Customer Release Notes
Build Number: 22.214.171.1243634
Customer Release Notes (CRN) - This document describes capabilities, resolved issues, limitations, and known issues for different product releases.
Release Summary – SafeNet Agent for OWA 2.1.2
The SafeNet Agent for OWA 2.1.2 release introduces a new feature.
Office Online Server Support
The SafeNet Agent for OWA now supports Office Online Server (OOS) with Microsoft Exchange Server 2016. The Office online server support enables the agent to deliver browser-based viewing, editing and downloading of Office documents attached to OWA email messages.
This feature enables document collaboration and editing in real-time, as the Office documents attached to OWA emails can be viewed and edited from within the Outlook on the web interface without requiring to download the file(s) to a local computer.
Release Summary – SafeNet Agent for OWA 2.1.0
This major new release allow customers to manage access to the OWA application through SafeNet Trusted Access (STA), and thus benefit from applying STA policy framework and scenario-based, contextual conditions. For users, it provides the value of extending the STA Single Sign-On (SSO) experience to OWA.
Unlike earlier versions, SafeNet Agent for Microsoft Outlook Web App2.1.2 of the type, STA or SAS Cloud (Integrated via Applications) is a scalable, customizable, and a more productive authentication solution. Although the look and feel of the agent is modernized, the set-up and ease in functionality remains. Critical application management and policy tasks, now handled at STA, ensures that the agent's manager console is reduced, resulting in better productivity and faster processing.
Release Summary – SafeNet Agent for OWA 2.0.0
The SafeNet Agent for OWA 2.0.0 release resolves a known/ customer-reported issue.
Release Summary – SafeNet Agent for OWA 1.2.3
The SafeNet Agent for OWA 1.2.3 release resolves some known/ customer-reported issues.
Release Summary – SafeNet Agent for OWA 1.2.2
The SafeNet Agent for OWA 1.2.2 contains certain security enhancements at infrastructure and agent level. The release also resolves an important known issue.
Release Summary – SafeNet Agent for OWA 1.2
The SafeNet Agent for OWA 1.2 includes enhancements and resolves some known/ customer-reported issues. Following lists some of the important new features.
Additional Exchange Server Support
Microsoft Exchange Server 2016 is now supported.
>Strip realm from UPN (firstname.lastname@example.org will be sent as username): Select the added checkbox if the SafeNet username is required without the suffix @domain.
>Strip NetBIOS prefix (domain\username will be sent as username): Select the added checkbox if the SafeNet username is required without the prefix \domain.
NOTE The realm-stripping feature applies to SafeNet usernames only. Active Directory (AD) usernames are not affected.
Microsoft Exchange Server Limitations
>Following log out, the user is always removed from the User ID field on both private and public computers.
>Changes to the public/ private configuration in Microsoft Exchange Server have no effect on the SafeNet Agent for OWA Login window.
Resolved and Known Issues
This section describes the issue resolved in SafeNet Agent for OWA 2.0.0:
|SASNOI-7305||The login page of Exchange Control Panel (ECP) now renders correctly (without any error) while working with the SafeNet OWA Agent.|
This section describes the issue resolved in SafeNet Agent for OWA 1.2.3:
|SASNOI-6716||Group exclusion is now working fine for Microsoft Outlook Exchange Server 2010 deployed in a forest environment with multiple domains. Child domains are now getting added correctly to the User/ Group list ensuring that the agent correctly reads group of global catalog in the AD.|
|SASNOI-6559||Exchange 2010 is now running fine with Exchange 2016 when OWA agent is enabled.|
This section describes the issue resolved in SafeNet Agent for OWA 1.2.2:
|SASNOI-6511||The OWA Group exception now works even if only a username (without its domain name) is provided during the login process. The Domain Stripping functionality is fixed to ensure that exclusion groups are identified correctly and no valid groups are bypassed during the SafeNet 2FA process.|
This section describes issues resolved in SafeNet Agent for OWA 1.2:
|SASNOI-6274||The Internal Server Error encountered when accessing the OWA Agent's login page during uninstallation is now resolved.|
|SASNOI-6167||Functionality to include specific user group(s) for 2FA now works on a single domain, applying 2FA, on top of domain credentials authentication.|
|SASNOI-6165||Forcing the challenge response with SMS group in Split Authentication Mode now works as expected, forcing the challenge, after entering the username and the LDAP password.|
|SASNOI-6058||Internet Information Services (IIS) now restarts normally after applying (and saving) configuration changes on the OWA agent.|
|SASNOI-6056||The error encountered while logging new users to the SafeNet Agent for OWA is now resolved.|
|SASNOI-2738||The SafeNet Agent for OWA now works fine if the default installation path is changed.|
|SASNOI-2148||The SafeNet Agent for OWA now works correctly with shared mailboxes.|
|SASNOI-2112 / SASIL-3085||The Group exclusion feature of SafeNet Agent for OWA now works correctly on multiple domains.|
|SASNOI-2096||The OWA Group exception now works for external domains. Thus, the functionality to include specific, external MOTC user groups for 2FA now prompts for OTP, in addition to domain credentials.|
|SASNOI-2090||Only one challenge is now generated if a user enters an incorrect OTP when logging in to the OWA agent.|
Resolved Issues (SafeNet Agent for OWA 1.09)
This section describes issues resolved in SafeNet Agent for OWA 1.09:
|SASIL-2141||It is now possible to install SafeNet Agent for OWA using any account with administrator permissions, even if a user named “Administrator” is not defined in the AD.|
|SASIL-1561||After logging in with an iOS device, logging out and then logging in again, the user is no longer able to log in without entering a new One Time Password (OTP).|
This table provides a list of known issues as of the latest release.
Summary: If there are no groups in the Split Authentication Mode, then after migrating from 1.09 (or 1.1) to 1.2 version of the agent, the Standard Authentication Mode is enabled.
Workaround: To change the setting, go to SafeNet Microsoft Exchange OWA Manager > Authentication Methods and select Split Authentication Mode.
|SASNOI-4090 / SASNOI-3926||
Summary: Group exclusion functionality does not work with nested groups.
Workaround: None, will be resolved in a future release.
Summary: An extra Sign in page is displayed while authentication is already in progress. The page is only encountered when the user is authenticated for the first time, after enabling the agent.
Workaround: Do not click Sign in on the displayed page. The user will be automatically redirected to the mailbox, after a few seconds.
Summary: The OTP field is not labeled when accessed from a mobile device application.
Workaround: Ignore, does not affect functionality. It will be fixed in a future release.
Summary: When using SafeNet Agent for OWA with Exchange 2013, FreeBSD 10.1 and Apache/2.4.12 mod_proxy, if working in Split Authentication mode, and publishing externally, the OWA login does not work.
Workaround: None, will be fixed in a future release.
Summary: The SafeNet Agent for OWA cannot be installed on operating systems that are not in the English Language.
1.Do one of the following:
•If it is a Domain Controller (DC), navigate to Active Directory > Builtin and create a new group named Network Service.
•If it is not a DC, navigate to Server Manager > Configuration > Local Users and Groups and create a new group named Network Service.
2.Install SafeNet Agent for OWA.
The SafeNet Agent for OWA should now operate correctly.
Summary: The repair option in the Windows Control Panel Add/ Remove Programs fails if it is not run as an administrator, even though the user is logged on as a Domain Administrator.
Workaround: Run Add/ Remove Programs as an administrator.
Summary: Active Sync mobile devices cannot be added when the SafeNet Agent for OWA is enabled. The message "can't connect to the server" is displayed.
Workaround: Disable the SafeNet Agent for OWA. The device now contacts the server without issue and synchronizes correctly. Enable the agent; the device now proceeds to operate correctly.