AD Bridge can now authenticate against Azure AD with accounts that have been migrated to Azure AD with Azure AD Connect. This requires:
An application set up in the Azure tenant under App registrations to Allow public client flows and to permit Microsoft Graph both user.read.all and group.read.all rights.
Secret generated for the application and stored on the endpoint in a file.
Azure AD connect set up to migrate Active Directory users to Azure AD.
Active Directory user accounts must be setup with IDs provided by the Suggest button in the AD Bridge plugin: Active Directory Users and Computers plugin.
Joining to Azure with the new /opt/pbis/bin/tenantjoin-cli binary.
Integrated config wait time option.
Updated config option for user login authentication wait time.
Azure user logging off generates an event.
Azure user failed logon generates an event.
Curl timeouts are now configurable via the config tool.
Azure user logon generates an event.
Removed Azure-OAuth from provider list via tenantjoin-cli leave.
Added Azure-OAuth to provider list via tenantjoin-cli.
tenantjoin-cli provider hint dependent on provider config.
Verifies if users' accounts are enabled on authentication requests within a session.
Added option to provide tenant-name with tenantjoin-cli.
tenantjoin-cli will prompt that it requires superuser privileges when run.
get-status displays primary domain name.
tenantjoin-cli allows rejoins.
tenantjoin-cli validates input.
tenantjoin-cli persists after a reboot.
Hash on-premises security identifier for UID.
Audit tenantjoin-cli joins.
Allows simultaneous Azure user logins.
Azure user login.
Ability to join a tenant (with tenantjoin-cli).
Automatically acquire new access token.
get-status displays tenant information.
Azure user is prompted with authorization URL when logging in with SSH.
Support tenantjoin --cli --leave option.
Added config options for OAuth.
Updated config providers to include Azure-OAuth.
Added Azure-OAuth provider.
Resolved issue in which msiexec failed to install individual modules.
Resolved issue in which users were unable to log in to a Samba share using the FQDN.
AD Bridge 188.8.131.527 supports upgrades from 10.1, 21.1, 22.1, and 22.2.
This is the last release to support Solaris 10 through 11.3.
BeyondTrust is the worldwide leader in intelligent identity and access security, enabling organizations to protect identities, stop threats, and deliver dynamic access. We offer the only platform with both intelligent identity threat detection and a privilege control plane that delivers zero-trust based least privilege to shrink your attack surface and eliminate security blind spots.