8.0.0 Release Notes

What's New?

Release DateProduct/VersionPlatformNotes
February 15, 2023HYPR Workforce Access Client for Windows 8.0.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
February 15, 2023HYPR Workforce Access Client for Mac 8.0.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey)Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
February 15, 2023HYPR Mobile App for Android 8.0.0Android 8.0+
February 15, 2023HYPR Mobile App for iOS 8.0.0iOS 12.4+
February 15, 2023HYPR Server 8.0.0ServerUpgrade to 7.10 required before upgrading to 8.0.0
February 15, 2023HYPR Android SDK 8.0.0Android 8.0+
February 15, 2023HYPR iOS SDK 8.0.0iOS 12.4+


Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases

New Features

Keycloak Upgrade
As of version 8.0.0, HYPR requires Keycloak version 16.1.1. Customers who are running HYPR on-premises must also upgrade Keycloak as part of the HYPR 8.0.0 upgrade. HYPR Cloud customers will get the Keycloak upgrade automatically. Regardless of installation type, all customers should plan to thoroughly test any HYPR instances, with an emphasis on deployments which use Intelligent Extensions, rely on custom templates within HYPR or Keycloak, or deploy applications which depend on embedded browser functionality.

Customization of Workforce Access Client for Mac Contact Support Behavior

  • The email field is no longer populated by a default email, and users must now manually enter an email address
  • The Contact Support button label can now be changed; alternatively, a second button can be enabled to separate log transmission from a request for assistance
  • The email sending the logs now contains the errorCode and traceId from the Workforce Access Client during a failed registration/authentication event


Azure IdP Error Matching
Error messages related to Azure IdP now more accurately describe the error conditions. Previously, all were routed to a generic error message; now they are treated individually.

Mobile Logging Levels
Customizable logging levels now can be used to control the amount of information in and size of log entries.

API Updates

  • /rp/api/versioned/fido2/settings request accepts three new fields: userVerification, residentKey, and attestation

General Improvements

  • (API) API endpoints that provide potentially sensitive information are protected by an API token
  • (API) HYPR API now exposes FIDO2 Settings: resident key requirement(s); user verification requirement(s); and attestation conveyance preference
  • (Control Center) Audit creation and retrieval of Recovery PINs
  • (Control Center) Error messages related to Azure IdP now more accurately describe the error conditions
  • (Control Center) Integrations' tenant URLs no longer end with a forward slash (/)
  • (Control Center) License check failure no longer halts registration
  • (Control Center) Security Key Recovery PIN fields are now correctly reflected in User Management
  • (Device Manager) Mitigate cross-site scripting (XSS) vulnerabilities
  • (Mobile App - Android) Android dependencies (Dexguard) have been upgraded to the latest versions
  • (Mobile App - Android) Last Login Date returns the date of last login for an Android device; previously it returned null
  • (Mobile App - Android) Remove the screen recording block for Android
  • (Mobile App - Android) Transaction Summary Screen includes more informative transaction data after confirmation
  • (Mobile App - iOS) Improve logic of Web enrollment push notification flows
  • (HYPR Mobile App - Mac) iOS minimum supported version is now 14.0
  • (Mobile App - iOS) Support email dialog now shows only the Company Display Name from CC General Settings in the picker if In-App Logs Submission is toggled on in Control Center; otherwise it shows both the Company Display Name and email
  • (Platform) An environment variable, if present, prevents Control Center UI endpoints from being accessed until Control Center is restarted without it; a 404 message is displayed while the endpoints are inaccessible
  • (Platform) HYPR now checks that the CSRF-TOKEN in the cookie is valid before accepting the CSRF request
  • (Platform) Mobile App generated Keycloak error page no longer displays on Azure Integrations
  • (Platform) Pending Push Payloads now include the additionalDetails attribute
  • (Platform) The HYPR Server installation package Java Runtime Environment is now version 17.0.5
  • (Platform) The Keycloak FreeMarket template file can now be customized; previously it could only be the HYPR template
  • (Platform) TPM attestation verifier can now match Elliptic Curve-based public keys
  • (SDK) hyprUserAgent data model Remote Device Operations registeredRemoteDevices method was updated
  • (SDK) iOS minimum supported version is now 14.0
  • (Workforce Access Client) Improve AutoUpgrade logic to be more robust and to clean up more thoroughly after completion
  • (Workforce Access Client - Windows) Initial VDI login now accepts domain names and/or usernames containing dashes
  • (Workforce Access Client - Windows) Security key re-enrollment remains on-screen until dismissed by the user
  • (Workforce Access Client - Windows) Solve User Presence Check failure during registration
  • (Workforce Access Client - Windows) The install token is now updated in the registry while the service is running

Upcoming Changes

Early Access: Azure Native Login Experience + FIDO2 Mobile Authenticator
Control Center Azure IdP Integrations are given a choice between using the HYPR Login Experience and the Azure Native Login Experience. HYPR Login Experience is available today; Azure federates to HYPR for authentication. Azure Native Login Experience will leverage the HYPR Mobile App as a FIDO2 security key directly against Azure.

Android Devices can still authenticate when QR code scanning is unavailable
When a user cannot access the camera on the device or is otherwise unable to scan the QR code, HYPR now provides the option to manually enter the RP Application and PIN instead to continue the authentication flow.