概要

バージョン 17.0.0では、以下の改善と修正を行いました。

• KAA-78: RSAからECへの移行をサポート

• KAA-80: オートメーターがバックエンドの指示に従ってECのみの制限を適用

• KAA-45: BouncyCastleライブラリをFIPSバージョンにアップグレード

• KAA-97: Jettyをv12にアップグレード

アップデート手順

• コンテナデプロイ: コンテナを更新し、サービスを再起動します。

• その他のデプロイ方法: こちらのページをご参照ください。

高度な機能

オートメーターサービスの新機能や詳細な設定については、こちらのページをご覧ください。

概要

バージョン3.2.1には以下の向上点とバグ修正が含まれています。

• KAA-88: サードパーティのライブラリを更新し、発生した関連エラーを修正

• KAA-93: Automatorによるチーム承認の失敗を防ぐためRSA公開/秘密キー形式を修正

• KAA-89: SSL_CERTIFICATE環境変数が使用されている場合に HTTPSを正しく有効にするように修正

• KAA-85: ヘルスチェックのレート制限を引き上げ

• KAA-94: Automator の再起動中にKeeper Cloudから保存された設定を正しく復元しない不具合かあ-85を修正

アップデート手順

• コンテナのデプロイについては、コンテナをアップデートしてサービスを再起動してください。

• その他のデプロイ方法でのアップデート手順については、こちらのページをご参照ください。

高度な設定

Automatorサービスの新しい高度な設定についてはこちらのページをご参照ください。

Overview

Version 3.2 incorporates Team approvals on top of the 3.1 capabilities. In summary, version 3.2 incorporates the below new features:

• Team Approval and Creation (new for 3.2)

• Team User Approvals

• All settings can be configured as environment variables

• Support for simplified Azure Container App deployment

• Support for simplified AWS ECS Service deployment

• HSTS is enabled for improved HTTPS security

• IP address filtering for device approval and team approval

• Optional rate limiting for all APIs

• Optional filtering by email domain

Team Approval and Team User Approvals

Teams that are provisioned through SCIM can be immediately processed by the Automator service (instead of waiting for the admin to login to the console).

To activate this new feature:

• Update your Automator container to the latest version

• Use the automator edit command in Keeper Commander to instruct the service to perform team and team user approvals:

automator edit --skill=team --skill=team_for_user --skill=device "My Automator"
automator setup "My Automator"
automator init "My Automator"
automator enable "My Automator"

All settings can be configured as environment variables

This makes configuration easier when installing Automator in Azure Containers or other Docker-like containers where access to the settings file is difficult.

In Docker, Azure Containers, or other environments that use the docker-compose.yml file, you can set environment variables in the docker compose file, for example:

services:
  automator:
    container_name: "az-autodock"
    environment:
      - AUTOMATOR_PORT=8090
      - AUTOMATOR_HOST=10.0.0.4
      - DISABLE_SNI_CHECK=true

After editing the docker-compose.yml file, you will need to rebuild the container if the environment variables have changed. Just restarting the container will not incorporate the changes.

Advanced Features

See this page for all of the new and advanced features / settings for the Automator service.

Overview

Version 3.1 incorporated several new features:

• Team User Approvals

• All settings can be configured as environment variables

• Support for simplified Azure Container App deployment

• Support for simplified AWS ECS Service deployment

• HSTS is enabled for improved HTTPS security

• IP address filtering for device approval and team approval

• Optional rate limiting for all APIs

• Optional filtering by email domain

Team User approvals

Version 3.x introduced Team User approvals. This means that users who are provisioned through SCIM and added to teams can be immediately processed by the Automator service (instead of waiting for the admin to login to the console).

To activate this new feature:

• Update your Automator container to the latest version

• Use the automator edit command in Keeper Commander to instruct the service to perform device approvals and also perform Team User approvals:

Example:

automator edit --skill=team_for_user --skill=device "My Automator"
automator setup "My Automator"
automator init "My Automator"
automator enable "My Automator"

All settings can be configured as environment variables

This makes configuration easier when installing Automator in Azure Containers or other Docker-like containers where access to the settings file is difficult.

In Docker, Azure Containers, or other environments that use the docker-compose.yml file, you can set environment variables in the docker compose file, for example:

services:
  automator:
    container_name: "az-autodock"
    environment:
      - AUTOMATOR_PORT=8090
      - AUTOMATOR_HOST=10.0.0.4
      - DISABLE_SNI_CHECK=true

After editing the docker-compose.yml file, you will need to rebuild the container if the environment variables have changed. Just restarting the container will not incorporate the changes.

Advanced Features

See this page for all of the new and advanced features / settings for the Automator service.

Bug Fixes

• KAA-64: Automator fails with invalid_signing_key if there are 2 different signing keys in the Identity Provider metadata

• KAA-63: Disabling SNI check is not working properly.

Changes and Improvements

• KAA-59: The default port listener has been changed to 443 (instead of 8089) for compatibility with Azure Container Service deployment method.

• KAA-31: Updated Java version to Amazon Corretto 17.0.3.6.1

• KAA-54: Added support for EC keys in the .pfx file

• KAA-55: Switched from IVParameterSpec to GCMParameterSpec

Bug Fixes

• KAA-45: Switching SSL modes is not restarting the service

Overview

Automator Version 2.1 is a major upgrade of the Keeper Automator service.

• Automatic configuration reload on service restart

• Docker and Docker Compose install methods

• New Windows Service installer

• MSP multi-tenant configuration for Managed Companies

Upgrade from 1.x to 2.1

A direct path to upgrade is not available. Installing a fresh new version of the Automator is the recommended path forward.

Upgrade Instructions:

(1) From Commander, disable the current automator:

My Vault> automator list

... get the ID ...

My Vault> automator disable XXX

(2) Retrieve the ssl-certificate.pfx and ssl-certificate-password.txt files from your current installation of Automator. If no password is set for the certificate, you only need the ssl-certificate.pfx file.

(3) Install a new version of Automator using one of the new installation methods:

https://docs.keeper.io/sso-connect-cloud/device-approvals/automator (4) Run the setup/init/enable commands from Commander:

My Vault> automator setup XXX
My Vault> automator init XXX
My Vault> automator enable XXX

New Features

• KAA-28: Support approvals for multiple MCs within the same tenant For more information see Multi-Tenant Mode documentation.

• KAA-41: Support for conditional approvals based on a new SAML response flag DeviceApprovalRequired which can be set to true or false. A value of "true" means that the device needs to be manually approved by the user. A value of "false" means that the device should be automatically approved by the automator service.

Version 1.0.6 supports Windows Services. To convert an existing Windows cmd-line install to the full Services mode, follow the steps below:

• Stop the existing service

• Unzip and Install the new Automator: https://keepersecurity.com/automator/keeper-automator-windows.zip

• Copy the contents of the old Automator properties/ folder from the old location to C:\ProgramData\Keeper Automator\settings\

• Open Windows Services

• Start the Keeper Automator service

• From Commander, run "automator setup", "automator init" and "automator enable" as normally would be done.

Automator Version 1.0.5 contains a security update that is recommended for all customers.

Please contact Keeper Enterprise support if you require assistance with the upgrade.

For update instructions, see the below link: https://docs.keeper.io/sso-connect-cloud/device-approvals/automator/updating-the-automator

Automator Version 1.0.4 contains a security update that is recommended for all customers.

Please contact Keeper Enterprise support if you require assistance with the upgrade.

For update instructions, see the below link: https://docs.keeper.io/sso-connect-cloud/device-approvals/automator/updating-the-automator

Initial customer release of Keeper Automator