Customer Release Notes

Build Number2.1.2.1053634

Customer Release Notes (CRN) - This document describes capabilities, resolved issues, limitations, and known issues for different product releases.

Release Description

Release Summary – SafeNet Agent for OWA 2.1.2

The SafeNet Agent for OWA 2.1.2 release introduces a new feature.

Office Online Server Support

The SafeNet Agent for OWA now supports Office Online Server (OOS) with Microsoft Exchange Server 2016. The Office online server support enables the agent to deliver browser-based viewing, editing and downloading of Office documents attached to OWA email messages.

This feature enables document collaboration and editing in real-time, as the Office documents attached to OWA emails can be viewed and edited from within the Outlook on the web interface without requiring to download the file(s) to a local computer.

Release Summary – SafeNet Agent for OWA 2.1.0

This major new release allow customers to manage access to the OWA application through SafeNet Trusted Access (STA), and thus benefit from applying STA policy framework and scenario-based, contextual conditions. For users, it provides the value of extending the STA Single Sign-On (SSO) experience to OWA.

Unlike earlier versions, SafeNet Agent for Microsoft Outlook Web App2.1.2 of the type, STA or SAS Cloud (Integrated via Applications) is a scalable, customizable, and a more productive authentication solution. Although the look and feel of the agent is modernized, the set-up and ease in functionality remains. Critical application management and policy tasks, now handled at STA, ensures that the agent's manager console is reduced, resulting in better productivity and faster processing.

Release Summary – SafeNet Agent for OWA 2.0.0

The SafeNet Agent for OWA 2.0.0 release resolves a known/ customer-reported issue.

Release Summary – SafeNet Agent for OWA 1.2.3

The SafeNet Agent for OWA 1.2.3 release resolves some known/ customer-reported issues.

Release Summary – SafeNet Agent for OWA 1.2.2

The SafeNet Agent for OWA 1.2.2 contains certain security enhancements at infrastructure and agent level. The release also resolves an important known issue.

Release Summary – SafeNet Agent for OWA 1.2

The SafeNet Agent for OWA 1.2 includes enhancements and resolves some known/ customer-reported issues. Following lists some of the important new features.

Additional Exchange Server Support

Microsoft Exchange Server 2016 is now supported.

Domain Stripping

>Strip realm from UPN (username@domain.com will be sent as username): Select the added checkbox if the SafeNet username is required without the suffix @domain.

>Strip NetBIOS prefix (domain\username will be sent as username): Select the added checkbox if the SafeNet username is required without the prefix \domain.

NOTE   The realm-stripping feature applies to SafeNet usernames only. Active Directory (AD) usernames are not affected.

Advisory Notes

Microsoft Exchange Server Limitations

>Following log out, the user is always removed from the User ID field on both private and public computers.

>Changes to the public/ private configuration in Microsoft Exchange Server have no effect on the SafeNet Agent for OWA Login window.

Resolved and Known Issues

Resolved Issues (SafeNet Agent for OWA 2.0.0)

This section describes the issue resolved in SafeNet Agent for OWA 2.0.0:

Issue

Synopsis

SASNOI-7305 The login page of Exchange Control Panel (ECP) now renders correctly (without any error) while working with the SafeNet OWA Agent.

Resolved Issues (SafeNet Agent for OWA 1.2.3)

This section describes the issue resolved in SafeNet Agent for OWA 1.2.3:

Issue

Synopsis

SASNOI-6716 Group exclusion is now working fine for Microsoft Outlook Exchange Server 2010 deployed in a forest environment with multiple domains. Child domains are now getting added correctly to the User/ Group list ensuring that the agent correctly reads group of global catalog in the AD.
SASNOI-6559 Exchange 2010 is now running fine with Exchange 2016 when OWA agent is enabled.

Resolved Issues (SafeNet Agent for OWA 1.2.2)

This section describes the issue resolved in SafeNet Agent for OWA 1.2.2:

Issue

Synopsis

SASNOI-6511 The OWA Group exception now works even if only a username (without its domain name) is provided during the login process. The Domain Stripping functionality is fixed to ensure that exclusion groups are identified correctly and no valid groups are bypassed during the SafeNet 2FA process.

Resolved Issues (SafeNet Agent for OWA 1.2)

This section describes issues resolved in SafeNet Agent for OWA 1.2:

Issue

Synopsis

SASNOI-6274 The Internal Server Error encountered when accessing the OWA Agent's login page during uninstallation is now resolved.
SASNOI-6167 Functionality to include specific user group(s) for 2FA now works on a single domain, applying 2FA, on top of domain credentials authentication.
SASNOI-6165 Forcing the challenge response with SMS group in Split Authentication Mode now works as expected, forcing the challenge, after entering the username and the LDAP password.
SASNOI-6058 Internet Information Services (IIS) now restarts normally after applying (and saving) configuration changes on the OWA agent.
SASNOI-6056 The error encountered while logging new users to the SafeNet Agent for OWA is now resolved.
SASNOI-2738 The SafeNet Agent for OWA now works fine if the default installation path is changed.
SASNOI-2148 The SafeNet Agent for OWA now works correctly with shared mailboxes.
SASNOI-2112 / SASIL-3085 The Group exclusion feature of SafeNet Agent for OWA now works correctly on multiple domains.
SASNOI-2096 The OWA Group exception now works for external domains. Thus, the functionality to include specific, external MOTC user groups for 2FA now prompts for OTP, in addition to domain credentials.
SASNOI-2090 Only one challenge is now generated if a user enters an incorrect OTP when logging in to the OWA agent.

Resolved Issues (SafeNet Agent for OWA 1.09)

This section describes issues resolved in SafeNet Agent for OWA 1.09:

Issue

Synopsis

SASIL-2141 It is now possible to install SafeNet Agent for OWA using any account with administrator permissions, even if a user named “Administrator” is not defined in the AD.
SASIL-1561 After logging in with an iOS device, logging out and then logging in again, the user is no longer able to log in without entering a new One Time Password (OTP).

Known Issues

This table provides a list of known issues as of the latest release.

Issue

Synopsis

SASNOI-6374

Summary: If there are no groups in the Split Authentication Mode, then after migrating from 1.09 (or 1.1) to 1.2 version of the agent, the Standard Authentication Mode is enabled.

Workaround: To change the setting, go to SafeNet Microsoft Exchange OWA Manager > Authentication Methods and select Split Authentication Mode.

SASNOI-4090 / SASNOI-3926

Summary: Group exclusion functionality does not work with nested groups.

Workaround: None, will be resolved in a future release.

SASNOI-2301

Summary: An extra Sign in page is displayed while authentication is already in progress. The page is only encountered when the user is authenticated for the first time, after enabling the agent.

Workaround: Do not click Sign in on the displayed page. The user will be automatically redirected to the mailbox, after a few seconds.

SASIL-2208

Summary: The OTP field is not labeled when accessed from a mobile device application.

Workaround: Ignore, does not affect functionality. It will be fixed in a future release.

SASIL-1936

Summary: When using SafeNet Agent for OWA with Exchange 2013, FreeBSD 10.1 and Apache/2.4.12 mod_proxy, if working in Split Authentication mode, and publishing externally, the OWA login does not work.

Workaround: None, will be fixed in a future release.

SASIL-1060

Summary: The SafeNet Agent for OWA cannot be installed on operating systems that are not in the English Language.

Workaround:

1.Do one of the following:

If it is a Domain Controller (DC), navigate to Active Directory > Builtin and create a new group named Network Service.

If it is not a DC, navigate to Server Manager > Configuration > Local Users and Groups and create a new group named Network Service.

2.Install SafeNet Agent for OWA.

The SafeNet Agent for OWA should now operate correctly.

SASIL-854

Summary: The repair option in the Windows Control Panel Add/ Remove Programs fails if it is not run as an administrator, even though the user is logged on as a Domain Administrator.

Workaround: Run Add/ Remove Programs as an administrator.

SASIL-432

Summary: Active Sync mobile devices cannot be added when the SafeNet Agent for OWA is enabled. The message "can't connect to the server" is displayed.

Workaround: Disable the SafeNet Agent for OWA. The device now contacts the server without issue and synchronizes correctly. Enable the agent; the device now proceeds to operate correctly.