Backend API Version 16.9.9

Released on May 30, 2023

Bug Fixes

  • KA-5338: Delegated admin can affect SSO configuration in other nodes through configurations.

  • KA-5360: When share admin transfers ownership of a record, incremental sync missing transferred record UID, causing record to appear/disappear on both side vaults until full sync happened (on a background or next login).

  • KA-5424, KA-5421: Improved sync performance by removing queries for non-enterprise users.

  • KA-5419: After an Admin deletes a user from the admin console and then re-creates that user with the same user email the user is unable to successfully create the account a second time. The user will see network connection errors in the Vault and we see server errors on the backend.

  • KA-5453: Allow longer custom email invite templates, up to 5,000 chars.

  • KA-5468: Add role enforcement to disallow importing of shared folders from LastPass. The role policy name is RESTRICT_IMPORT_SHARED_FOLDERS. This change goes with Vault ticket VAUL-5977.

  • KA-5470: When a user is deleted, their pending device approval queued entries are not deleted. This is causing a problem when the user is created again with the same username.

  • KA-5463: Commander API errors with shared_folder_update

  • KA-5478: Error message when a Share Admin removes a user from a shared folder.


KA-5473: Bulk change endpoint for folder permissions, to accept an array of shared_folder object. This will provide Commander with bulk permission changes under ticket KC-590.

KA-5427, KA-5447: Logout timer improvements

  • The minimum logout timer for the device type (Web apps, desktop apps, mobile apps) are utilized for any device that you login to.

  • If the admin lowers the max allowed logout timer for a device type, the next login will enforce the lower amount across all devices of the specified type.

  • If the admin lowers the max allowed logout timer for a device type, this will modify the current session for all affected users.

  • If the admin raises the max allowed logout timer, users will not be raised higher. But the user will need to logout and login to increase their logout timer.

  • The role enforcement max allowed will be used as the "Default" logout timer for users.

  • The idle logout is by device type for a user, not specific to a device for the current user.

  • Logout timers shall be allowed beyond 24 hours. Any value up to 30 days will be supported.

Last updated