# Admin Console 17.8.3

## Overview

Admin Console version 17.8.3 introduces Quantum-Resistant Cryptography support, expanded Role Enforcement Policies, bulk role and team management, Security Audit improvements, new ARAM events for PAM Workflow and Discovery, and several bug fixes for Enterprise customers.

## New Features

* **EM-7833:** Added support for Quantum-Resistant Cryptography (QRC) using the Kyber Hybrid KEM algorithm to strengthen encryption for enterprise environments.
* **EM-8319:** Added bulk endpoint support for adding and removing users from teams, enabling administrators to manage team membership at scale.
* **EM-7117:** Added the ability to filter by node when managing Teams, making it easier to navigate large enterprise structures.
* **EM-8495:** Added new ARAM audit events for PAM Workflow activity, including workflow session start (checkout) and end (check-in and expiration), as well as approval request approved, denied (with reason), and escalated events, enabling administrators to conduct thorough audits of all PAM approval activity.
* **EM-8435:** Removed the product scrolling display from the initial onboarding/login flow to simplify the first-run experience.
* **EM-8289:** Added additional Keeper 101 training videos to the Getting Started section to help new administrators onboard more effectively.
* **EM-7984:** Improved the Security Audit page with sortable columns and percentage-based scoring for clearer visibility into enterprise security posture.
* **EM-5942:** Improved the Manage Roles and Teams modal accessed through the Manage User interface for a more consistent and streamlined experience.
* **EM-8478:** Improved KEPM agent sorting in the Deployments view so that enabled agents are listed first and disabled agents appear at the bottom, with alphabetical ordering applied within each group.
* **EM-8529:** Made PAM Discovery ARAM events visible in the Reporting & Alerts section, including Discovery Job Started and Discovery Job Completed event types.
* **EM-8105:** Improved KEPM agent registration reliability by treating agents that register without basic inventory data (such as computer name or OS type) as failed registrations.
* **EM-8299:** Added real-time Device Management push handling so that when a mobile device sends a logout, lock, or removal action, the Admin Console responds immediately — logging the user out or enforcing device lock — rather than waiting until the next login.
* **EM-8317:** Added bulk endpoint support for adding users from roles, complementing the existing bulk team management capability.
* **EM-7927:** Added node information to the Teams module as an improvement, providing additional context when managing teams across enterprise nodes.
* **EM-8519:** Improved the display of escalated and expired approval request statuses in ARAM to correctly reflect the changed approval request status event.
* **EM-7862:** Removed the legacy RSA SecurID integration option from the 2FA section for enterprises that do not have it enabled, reducing unnecessary configuration noise.
* **EM-6791:** Added an option for enterprises using SSO to opt out of including two-factor authentication (2FA) in Security Audit scoring, providing more accurate scoring for SSO-enforced environments.

<figure><img src="/files/Ue76rG1M0YDgJj7a1giP" alt=""><figcaption><p>Opt-Out of SSO for Security Audit Scoring</p></figcaption></figure>

* **EM-8376:** Added "Users Without Transfer Policy Acceptance" and "Users Without Roles" metrics to the Risk Management Dashboard for improved enterprise risk visibility.

<figure><img src="/files/zMaep7Hgs6dyvctotCdX" alt=""><figcaption><p>Risk Management Additions</p></figcaption></figure>

## Enforcement Policies

* **EM-5430:** Added a new Role Enforcement Policy for Wi-Fi Login, allowing enterprises to enforce Wi-Fi credential access policies.
* **EM-8169:** Separated the Web Vault/Browser Extension and Admin Console logout Role Enforcement Policies into distinct controls, giving administrators more granular control over inactivity timeout settings per client type.
* **EM-7867:** Added a new Role Enforcement Policy to restrict account switching, preventing users from instantly switching between linked business and personal accounts and requiring them to log out and sign back in instead.
* **EM-8284:** Added a Snapshot Tool for Role Enforcement Policies, allowing administrators to capture and review configurations.
* **EM-7963:** Added save confirmation prompts for Role Enforcement Policy changes to prevent accidental data loss.
* **EM-7964:** Added an "unsaved changes" warning when navigating away from pages with pending edits.
* **EM-7965:** Added a "saved changes" confirmation indicator to provide clear feedback when changes have been successfully committed.
* **EM-8444:** Updated field icons within Role Enforcement Policies for improved visual clarity and consistency.
* **EM-8546:** Removed the legacy Record Type field from Role Enforcement Policies to streamline the policy configuration experience.
* **EM-8233:** Added a new Role Enforcement Policy for PAM Workflow, allowing administrators to control whether users can manage workflow settings for shared folders and PAM records within the Privileged Access Manager section.

<figure><img src="/files/oauXRC62dYsJVth8V6L8" alt=""><figcaption><p>PAM Workflow Role Enforcement Policy</p></figcaption></figure>

## Bug Fixes

* **EM-8659:** Fixed an issue where opening the 14-day free trial URL in a browser with another account signed in would incorrectly pre-fill that account's email on the trial registration form.
* **EM-8657, EM-8584, EM-8585:** Fixed multiple layout issues where node drop-downs and long node names were truncated or overflowed their designated areas in Teams and Roles views.
* **EM-8101:** Fixed ARAM audit log events for approval request status changes incorrectly displaying raw UIDs instead of human-readable names.
* **EM-8647:** Fixed text overlap occurring on the Roles > Enforcement Policies > Vault Features page when the browser window was reduced to a smaller screen width.
* **EM-8646:** Fixed teams and roles with long names not fitting within their designated display areas in the User Details and Add User to Team/Role modals.
* **EM-8617, EM-8602:** Fixed issues where KEPM approval configuration inputs could unexpectedly reset or refresh while a user was actively editing them.
* **EM-8616:** Fixed layout rendering issues for smaller screen widths that were not resizing correctly throughout the Admin Console.
* **EM-8615:** Fixed unwanted extra lines appearing in enforcement policy list styling.
* **EM-8614:** Fixed an error that occurred when updating approval configuration collections in KEPM.
* **EM-8611:** Fixed an incorrect error message shown in the user modal when no roles were found for invited users during role assignment.
* **EM-8593:** Fixed the Edit button being visually shifted out of alignment on the Single Sign-On with SSO Connect® Cloud configuration page.
* **EM-8589:** Fixed the default Logout Timer for iOS and Android apps in Account Settings incorrectly showing 30 minutes instead of the configured enterprise default.
* **EM-8571:** Fixed enterprise upgrade buttons in several areas sending users to an incorrect checkout URL.
* **EM-8536:** Fixed KEPM collection counts displaying inconsistent or fluctuating values.
* **EM-8473:** Improved visual alignment of elements on the KEPM dashboard.
* **EM-8460:** Fixed visual misalignment of icons within dropdown selectors that display icons alongside options.
* **EM-8457:** Fixed a failure in set\_enterprise\_key\_pair when an MSP was launched into an EC-only managed company.
* **EM-8395:** Fixed an issue where the Vault Transfer Policy appeared as enabled on the login page when it should not have been.
* **EM-8358:** Fixed the default Logout Timer Role Enforcement not being applied correctly in the Admin Console.
* **EM-8356:** Fixed an error preventing administrators from setting a transfer account on an admin role in ECC mode within a managed company.
* **EM-8161:** Fixed a white screen appearing when loading KEPM data.
* **EM-8142:** Updated the KSM and KCM subscription UI to be visually consistent with the PAM requirements section.
* **EM-8368:** Fixed ARAM audit events not displaying the approval\_request\_removed event correctly.
* **EM-7917:** Fixed the PAM Session Recording Downloaded ARAM event displaying its message incorrectly.
* **EM-8096:** Fixed push notifications not working for elevation requests in KEPM.
* **EM-7774:** Updated the logic for handling missing ECC team keys to improve reliability in affected enterprise environments.
* **EM-8453:** Fixed an issue where teams added as KEPM approvers were incorrectly counting members who do not have KEPM admin permissions toward the approver count.
* **EM-8301:** Fixed an issue where attempting to transfer a user with corrupted keys would prevent the transfer from completing.
* **EM-8151:** Fixed UI colors in the Provisioning section.
* **EM-8097:** Fixed an issue where read-only collections were not being included when exporting KEPM collections.
* **EM-7900:** Fixed a GovCloud console white screen caused by a "key" error.
* **EM-8618:** Fixed incorrect language for PAM user counts in the Subscriptions section.
* **EM-8563:** Fixed an issue where invalid KEPM policies imported from Commander would cause the KEPM policy tab to crash.
* **EM-8190:** Improved the performance and optimization of the Omnisearch feature in the Admin Console.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/release-notes/enterprise/admin-console/admin-console-17.8.3.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.