New Features - Winter 2016
Foxpass is excited to officially announce some new features we've rolled out over the past few months.
RADIUS Attributes & VLAN
You can now return RADIUS attributes to enable VLAN assignment and other capabilities for your RADIUS clients. Create a set of attributes from the 'RADIUS Attributes' page, then assign it to a client from the 'RADIUS Clients' page. You can add Constant Attributes which return the same value for all calls and Conditional Attributes which return specific values depending on a user’s group memberships. We also support vendor specific codes, let us know if you don't see your setup listed and we'll add it. You can read more detailed instructions of setup and configuration here for general attribute sets or here for VLAN assignment.
We've added multi-factor authentication support for LDAP, using Duo. MFA can be enabled for a company from the 'Configuration' page. If enabled, all users will use MFA for LDAP operations but you can exempt specific users. LDAP binders cannot use MFA. You can also set an MFA policy for when the MFA provider is down or otherwise unreachable. Foxpass will use that policy to either allow or restrict all LDAP operations with a correct password. ‘Ignore’ will ignore the MFA failure and allow the login, and ‘secure’ will default to a secure model and block the login.
Posix Users & Groups
You can now specify which users and groups return Posix information through LDAP. Posix users are employees who don't need SSH access but do need LDAP access for things like OSX machine logins. You can modify whether or not a user is returned from the ‘Users’ page in the ‘Unix Info’ column. ‘Engineer’ and ‘Posix’ user types contain Posix info, while ‘Standard’ users do not. Additionally, you can modify a user’s Posix setting from the API, which is documented here.
You can also explicitly manage which groups are returned to your servers from LDAP queries. You can specify whether these groups are a “posixGroup” or not on the ‘Groups’ page. You can also change the default for new groups from the ‘Config’ page.
Hostgroups Temporary Groups & API
You can now add temporary group memberships to hostgroups. Temporary group memberships can be managed on the 'Hostgroups' page the same way as temporary user memberships. We've also extended our API to support hostgroup membership operations for both users and groups. Read up on documentation for that here.
Office 365 Delegated Auth
We’ve added Office 365 to our list of delegated authentication options. Delegated authentication uses Foxpass as a proxy to pass users’ passwords through Foxpass to a designated identity provider so your users can utilize SSO across their whole stack. Enabled delegated authentication on the 'Authentication Settings' page.
User Filter & Username in dashboard
We've added the ability to filter users by first or last name on the 'Users' page. Additionally, if one of your users forgets their username they can check it from their dashboard.
We’re wrapping up development on an Foxpass cache you can run locally in a Docker container. If your hosts or access points can’t reach Foxpass’s servers, they’ll use your local cache as a fallback option.
Our LDAP servers will soon support StartTLS. Please contact us if you'd like to be involved in our beta trial.