ZTrust V4.0.0

Release Date:

Introduction

ZTrust 4.0.0 marks a major milestone in our commitment to delivering secure, user-friendly, and configurable identity and access management. This release introduces an array of powerful features—from behavioral-based login verification and advanced session control to enhanced administrative interfaces and time-based access restrictions. With a strong focus on personalization, security, and control, ZTrust 4.0.0 enables enterprises to better govern digital access while providing seamless and secure user experiences.

1. Admin UI Enhancements

   A new "Manage Realms" section has been added to the admin sidebar. This allows administrators to view all available realms and easily switch between them for quicker configuration and monitoring.

2. Self-Service Portal Enhancements

   1. Authenticator Setup via QR Code:

      • Users can now configure the Authenticator app directly from the Self-Service Portal (SSP) by scanning a QR code. After scanning, users are prompted to verify their credentials via mobile, and the verified device is set as the primary authenticator.

   2. Device Visibility:

      • The SSP now displays the registered device, enabling users to see where they are logged in and which device is active.

3. New Feature: Personalized Behavioral Challenge for Login

   This new secondary authentication layer introduces a cognitive-based login step:

   • During registration, users choose an image and add a personal note.

   • During login, users must select the same image and re-enter the associated note.

   • Access is granted only upon a successful match, adding a behavioral security layer to identity verification.

4. Session Invalidation Notification Enhancement

   1. ZTrust now supports two session control policies:

      • Allow Maximum Login Sessions: When the limit is reached, the oldest session ends to accommodate a new one.

      • Deny New Session: Prevents new logins when the session limit is reached unless an active session ends or expires.

   2. This gives administrators better control over session behaviors and user concurrency.

5. Reports Enhancements

   1. Overview Section Support for Light/Dark Modes:

      • Report pages now support both light and dark display themes.

   2. User Audit Reports – MFA Tracking:

      • Enhanced visibility into login activities with detailed tracking of MFA methods used, including failures:

        • OTP

        • Push Notification

        • QR Code

        • Social Login

        • TOTP

        • reCAPTCHA

        • Authenticator App

   3. Session Invalidation Reporting: Now logs login denial events triggered by the "Deny New Session" policy, in addition to traditional logout logs.

6. Time-Based Authentication (Time Fencing)

   1. Administrators can now define time windows during which users are allowed to authenticate.

      • Realm-Level Configuration: Applies to all users in a realm.

      • Group-Level Configuration: Overrides realm-level settings for specific groups.

   2. Features include:

      • Defined login time windows with timezone support.

      • Clear error messages for unauthorized login attempts outside allowed time.

7. Theme Development

A new React-based theme has been introduced, delivering a refreshed UI experience across all pages.

1. Conclusion

ZTrust 4.0.0 builds on our security-first foundation with enhancements that prioritize usability, control, and behavioral authentication. From dynamic session management and cognitive login challenges to time-fenced access and a modernized UI experience, this release is designed to give enterprises more flexibility and users more confidence in their security. We strongly recommend upgrading to ZTrust 4.0.0 to take full advantage of these new capabilities and continue driving secure digital transformation.