Backend API 17.7.1

New Features

• Introduced a new effective license calculation system for KEPM and PAM add-ons, ensuring accurate bundled seat tracking across all environments.

• Introduced new security features to block "impossible travel" login scenarios when using "stay logged in" session resumption.

• Updated Admin Console logout enforcement to manage Web Vault, Browser Extension, and Admin Console sessions separately, giving enterprises more granular security control.

• Enhanced MSP, MC, and B2B add-on endpoints to ensure that enabling PAM automatically and consistently provisions KEPM licensing within a unified bundle framework.

• Improved audit logging, enforcement messaging, and device/session security to provide clearer admin visibility and stronger protection against unauthorized access.

Improvements

KA-7086: Device login using session resumption (eg. "stay logged in") is now blocked by KeeperAI threat detection if the geographic distance between previous login session and the current location exceeds the policy settings. This advanced security measure, typically referred to as "Impossible Travel" helps prevent unauthorized session takeovers of a compromised device. A corresponding event unusual_location_activity_logout has been added to the Advanced Reporting & Alerts module ("ARAM") for Enterprise customers. The next Admin Console release will include the UI elements to control the policy settings.

KA-7860: Currently, the Web Vault and Admin Console logout enforcement policy are tied together. With this release, the Admin Console will have the ability to specify a separate logout timer that only affects Admin Console logins. This update now separates logout timer enforcement across Web Vault, Browser Extension, Admin Console, Commander CLI and KeeperChat. The UI updates will take effect on the next Admin Console release.

KA-8002: Updated the PAM add-on endpoint for B2B customers to include KEPM features. Seat counts and add-on management are now unified for both products.

KA-8003: The PAM add-on endpoint now includes KEPM functionality for MSP/MC accounts. Enabling PAM automatically enables KEPM, streamlining add-on management.

KA-8024: PAM seat count validation now uses the new effective seats database table. This change supports more accurate seat management for all licensing models.

Bug Fixes

KA-7257: Fixed a privacy issue where changing email could reveal enterprise names if the domain was reserved. User privacy is now better protected during email changes.

KA-7630: Updated Admin Console messaging for PAM licenses to remove hardcoded MSP/MC references. Messaging now accurately reflects the user's licensing context.

KA-8104: Fixed missing BI consumption ARAM events for MSP PAM add-on toggles. Also addressed duplicate events under concurrent requests for accurate reporting.

KA-8106: Resolved duplicate ARAM add/remove events when managing users in multiple PAM roles. Event logging is now streamlined for admin actions.

KA-8157: Improved error messaging when adding add-ons in MSP environments. Users now receive clearer feedback if an add-on cannot be added.

KA-8184: Fixed an issue where devices requesting approval were missing from the device list in account summary API requests. Device approval workflows now display all relevant devices.

KA-8186: Updated enterprise region transfer logic to support recent licensing changes. This ensures accurate region transfer handling for affected accounts.

KA-8193: Addressed a problem where unapproved devices were not listed in account summary API requests. All relevant devices now appear as expected in the summary response.

KA-8226: Resolved an issue where ARAM events for active seat count changes were incorrectly generated for MSP accounts. Event generation now aligns with intended licensing actions.

KA-8241: Fixed an issue where audit logs for adding PAM to MSP included incorrect unlimited values. Audit events now accurately reflect changes for KCM removal.

KA-8330: Notification center and build references updated for improved reliability. This ensures smoother integration and future compatibility.