VMware Workspace ONE Access Connector (Windows) 20.10 | October 2020 | Build Workspace ONE Access Connector 20.10.0 Installer.exe
VMware Identity Manager Connector (Windows) 19.03.0.1 | October 2020 | Build VMware Identity Manager Connector 19.03.0.1 Installer.exe
VMware Identity Manager Integration Broker 19.03.0.1 | October 2020 | Build 16975699
What's New in the Upcoming January 2021 Release
Improved iPad Device Identification for Conditional Access Policies
With this release of Workspace ONE Access, iPads are no longer incorrectly identified as macOS devices based on their User-Agent string. This allows the iOS and iPad device types to be used to apply Conditional Access to iPads. The iOS device type can be used to uniformly apply Conditional Access to both iOS and iPadOS devices whereas the iPad device type can be used in environments where a different authentication experience between iOS and iPadOS devices is desired. Note that the iPad device type must be placed at a higher priority than the iOS device type if both options are being used in a single policy.
This change is required because in iPadOS 13 Apple changed the default behavior of the Safari browser so that it requests the Desktop version of web pages on an iPad rather than the Mobile version. The default behavior ultimately means that iPads running iPadOS 13 or newer present themselves to Workspace ONE Access as a macOS device rather than an iPad. With the January release, the workaround described in this KB article is no longer required.
Workspace ONE Access now Supports FIDO2 as an Authentication Method
Workspace ONE Access now allows FIDO2 authenticators to be registered and used for authentication. With this release, end users can now authenticate into Workspace ONE Intelligent Hub and Workspace ONE Access federated apps using a FIDO2 authenticator (i.e., YubiKey, Touch ID, Windows Hello). End users can also self-register a FIDO2 authenticator to be used as their primary or secondary method of authentication. Administrators also can add, remove, block, or unblock authenticators on behalf of end users. Note: FIDO2 authentication currently only supports authentication in desktop browsers.
FIDO2 authentication is currently only available for Workspace ONE SaaS customers.
Introducing Login Risk Based Conditional Access
Note Login Risk Based Conditional Access is available with the VMware Workspace ONE Intelligence release expected the first week of February 2021.
With the new Login Risk Score Authentication Method, you can now factor in a user's login risk score to authentication decisions. This means you can define policies using the login risk score to apply the right access controls when a user tries to access the network. For example, if the login risk score is low – allow access, medium – ask for MFA (Multi Factor Authentication) (multi-factor authentication, for example with RSA SecurID or VMware Verify), and high – deny access.
The login risk score is assigned by Workspace ONE Intelligence using its proprietary risk scoring engine.
Limit Monitoring Dashboard
To ensure service availability, the Workspace ONE Access SaaS service sets rate limits and concurrency limits on certain APIs. When these limits are exceeded, a 429 'Too many requests' error is returned, and your users might not be able to log in or launch applications temporarily. When this happens, users can wait a minute before trying again. The new Limit Monitoring dashboard allows you to view these limits and monitor your usage against them.