概要

バージョン3.2.1には以下の向上点とバグ修正が含まれています。

• KAA-88: サードパーティのライブラリを更新し、発生した関連エラーを修正

• KAA-93: Automatorによるチーム承認の失敗を防ぐためRSA公開/秘密キー形式を修正

• KAA-89: SSL_CERTIFICATE環境変数が使用されている場合に HTTPSを正しく有効にするように修正

• KAA-85: ヘルスチェックのレート制限を引き上げ

• KAA-94: Automator の再起動中にKeeper Cloudから保存された設定を正しく復元しない不具合かあ-85を修正

アップデート手順

• コンテナのデプロイについては、コンテナをアップデートしてサービスを再起動してください。

高度な設定

Overview

Version 3.2 incorporates Team approvals on top of the 3.1 capabilities. In summary, version 3.2 incorporates the below new features:

• Team Approval and Creation (new for 3.2)

• Team User Approvals

• All settings can be configured as environment variables

• Support for simplified Azure Container App deployment

• Support for simplified AWS ECS Service deployment

• HSTS is enabled for improved HTTPS security

• IP address filtering for device approval and team approval

• Optional rate limiting for all APIs

• Optional filtering by email domain

Team Approval and Team User Approvals

Teams that are provisioned through SCIM can be immediately processed by the Automator service (instead of waiting for the admin to login to the console).

To activate this new feature:

• Update your Automator container to the latest version

• Use the automator edit command in Keeper Commander to instruct the service to perform team and team user approvals:

automator edit --skill=team --skill=team_for_user --skill=device "My Automator"
automator setup "My Automator"
automator init "My Automator"
automator enable "My Automator"

All settings can be configured as environment variables

This makes configuration easier when installing Automator in Azure Containers or other Docker-like containers where access to the settings file is difficult.

In Docker, Azure Containers, or other environments that use the docker-compose.yml file, you can set environment variables in the docker compose file, for example:

services:
  automator:
    container_name: "az-autodock"
    environment:
      - AUTOMATOR_PORT=8090
      - AUTOMATOR_HOST=10.0.0.4
      - DISABLE_SNI_CHECK=true

After editing the docker-compose.yml file, you will need to rebuild the container if the environment variables have changed. Just restarting the container will not incorporate the changes.

Advanced Features

See this page for all of the new and advanced features / settings for the Automator service.

Overview

Version 3.1 incorporated several new features:

• Team User Approvals

• All settings can be configured as environment variables

• Support for simplified Azure Container App deployment

• Support for simplified AWS ECS Service deployment

• HSTS is enabled for improved HTTPS security

• IP address filtering for device approval and team approval

• Optional rate limiting for all APIs

• Optional filtering by email domain

Team User approvals

Version 3.x introduced Team User approvals. This means that users who are provisioned through SCIM and added to teams can be immediately processed by the Automator service (instead of waiting for the admin to login to the console).

To activate this new feature:

• Update your Automator container to the latest version

• Use the automator edit command in Keeper Commander to instruct the service to perform device approvals and also perform Team User approvals:

Example:

automator edit --skill=team_for_user --skill=device "My Automator"
automator setup "My Automator"
automator init "My Automator"
automator enable "My Automator"

All settings can be configured as environment variables

This makes configuration easier when installing Automator in Azure Containers or other Docker-like containers where access to the settings file is difficult.

In Docker, Azure Containers, or other environments that use the docker-compose.yml file, you can set environment variables in the docker compose file, for example:

services:
  automator:
    container_name: "az-autodock"
    environment:
      - AUTOMATOR_PORT=8090
      - AUTOMATOR_HOST=10.0.0.4
      - DISABLE_SNI_CHECK=true

After editing the docker-compose.yml file, you will need to rebuild the container if the environment variables have changed. Just restarting the container will not incorporate the changes.

Advanced Features

See this page for all of the new and advanced features / settings for the Automator service.

Bug Fixes

• KAA-64: Automator fails with invalid_signing_key if there are 2 different signing keys in the Identity Provider metadata

• KAA-63: Disabling SNI check is not working properly.

Overview

Automator Version 2.1 is a major upgrade of the Keeper Automator service.

• Automatic configuration reload on service restart

• Docker and Docker Compose install methods

• New Windows Service installer

• MSP multi-tenant configuration for Managed Companies

Upgrade from 1.x to 2.1

A direct path to upgrade is not available. Installing a fresh new version of the Automator is the recommended path forward.

Upgrade Instructions:

(1) From Commander, disable the current automator:

My Vault> automator list

... get the ID ...

My Vault> automator disable XXX

(2) Retrieve the ssl-certificate.pfx and ssl-certificate-password.txt files from your current installation of Automator. If no password is set for the certificate, you only need the ssl-certificate.pfx file.

(3) Install a new version of Automator using one of the new installation methods:

https://docs.keeper.io/sso-connect-cloud/device-approvals/automator (4) Run the setup/init/enable commands from Commander:

My Vault> automator setup XXX
My Vault> automator init XXX
My Vault> automator enable XXX

New Features

• KAA-28: Support approvals for multiple MCs within the same tenant For more information see Multi-Tenant Mode documentation.

• KAA-41: Support for conditional approvals based on a new SAML response flag DeviceApprovalRequired which can be set to true or false. A value of "true" means that the device needs to be manually approved by the user. A value of "false" means that the device should be automatically approved by the automator service.