Backend API 17.6.0

Released on September 30, 2025

Improvements

  • KA-6430: Increased number of security keys allowed in one account from 5 to 10.

  • KA-7214: Implemented SCIM bulk operations.

See RFC 7644, Section 3.7.

https://keepersecurity.com/api/rest/scim/v2/xxx/Bulk

The SCIM bulk operation is an optional server feature that enables clients to send a potentially large collection of resource operations in a single POST request.

The body of a bulk operation contains a set of HTTP resource operations using one of the HTTP methods supported by the API, i.e., POST, PUT, PATCH, or DELETE.

Current limits can be discovered in response of /ServiceProviderConfig request:

... "bulk": { "supported": true, "maxOperations": 1000, "maxPayloadSize": 1048576 }, ...

Those 3 parameters are populated from next properties: SCIM_BULK_SUPPORTED, SCIM_BULK_MAX_OPERATIONS and SCIM_BULK_MAX_PAYLOAD_SIZE.

We do not support circular bulk references. HTTP status code 409 (Conflict) will be returned in this case.

  • KA-7002: Raised SCIM GET Users endpoint limit to 10k Users.

  • KA-7454: Modified login API process to improve cross-region account switching.

  • KA-7466: Improved login session updates for when the database is in a lock wait state.

  • KA-7568: Moved Category of ARAM events for KeeperAI.

  • KA-7380: Added ARAM events for KeeperAI session lock/unlock actions.

  • KA-7384: Removed User ID from passkey list retrieval API.

  • KA-7537: Added PEDM entry for RMD Security Benchmark.

Bugs

  • KA-5976: Issue fixed with granular role enforcements (GRE): External Sharing Prevented with a wrong user message.

  • KA-6009: Issue fixed with GRE: Inbound Sharing Prevented with a wrong user message.

  • KA-6046: Issue fixed with GRE: Receive Shared Items displaying a wrong modal.

  • KA-6050: Issue fixed with GRE: Sharing w attachment displaying a wrong modal.

  • KA-6053: Issue fixed where GRE: Outbound sharing is restricted - "can only receive" was displaying wrong modal generating for permissions.

  • KA-6308: Fixed issue where clearing security data did not reset reused password count.

  • KA-6345: Fixed an issue with the "Forbid Account Transfer" flag interfering with a Key getting set on user creation.

  • KA-6418: Fixed issue with removed shared folders in the sync down API.

  • KA-6437: Fixed issue where no more that one event per second is returned by ARAM audit event reports when certain MSP related events are generated.

  • KA-6908: Fixed issue with reading user revisions in some scenarios.

  • KA-6988: Fixed an issue where an MSP Admin launched into an MC can't process SCIM when adding a user to the team.

  • KA-7078: Fixed issue where role add users provided incorrect status code for each user.

  • KA-7202: Fixed issue when trying to update non-existent Security Data Entry.

  • KA-7351: Fixed issue where a PAM admin is able to add more users then allowed to a PAM role by admin adding multiple users at the same time.

  • KA-7354: Fixed issue in PAM where an invited user added to default PAM role allows an admin to go over PAM license limit.

  • KA-7356: Fixed an issue with the Endpoint Manager Free Trial Seats.

  • KA-7372: Fixed a Managed Company issue where an Admin can purchase PAM with less seats than they are consuming.

  • KA-7383: Fixed issue with switch account list and a login enforcement.

  • KA-7390: Fixed an issue where some Managed Service Providers in testing are hitting an error "Does not have managed roles privilege" when adding users to roles in Managed Company.

  • KA-7408: Corrected an Audit Event Type typo.

  • KA-7413: Fixed an issue with SCIM getting a timeout error when sending SCIM requests.

  • KA-7444: Removed Discovery ARAM events temporarily, will be fixed in an upcoming release.

  • KA-7446: Fixed an issue where a SCIM event is created twice when sending a PATCH request.

  • KA-7453: Fixed Enterprise issue where making a License Snapshot create a production error.

  • KA-7459: Fixed API update device errors when no client version was provided.

  • KA-7463: Fixed an issue with sync_down failing with "SQL Exception root folder was not found".

  • KA-7464: Removed Lock Wait where it was causing errors.

  • KA-7475: Updated KeeperAI event categories.

  • KA-7483: Marking deleted rotation records as disabled in Router rotation info.

  • KA-7491: Fixed issue where API isn't throwing errors and also was not adding Users to Role when adding users.

  • KA-7496: Fixed SCIM issue where Roles were ignored in both POST and PUT.

  • KA-7515: Fixed issue where Linked Devices with Stay Logged in can forbid Logout

  • KA-7550: Issue fixed where a Locked User with TOTP enabled is still able to elevate an application with Privileged Elevation and MFA control.

  • KA-7579: Fixed GRE: No error message for enforcement 'Can share records with file attachments' when moving record to the shared folder with right click.

PreviousBackend API 17.6.1NextBackend API 17.5.10

Last updated

Was this helpful?