwordless UI on macOS Sonoma renders incorrectly
- (HYPR Passwordless for Mac) Unable to unlock using HYPR after upgrade from 8.4 to 8.5; on M1 and Intel Macs, after updating from 8.4 to 8.5, users are unable to:
- The following is an Apple issue that affects HYPR directly, but which we cannot fix:
- (HYPR Passwordless for Mac) MacOS Sonoma doesn't hide the desktop when locking the screen