8.2.0 Release Notes

What's New?

Release DateProduct/VersionPlatformNotes
May 10, 2023HYPR Workforce Access Client for Windows 8.2.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
May 10, 2023HYPR Workforce Access Client for Mac 8.2.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura)Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
May 10, 2023HYPR Mobile App for Android 8.2.0Android 8.0+
May 10, 2023HYPR Mobile App for iOS 8.2.0iOS 12.4+
May 10, 2023HYPR Server 8.2.0ServerUpgrade to 7.10 required before upgrading to 8.0.0 or higher
May 10, 2023HYPR Android SDK 8.2.0Android 8.0+
May 10, 2023HYPR iOS SDK 8.2.0iOS 12.4+

πŸ“˜

Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

New Features

(HYPR Mobile App) Invalidate Registration Following New Device Biometric
As HYPR cannot guarantee the biometric of the authenticating user following a new biometric being added to the device, HYPR Mobile App will invalidate the existing pairing and require the device to be re-registered.

This functionality includes two associated new Feature Flags:

  • ANDROID_INVALIDATION_FOR_NEW_BIOMETRIC
  • IOS_INVALIDATION_FOR_NEW_BIOMETRIC

A new Error Code applies:

  • Android 1111070: Operation failed. A new biometric was added to the device. Please re-register.

iOS still uses Error Code 10200

(Workforce Access Client for Windows) Contact Support Behavior Is Now Customizable on Windows As Well As Mac
The same customizations available for Contact Support in 8.0.0 Workforce Access Client for Mac are now available for Windows:

  • The email field is no longer populated by a default email, and users must now manually enter an email address
  • The Contact Support button label can now be changed; alternatively, a second button can be enabled to separate log transmission from a request for assistance
  • The email sending the logs now contains the errorCode and traceId from the Workforce Access Client during a failed registration/authentication event

BETA FEATURE: (All HYPR) Single Registration
HYPR can be configured to only require pairing in one component of the HYPR system, instead of pairing separately with the HYPR Mobile App or the Workforce Access Client. When paired in one, users will be automatically prompted to complete the pairing on the other, and thereafter that pair will appear universally in all HYPR authentication rosters for that RP Application user.

BETA FEATURE: (Workforce Access Client for Windows) Workforce Access Clients for RDP Remote Sessions
...provided Network Level Awareness (NLA) is disabled. For a full description, including security considerations, see Accessing a Remote Desktop: Workforce Access for RDP Remote Sessions.

Enhancements

(Control Center) ADD Firebase Admin SDK Configuration Button
A button has been added to CC Advanced RP Application Login Settings to allow upload of Firebase configuration as a .JSON file.

(HYPR Mobile App for iOS) Contact Support Email Functions without an Email Client
Users can choose the destination email for log submission, independent of a native email client.

(Workforce Access Client for Windows) Manual Certificate Renewal
Users can now manually trigger certificate renewal for Security Keys.

Events

  • RADIUS_ONBOARDED
    This Event indicates a new RADIUS Integration server has been polled and is visible by Control Center; the Endpoint associated with this Event is /cc/ui/radius/onboard
  • WORKSTATION_INITIATED_DELETE is now OOB_DEVICE_UNPAIRED
  • OOB_DEVICE_REG_COMPLETE is now OOB_DEVICE_PAIRED
  • machineDomain parameter has been added to the Event Model

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

  • 1204027-1204046: RADIUS Integration Errors adapted to CC-based management of the HYPR RADIUS Server
  • 1111070: Operation failed. A new biometric was added to the device. Please re-register.
    This error is generated by the Invalidate Registration Following New Device Biometric feature.

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

General Improvements

  • (Control Center) Empty AAGUID device names will now default to a value of "Passkey" instead of "FIDO key"
  • (Control Center) Certificate and key validation checks have been streamlined for when HYPR Enterprise Passkeys are enabled
  • (Control Center) HYPR Authentication Policy no longer requests a PIN while pairing via a QR Code
  • (Control Center - FIDO2) Username-less Control Center login is now possible using passkeys
  • (HYPR Mobile App for Android) Unnecessary messaging has been removed
  • (HYPR Mobile App for Android) HYPR requests a new Firebase token when the received value is NIL; it also logs the Firebase token creation where it did not before
  • (HYPR Mobile App for iOS) A redundant confirmation screen was removed from the in-app QR Scan flow
  • (HYPR Mobile App for iOS) Fixed behaviors that were slowing HYPR Mobile App performance
  • (HYPR SDK for iOS) The server's cancellation errors for iOS are now differentiated into user cancellation and biometric failure errors
  • (Workforce Access Client for Windows) HYPR-as-a-service (HaaS) is disabled to allow WFA clients to auto-upgrade
  • (Workforce Access Client for Windows) The Desktop SSO success notification popup now closes itself after a short timeout
  • (Workforce Access Client for Windows) Additional information is logged from the user login certificate

Upcoming Changes

Device Manager UI Changes

HYPR Device Manager 8.3 will combine branding changes (see below) with our latest functionality to bring you a new look and streamlined UI and messaging. Paired devices appearing here will also be reflected in the HYPR Mobile App and Workforce Access Client flows where applicable.

HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names to standardize their labeling. Some are still the old familiar titles you know and love.

We've included the full list here:

New HYPR NameLegacy HYPR Server Name
HYPR CloudHYPR Cloud
HYPR ON PremHYPR On Prem
RADIUSHYPR RADIUS Server
New HYPR NameLegacy HYPR Mobile App Name
HYPR for iOSHYPR Mobile App for Android
HYPR for AndroidHYPR Mobile App for iOS
HYPR Enterprise PasskeyHYPR FIDO2 Mobile Authenticator
New HYPR NameLegacy HYPR Workforce Access Client Name
HYPR Passwordless for WindowsHYPR Workforce Access Client for Windows
HYPR Passwordless for MacHYPR Workforce Access Client for Mac
New HYPR NameLegacy HYPR SDK and API Names
HYPR SDK for iOSHYPR SDK for iOS
HYPR SDK for AndroidHYPR SDK for Android
HYPR SDK for GolangHYPR SDK for Golang
HYPR SDK for JavaHYPR SDK for Java
HYPR SDK for JavaScriptHYPR SDK for JavaScript
HYPR SDK for PythonHYPR SDK for Python
HYPR Server APIsServer API
New HYPR NameLegacy HYPR Integration Name
HYPR for OktaOkta
HYPR for WorkspaceGoogle Workspace
HYPR for OneLoginOneLogin
HYPR for AzureAzure
HYPR for Ping DaVinciPing DaVinci
New HYPR NameLegacy HYPR Feature Name
HYPRspeedDesktop SSO
New HYPR NameLegacy HYPR Plugin Name
HYPR for AD FSAD FS
HYPR for Ping FederatePing Federate
HYPR for SiteMinderSiteMinder
HYPR for ForgeRockForgeRock

Bug Fixes

  • (Control Center) The WORKSTATION_CERTIFICATE_REQUESTED Event is no longer logged when settings should prevent its occurrence
  • (Control Center - Integrations - All) User enrollment drawer is correctly sending personal emails
  • (Platform - Integrations - Azure) User is now added to the correct Azure group by default, and this action is logged in HYPR
  • (Control Center - Integrations - Azure) The API response to enable/disable the Integration now populates the capability field with either "HYPR" for the HYPR Login Experience, and "NATIVE" for the Azure Native Login Experience
  • (Control Center - Integrations - HYPR Enterprise Passkey) Azure pairing with HYPR Mobile App for iOS now correctly displays in Device Manager after pairing
  • (Control Center - Integrations - Ping DaVinci) The OIDC Redirect URL List now recognizes multiple addresses and only accepts a comma-separated format
  • (HYPR Mobile App) Deleting a web account no longer corrupts pairing of workstation and web accounts when the server has a pending authentication request
  • (HYPR Mobile App) QR Fallback Activation Code entry Submit button is fully functional
  • (Platform - FIDO2) Keycloak authentication with UV=required correctly fails in Safari when security key is not protected with a PIN; previously it may have succeeded
  • (Workforce Access Client for Mac) HYPR now correctly reflects when Require User Presence is disabled; previously when certificate-based authentication is Off and Require User Presence was disabled, registration was failing due to checks that should have been disabled as a result
  • (Workforce Access Client for Mac) QR_Fallback now shows a HYPR error when the feature is disabled; previously it was showing a 500 error
  • (Workforce Access Client for Mac) The Workforce Access Client for Mac crashes when requesting a certificate from Active Directory
  • (Workforce Access Client for Windows) HYPR Enterprise Passkey pairing remains in the Workforce Access Client for Windows after polling CC; previously it was disappearing from the roster

Known Issues

  • (Control Center) Amazon Web Services (AWS) Web Application Firewall (WAF) rule rejects images containing Extensible Metadata Platform (XMP) tags; see the Workaround in our Support documentation
  • (Workforce Access Client - All) QR Fallback APP NAME value, if long enough, cuts off at the edge of the dialog box instead of wrapping