Backend API Version 16.8.7

New Features

• KA-5090: Added role enforcement policy MAXIMUM_RECORD_SIZE to restrict overall Keeper record size. To enforce this policy, please use the Keeper Commander CLI or open a support ticket. When enforced, if the user attempts to create a record with a size greater than the allowed amount, the user will receive the following error message:

• KA-4853: Email alias API for Admins. In a future update, the Enterprise Console will allow the Keeper Admin to create an email alias for a user within the organization. This can also be accomplished with Keeper Commander using the enterprise-user --add-alias feature

• KA-5091: Added policy to prevent sharing to a user outside of an isolated node. The enforcement policy code is RESTRICT_SHARING_OUTSIDE_OF_ISOLATED_NODES and this can be set from Keeper Commander's enterprise-role command.

• KA-4945: Created a new API to View and Restore deleted shared records for all participants.

Records deleted from Shared Folders are difficult for participants to locate, if there are many people who manage a shared folder. They are forced to look in everyone's "Deleted" trash bin, which is not practical. We have implemented new backend features to view and restore deleted shared records.

New ARAM events associated with this feature are below.

The front-end support for viewing deleted shared records are planned in an upcoming Web Vault and Desktop App release.

Bug Fixes

• KA-4755: IdP-initiated account creation fails when the Vault Transfer policy expiration time has expired.

• KA-4888: Missing ARAM event when changing the name of a Managed Company

• KA-4786: Records moved out of a shared folder are still showing the "Share" icon in the UI

• KA-4428: Enforcement to restrict sharing when a file is attached did not take into account editing the record after initial creation.

• KA-4809: Removed ARAM event that was not implemented

• KA-5027: User and team searches in sharing auto-suggest UI had bad matches for some search strings

• KA-5038: Compliance report is not displaying correctly for Share Admin who gained access to a record from a team.

• KA-5117: Duplicate email being sent on account creation

• KA-5114: Invited users showing in user criteria filter in Compliance Reports

• KA-5112: Transfer Account feature can sometimes cause a transferred record to set the wrong permissions on the record, and sometimes create duplicate records.

• KA-5093: If you log in with the an admin assigned to the Keeper Admin role and attempt to move yourself to any other node you are presented with an error that states “you may not move yourself into an SSO-enabled node. Please contact keeper for assistance.

• KA-5023: If an SSO Cloud user is deleted from Enterprise console, logging into Android via IDP no longer properly onboards the user (an error dialog appears, user is unable to progress).

• KA-4543: Error on Android devices when onboarding through SSO Cloud

• KA-5193: Team member is able to incorrectly delete a Shared Folder without proper levels of permission.

• KA-5187: Github ticket on Keeper Secrets Manager: record can be created with read-only app permissions.

Improvements

• KA-4937: Added throttling on SAML requests via SSO Cloud to prevent spamming. By default, the throttling logic is > 10 requests within 10 seconds. If 10 seconds passes since last request, the count resets. When throttled, response will be a 403 with a message indicating throttling.

• KA-4919: Added additional throttling on Keeper Secrets Manager APIs including add_file, create_secret, delete_secret, update_secret, get_secret.

• KA-5175: New and improved "welcome" emails when signing up with a trial or purchase

• KA-5145: At the request of customers, we have removed MSP Share Admins from the Managed Company's sharing autosuggest list.