Monthly Recap

March 2024 #

• Context-Based Policy: Released context-based policy features in the Admin UI. Available to Enterprise organizations, context-based policy allows admins to require MFA or text justifications or to require approval workflows to be followed in order to allow users to access resources. Policies can consider conditions such as the geographic location of the user and the Device Trust score of the user’s machine when making access decisions.
• Approval Workflows: Released approval workflows, the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied. This release separates the approval criteria from access workflows, which enables the same approval steps to be reused by multiple workflows and/or policies. As such, organizations with workflows enabled now have two access pages in the Admin UI: Access Workflows, for defining what can be requested and by whom; and Approval Workflows, for defining approval criteria, such as auto-approval, manual approval, and so forth. Approval workflows may be created and managed in the Admin UI, CLI, and SDKs.
• Third-Party CA: Released third-party certificate authority (CA) integrations that allow Enterprise organizations to bring their own CA provider for SSH and RDP certificate generation. Third-party CA integration allows any supported CA, instead of the default Strong CA provided by StrongDM, to be used for authentication of certificate-based RDP and SSH resources. At this time, StrongDM supports the following third-party CA integrations:
  • Active Directory Certificate Services CA
  • AWS Private CA
  • Google Certificate Authority Service (CAS)
  • HashiCorp Vault CA for RDP
  • HashiCorp Vault CA for SSH
• Installers: Updated the PKG (macOS) and EXE (Windows) installers to install Virtual Networking Mode (VNM) if run with admin privilege.
• API Key and User Permission Level Enhancements: Updated the SDKs and Terraform provider to allow a user’s permission level to be modified (for example, change User to DBA, or change DBA to Team Leader). When creating an API key and selecting the Delegate scope to enable this behavior, there is a new option, Allow Changes to Admins, which is a new scope on API keys that allows admin users to be modified via the SDKs and Terraform as well. This update applies to server version 85.46.0 and higher, all SDK (Go, Java, Python, Ruby) versions 7.0.0 and higher, and Terraform provider version 8.0.0 and higher.

February 2024 #

• Explicit Routing: Released Explicit Routing, an advanced feature that allows network administrators to define their organization’s network topology by segmenting gateways, relays, and resources into explicitly declared peering groups. The CLI, SDKs, and Terraform are supported.
• Certificate-Based RDP: Released the RDP (Certificate Based) server resource type and added support for Remote Identities.
• Certificate Authority Field: Changed the “Secret Store” property on certificate-based RDP and SSH server forms in the Admin UI to “Certificate Authority” to allow selection of a desired certificate authority (default is Strong CA).
• Updated Slack App: Updated the StrongDM integration for Slack to a new version, which offers channel-based approvals, multiple-resource requests, improved request/resource filtering, and various UI/UX improvements. Current users of the Slack app will need to reinstall it, as the new version requires additional scopes to be approved. Please note that if your organization does not update its Slack app to approve the new scopes, it will still be compatible with the latest changes and will receive the UI updates. However, users will not be able to use channel-based approvals until the app is updated.
• Log Stream Data File Format: Changed the file format and path location of replay data stored to Amazon S3 with Log Stream enabled.

January 2024 #

• Certificate Rotation: Added the Certificate Authorities page to the Admin UI, enabling Strong CA certificates to be managed and rotated.
• StrongDM Desktop Update: Updated the desktop app with various usability enhancements, including a dynamic Resource Center window that may be resized and moved anywhere on any screen.
• Installers: Added the PKG (macOS) and MSI (Windows) installers to the Download & Install page of the Admin UI.
• Fixed Duration for Access Requests: Added a fixed duration setting for access requests on the Workflows settings page of the Admin UI.
• Analytics Dashboards: Revitalized the Admin UI Reports Library with new dashboards providing in-depth analysis of access grants to resources, organization posture and risks, and more.