Product DocumentationVersion 9.1+ Documentation
HYPR User GuidePostman APILegacy WFALegacy SDK

8.5.0 Release Notes

HYPR 8.5.0 is an Enterprise Channel Release.

The Enterprise Release Channel caters to customers requiring a less frequent cadence of upgrades, specifically on a quarterly basis, thereby allowing them more time to adapt and implement changes without disrupting their business operations.

The Standard Release Channel is designed for customers who are equipped to accommodate monthly updates, providing regular and more frequent access to new features and improvements. All Standard Release features are available in the next scheduled Enterprise Release.

Minimum Supported Versions

Release DateProduct/VersionPlatformNotes
September 27, 2023HYPR Passwordless for Windows 8.5.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
September 27, 2023HYPR Passwordless for Mac 8.5.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura)Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
September 27, 2023HYPR Mobile App for Android 8.5.0Android 8.0+
September 27, 2023HYPR Mobile App for iOS 8.5.0iOS 12.4+
September 27, 2023HYPR Server 8.5.0ServerUpgrade to 7.10 required before upgrading to 8.0.0 or higher
September 27, 2023HYPR Android SDK 8.5.0Android 8.0+
September 27, 2023HYPR iOS SDK 8.5.0iOS 12.4+

πŸ“˜

Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

New Features

[Control Center] Device Manager UI Changes
HYPR Device Manager brings you a new look to match our branding changes (see below). Paired devices appearing here will also be reflected in the HYPR Mobile App and HYPR Passwordless client flows where applicable.

[Control Center - Integrations - Enterprise Passkey]
HYPR now accommodates both X.509 certificates and FIDO2 binding in the same pairing
HYPR now includes information in its QR codes to process both X.509 certificates and FIDO2/WebAuthn parameters, enabling support for hybrid domain joined machines and devices.

[Control Center; HYPR Passwordless] Improved workstation token security controls
HYPR takes additional precautions around the identifying values passed between Control Center and the HYPR Passwordless clients using an Installation token.

[HYPR Mobile App - Both] HYPRspeed matches IdP white labels to the HYPR tenant URL
To accommodate cases where server white label names may differ from the HYPR tenant value, HYPR now uses an IdP white label mapping to validate the URL before proceeding with pairing or authentication.

Early Release: [HYPR Mobile App - Both; HYPR SDK for Android; HYPR SDK for iOS]
Bluetooth/Bluetooth Low Energy (BLE) and WiFi Support for Enterprise Passkey for Azure on Windows 10
Both Android and iOS devices can now pair and authenticate via a Windows 10 workstation using Bluetooth/BLE radio or using the same WiFi network as the workstation. If enabled, HYPR will offer users the choice between Bluetooth and WiFi connections to complete an Enterprise Passkey pairing or authentication.

Enhancements

  • [Control Center] Device Manager 2.0 General UI Improvements: streamlining, flow, and consistency
  • [Control Center - Events] The policyId parameter has been added to the Events structure
  • [Control Center - FIDO2] HYPR core model has been updated to reflect currently required WebAuthn fields
  • [Control Center - FIDO2] Origin verification now allows for and checks multiple origin URLs
  • [Control Center - Integrations - Azure AD] Streamlined Azure Native Login group membership behavior upon pairing a device using the HYPR Passwordless client
  • [Control Center - Integrations - Enterprise Passkey] General UI and data flow improvements, including a User Management icon indicating if a FIDO2 pairing no longer exists in Azure
  • [Control Center - Integrations - OneLogin] HYPR will accept OneLogin user accounts lacking an email; HYPR will not register these accounts until an email is provided
  • [Control Center - Integrations - RADIUS] RADIUS reports failure due to lack of a valid local configuration in the log
  • [Platform - HYPR PAM] Added proxy support to the HYPR PAM module
  • [Platform - Okta] Okta authentication has been changed to occur client-side to reduce unnecessary warnings
  • [HYPR SDK for Android, HYPR SDK for iOS] credentialId, fido2Username, rpId are now logged in the Event logs under additionalDetails
  • [HYPR SDK for iOS] HYPR-generated QR codes with embedded deeplinks will open a browser using either the HYPR Mobile App or the default camera scanning functionality
  • [HYPR SDK for iOS] SDK consumers can add and customize their own complexity rules to the new PIN UI
  • [HYPR Passwordless - Both] Include machineUserPrincipalName, machineUserEmail and machineUserDisplayName in generated QR codes

Events

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

  • /rp/api/oob/client/... APIs making device list calls now perform session validation checks
  • /rp/api/versioned/fido2/attestation/result: authenticatorDisplayName field added to Fido2RegisteredUser

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

Upcoming Changes

HYPR Adapt (Beta)

Create risk-based authentication adaptation for your HYPR users. Limit login frequency and control how long they are resultingly blocked.

Future versions of HYPR Adapt will adapt to behavioral changes such as:

  • Sudden change of location
  • Shifts in the time of authentication compared to established patterns
  • Country deny lists

Watch this space for updates as HYPR Adapt evolves.

HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names to standardize their labeling. Some are still the old familiar titles you know and love.

We've included the full list of products and features that will be included under the grouping, HYPR Authenticate. HYPR Authenticate includes the suite of components that make up the HYPR system: Control Center (including Integrations and Plugins), HYPR Passwordless, the HYPR Mobile Apps, and the SDKs.

HYPR Authenticate Name Legacy HYPR Server Name
HYPR Cloud HYPR Cloud
HYPR On Prem HYPR On Prem
RADIUS HYPR RADIUS Server

HYPR Authenticate Name Legacy HYPR Mobile App Name
HYPR for iOS HYPR Mobile App for Android
HYPR for Android HYPR Mobile App for iOS
HYPR Enterprise Passkey HYPR FIDO2 Mobile Authenticator

HYPR Authenticate Name Legacy HYPR Workforce Access Client Name
HYPR Passwordless for Windows HYPR Workforce Access Client for Windows
HYPR Passwordless for Mac HYPR Workforce Access Client for Mac

HYPR Authenticate Name Legacy HYPR SDK and API Names
HYPR SDK for iOS HYPR SDK for iOS
HYPR SDK for Android HYPR SDK for Android
HYPR SDK for Golang HYPR SDK for Golang
HYPR SDK for Java HYPR SDK for Java
HYPR SDK for JavaScript HYPR SDK for JavaScript
HYPR SDK for Python HYPR SDK for Python
HYPR Server APIs Server API

HYPR Authenticate Name Legacy HYPR Integration Name
HYPR for Okta Okta
HYPR for Workspace Google Workspace
HYPR for OneLogin OneLogin
HYPR for Azure Azure
HYPR for Ping DaVinci Ping DaVinci

HYPR Authenticate Name Legacy HYPR Feature Name
HYPRspeed Desktop SSO

HYPR Authenticate Name Legacy HYPR Plugin Name
HYPR for AD FS AD FS
HYPR for Ping Federate Ping Federate
HYPR for SiteMinder SiteMinder
HYPR for ForgeRock ForgeRock

Bug Fixes

  • [Control Center] Authentication graph now shows the correct number of authentications
  • [HYPR Mobile App for iOS] When the authentication policy is set to PIN + Native and Mobile PIN Complexty feature is enabled, the Native authentication would fail; it no longer fails when this condition is true
  • [Platform - Okta] Username with a plus sign can register; previously emails including (+) caused a 409 error after registration, preventing account activity
  • [HYPR Passwordless for Windows] Provision for multuple smartkeys to be enabled for login/authentication; previously if another method was tried first, Yubikey enrollment would fail

Known Issues

  • (Control Center) Amazon Web Services (AWS) Web Application Firewall (WAF) rule rejects images containing Extensible Metadata Platform (XMP) tags; see the Workaround in our Support documentation
  • (Control Center - Advanced Mode) Push notification authentication fails due to an invalid Firebase key
  • The following issues are slated to be fixed in 8.5.1:
    • (HYPR Passwordless for Mac) Unable to unlock using HYPR after upgrade from 8.4 to 8.5; on M1 and Intel Macs, after updating from 8.4 to 8.5, users are unable to:
      • Use the HYPR Mobile App to unlock from online
      • Unlock while offline
      • Use the recovery PIN when the workstation is locked
      • The standard login using HYPR works
    • (HYPR Passwordless for Mac) Devices disappear from the listing of paired devices if the server returns an invalid answer
    • (HYPR Passwordless for Mac) macOS Sonoma cannot register new devices; HYPR Passwordless client gets stuck waiting for the certificate
    • (HYPR Passwordless for Mac) On macOS Sonoma, when trying to unpair a device, HYPR Passwordless does not render descriptive text in its dialog box
    • (HYPR Passwordless for Mac) The HYPR Passwordless UI on macOS Sonoma renders incorrectly
  • The following is an Apple issue that affects HYPR directly, but which we cannot fix:
    • (HYPR Passwordless for Mac) MacOS Sonoma doesn't hide the desktop when locking the screen
  • [HYPR Passwordless for Windows] An incompatibility between iOS BLE broadcasting and Windows 11 signal interpretation prevents completion of Entra FIDO2 pairing, thereafter preventing the user from logging in with that paired device

Updated 5 months ago