Privileged Identity 5.5.5.1 Release Notes

December 3, 2019

New Features and Enhancements:

  • Universal Group support has been added to Delegation.
  • Shadow Principals now supported through an extension.
  • Dutch, French, German, Italian, and Japanese languages have been added to PI 5.5.5.1.

Issues Resolved:

  • Resolved an issue with extensions sometimes not being in the correct directory.
  • Resolved an issue with Delegation access to the Console not working as expected under certain circumstances.
  • Resolved an issue with Personal Passwords not being found after upgrading.
  • Resolved an issue with Elevation extensions sometimes not loading.
  • Removed IIS from the Prerequisite Checker for Zone Processors.
  • Resolved an issue with "Hide Authenticators List" option not working properly.
  • Updated verbiage for the Zone Processor installation error message for invalid service credentials to be more informative.
  • Resolved an issue with Zone Processors not starting on new systems.
  • Resolved an issue with disabling Windows Integrated Authentication not working.
  • Resolved an issue with Windows Integrated Authentication to the Web App.
  • Resolved an issue with copying a password while it was obfuscated.
  • Resolved an issue with showing passwords in recovery sometimes when the option to show passwords was disabled.
  • Resolved an issue with using OATH showing an error message instead of the token entry page.
  • Resolved an issue with OATH logins that use FQDN not working properly.
  • External MFA login support has been added to the Web App.
  • Resolved an issue with editing Association Types For Targets causing the Admin Console to crash.
  • Resolved an issue with creating new Offline Machine Configurations not saving all of the data.
  • Resolved a performance issue when retrieving Stored Credentials under certain circumstances.
  • Resolved an issue with Event Sink emails not declaring the character set. Now all emails will default to charset UTF-8.
  • Resolved an issue with elevation through the Web App returning Access Denied if the permissions were created on a per system basis.
  • Resolved an issue with the Web App not displaying Shared Credential Lists correctly.
  • Resolved an issue with the Elevation menu not displaying under certain circumstances.
  • Resolved an issue with SAML authentication not working in Internet Explorer 11.
  • Resolved an issue with non-admins being able to create new messages in the Web App.

Known Issues:

  • After installing the PI 5.5.5.x website and web service, the website may display a Web Service Error message even if the webservice is operational, in which case your website may need additional configuration; see https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0015337.
  • Custom RDP files in Application Launch may fail to launch or launch incorrectly due to an issue with the ${SessionID} variable not being replaced.
  • Checking out passwords via Favorites fails to create Auto-Roll jobs.
  • Next Job Run Times displayed in the Jobs dialog in the management console may show as one hour earlier than the actual scheduled time; however, the job will run at the correct time.
  • Self-Elevation to Global Domain Groups does not function as expected.
  • If the Do Not Show Passwords on Recovery (Clipboard Access) option is selected in the web app configuration, then the password field and copy button are missing from the website. Instead, select the Hide Passwords Until User Chooses to Show option to make the clipboard option available.
  • Endpoints in Custom Account Type containers may be removed from the management set when the management set is refreshed. Adjust management sets containing custom account type endpoints to not refresh automatically, and avoid manual refreshes.

Notes:

  • PI 5.5.5.1 exe installer SHA 256 checksum: c8473031591c4836fccb4b15ec97764d7d1609ddcd1cceeba43836aa10c563c9
  • PI 5.5.5.1 supports upgrades from 5.5.3.0+.
  • PI 5.5.5.1 supports BeyondTrust PI ECM Plugin 19.1.1.
  • If the Hide Authenticators List option is not selected and you choose to hide individual authenticators, note that OAuth and SAML authenticator types cannot be hidden.
  • Compliance Reports have been removed from the Auditing menu in PI 5.5.5.0/PI 5.5.5.1, but will be re-added in a future release. Compliance reports can be accessed via the management console.