Backend API Version 16.8.7
Released on Jan 20, 2023
New Features
KA-5090: Added role enforcement policy
MAXIMUM_RECORD_SIZE
to restrict overall Keeper record size. To enforce this policy, please use the Keeper Commander CLI or open a support ticket. When enforced, if the user attempts to create a record with a size greater than the allowed amount, the user will receive the following error message:
KA-4853: Email alias API for Admins. In a future update, the Enterprise Console will allow the Keeper Admin to create an email alias for a user within the organization. This can also be accomplished with Keeper Commander using the
enterprise-user --add-alias
featureKA-5091: Added policy to prevent sharing to a user outside of an isolated node. The enforcement policy code is
RESTRICT_SHARING_OUTSIDE_OF_ISOLATED_NODES
and this can be set from Keeper Commander'senterprise-role
command.KA-4945: Created a new API to View and Restore deleted shared records for all participants.
Records deleted from Shared Folders are difficult for participants to locate, if there are many people who manage a shared folder. They are forced to look in everyone's "Deleted" trash bin, which is not practical. We have implemented new backend features to view and restore deleted shared records.
New ARAM events associated with this feature are below.
New Event | Description |
---|---|
shared_folder_restored | User ${username} restored shared folder UID ${shared_folder_uid} |
shared_folder_record_restored | User ${username} restored record UID ${record_uid} in shared folder UID ${shared_folder_uid} |
shared_folder_folder_restored | User ${username} restored shared folder folder UID ${folder_uid} |
shared_folder_folder_record_restored | User ${username} restored record UID ${record_uid} in shared folder folder UID ${folder_uid} |
The front-end support for viewing deleted shared records are planned in an upcoming Web Vault and Desktop App release.
Bug Fixes
KA-4755: IdP-initiated account creation fails when the Vault Transfer policy expiration time has expired.
KA-4888: Missing ARAM event when changing the name of a Managed Company
KA-4786: Records moved out of a shared folder are still showing the "Share" icon in the UI
KA-4428: Enforcement to restrict sharing when a file is attached did not take into account editing the record after initial creation.
KA-4809: Removed ARAM event that was not implemented
KA-5027: User and team searches in sharing auto-suggest UI had bad matches for some search strings
KA-5038: Compliance report is not displaying correctly for Share Admin who gained access to a record from a team.
KA-5117: Duplicate email being sent on account creation
KA-5114: Invited users showing in user criteria filter in Compliance Reports
KA-5112: Transfer Account feature can sometimes cause a transferred record to set the wrong permissions on the record, and sometimes create duplicate records.
KA-5093: If you log in with the an admin assigned to the Keeper Admin role and attempt to move yourself to any other node you are presented with an error that states “you may not move yourself into an SSO-enabled node. Please contact keeper for assistance.
KA-5023: If an SSO Cloud user is deleted from Enterprise console, logging into Android via IDP no longer properly onboards the user (an error dialog appears, user is unable to progress).
KA-4543: Error on Android devices when onboarding through SSO Cloud
KA-5193: Team member is able to incorrectly delete a Shared Folder without proper levels of permission.
KA-5187: Github ticket on Keeper Secrets Manager: record can be created with read-only app permissions.
Improvements
KA-4937: Added throttling on SAML requests via SSO Cloud to prevent spamming. By default, the throttling logic is > 10 requests within 10 seconds. If 10 seconds passes since last request, the count resets. When throttled, response will be a 403 with a message indicating throttling.
KA-4919: Added additional throttling on Keeper Secrets Manager APIs including add_file, create_secret, delete_secret, update_secret, get_secret.
KA-5175: New and improved "welcome" emails when signing up with a trial or purchase
KA-5145: At the request of customers, we have removed MSP Share Admins from the Managed Company's sharing autosuggest list.
Last updated