Backend API 17.6.7

New Features

• FIPS‑only crypto stack and endpoints for IL5 environment

• Upgraded backend signing to modern FIPS‑aligned algorithms

• End‑to‑end IL5 region awareness in core data services

• QRC / ML‑KEM support for SAML SSO

• FIPS‑compatible audit and reporting stack

• IL5‑ready support tooling in staging and GovCloud

• Hardened enterprise region transfer and BreachWatch continuity

• New ARAM events for accurate PAM consumption tracking

Improvements

KA-7104: Ensured support tool endpoints respond with the correct status and message format in staging, restoring expected behavior for support workflows.

KA-7423: Added BI consumption tracking for PAM by logging ARAM events when active PAM seat counts change for MSP and MC enterprises. Invited users are excluded from billed PAM seat counts while still enforcing license limits based on the full assigned user count.

KA-7880: Verified that KeeperApp uses only FIPS-compliant cryptographic libraries and removed dependencies on non-FIPS Bouncy Castle components.

KA-7881: Ensured all encryption models and cryptographic operations in KeeperApp use only FIPS-approved cryptographic calls to maintain full FIPS compliance.

KA-7882: Ensured KeeperApp uses FIPS-compliant endpoints for all external API calls, including Keeper services and supported third-party integrations.

KA-7938: Updated backend signing to use SHA-256 for Okta-related API calls in alignment with FIPS-compliant security practices.

KA-7996: Added support for the latest QRC-based encryption to SAML flows so clients using ML-KEM keys can successfully initiate and complete SSO logins and logouts.

KA-8005: Updated the internal test tool to use the correct keys for BI, support, and router so that calls are validated against the appropriate transmission keys.

Bug Fixes

KA-7959: Resolved setup failures and enhanced validation for Azure Monitor SIEM integration so administrators can complete configuration without manual intervention.

KA-7974: Added clearer error reporting when required encryption keys are absent, making it easier to diagnose and correct misconfiguration issues.

KA-7993: Clarified that only admins with license management privileges can initiate Free Trials for add-ons, aligning trial access with existing role-based permissions.

KA-8022: Restored compatibility between DUO two-factor authentication and new FIPS compliance requirements so enterprises can successfully configure and use DUO 2FA without errors.

KA-8035: Clarified expected behavior of device verification emails so that messages are only sent when a new device requires approval and not for already approved devices.

KA-8049: Ensured MSP admins can successfully create teams in managed companies that require elliptic‑curve keys, preventing key type conflicts during team creation.

KA-8063: Fixed an issue that caused errors when editing records after an Enterprise Registration Transfer when BreachWatch is disabled on the destination account

KA-8103: Fixed gaps in PAM ARAM event generation so events are correctly created when PAM add-ons are paused and unpaused in MSP/MC. Added validation to ensure BI consumption ARAM events are only generated when the associated PAM add-on exists.