Changelog

As part of our ongoing efforts to enhance the performance, security, and scalability of our systems, Dispel is undergoing a comprehensive update to all infrastructure during Fall 2024. These updates will ensure that our systems remain robust and can support the addition of future features and services, while continuing to maintain the highest standards of security.

Key Takeaways of the Update:

1. Security Enhancements:

   1. Routine security updates to ensure the highest possible security standards are being maintained.

2. Dependency Upgrades & Infrastructure Improvements:

   1. Preparing all infrastructure to communicate with an updated orchestration engine to facilitate future features.

Impact on Services:

These updates are designed to require minimal changes from our customers. However, because downtime will be required, a small outage window is being scheduled for each deployment during low-traffic periods to minimize disruption. These windows are communicated and agreed upon with customer points of contact well ahead of the update.

For more information on Maintenance Windows, please visit https://legal.dispel.com/support/maintenance-windows

Coming October 8th, we've made several improvements to simplify the creation, organization, and ongoing management of Access Windows and their memberships.

Assigning the right people to Access Windows they need is now quicker and easier than ever. Each Access Window can accommodate multiple users. You can add individual users, entire Dispel groups or a combination of both to each Access Window. To balance access control and setup convenience, administrators can toggle access on and off for individual users within a group while preserving access for all other group members.

To make finding, understanding, and managing your Access Windows incredibly quick and simple, you can give Access Windows meaningful names and track their membership on Access Window details pages, in individual user settings pages, and in group settings pages.

Fixes & Improvements

• Fixed an issue affecting Bastion Link generation

• Enabled Bastion connections through the RDP client (Windows Only)

• Improved clarity of error messages throughout the Dashboard

• Added ability to specify email addresses in addition to domains for Vendor Self Onboarding links

• Fixed bugs and addressed usability issues in the Vendor Self Onboarding workflow

• Improved MAC address identification and handling during device import

• Updated query performance and accuracy of the Nozomi Networks device import integration

In the update scheduled for September 17, 2024, we’re focusing on enhancing security, streamlining workflows, and improving usability across the Dispel platform.

• Organized the device list alphabetically to simplify search and identification

• Improved search response for the Groups list view

• Decreased clutter and improved accuracy of the list of devices returned by the Nozomi integration

• Enhanced multi factor authentication enforcement

The updates above carry a Customer Impact Score of 1, meaning the deployed items do not impact your workflows or present visible dashboard changes. Details on items with higher impact scores are provided below.

Remote Desktop Config File Download for Azure Bastion VDIs

Customer Impact Score: 2

We’ve extended support for Remote Desktop clients within Azure Bastion, allowing users to enjoy features like multi-display setups and easy file transfers. In this release, Dispel will now generate Remote Desktop Protocol (RDP) connection files for VDIs in Azure Bastion-enabled regions. These files can be conveniently downloaded from the Connection page in the Dispel Dashboard. Azure Bastion connections via RDP can only be made from Windows hosts.

Device Accounts Renamed to Password Vault Logins

Customer Impact Score: 2

To better reflect their purpose, ‘Device Accounts’ have been renamed to ‘Password Vault Logins’ throughout the Dispel Dashboard. This change is purely terminological, with no functional alterations. The update is seamless, and existing Device Accounts will automatically convert to the new terminology upon deployment.

In an update planned for July 30th, 2024, we’ll deploy an enhancement that allows special characters in the Client ID field for OIDC integrations.

This update has a Customer Impact Score of 1. This means the deployed items do not impact your workflows or present visible dashboard changes.

In the update planned for August 20th, 2024, we’re releasing fixes and enhancements to improve device creation and bulk loading, boost performance, and resolve various bugs. These updates have a Customer Impact Score of 1. This means the deployed items do not impact your workflows or present visible dashboard changes.

• Enabled use of forward slashes in device names

• Stabilized bulk device uploads

• Removed case-sensitivity requirement for MAC addresses during bulk device uploads

• Optimized large ACL updates

• Improved Access Window page load time for large lists

Upcoming release for July 23, 2024

We are addressing a few performance issues and bugs in our next scheduled update, July 23, 2024. The fixes listed below will have a Customer Impact Score of 1. This means the deployed items do not impact your workflows or present visible dashboard changes.

• Fixed an issue that caused the creation of Bastion links to fail

• Fixed and improved coverage of end to end tests and code coverage tests

• Performed routine dependency reviews and updates

Device Accounts

Device Accounts streamline the process of logging into remote devices while eliminating the need for users to handle sensitive credentials directly. Dispel administrators can create Device Accounts by supplying the necessary authentication credentials and configuring the protocols and ports the account can utilize on the associated device. Furthermore, administrators can specify which Dispel members are permitted to connect using the Device Account. Credentials are encrypted in specialized storage and are never stored in the Dispel database.

By using Device Accounts, the risk of breaches is significantly minimized as it reduces the number of individuals with access to sensitive account credentials. Device Accounts also expedite access to remote devices by enabling users to log in with just a single click.

Fixes & improvements 

• Updated our Mandarin, French, German, Portuguese and Spanish Language Translations

• Addressed several navigation and scrolling issues throughout the Dashboard

• Fixed a bug that resulted in the wrong email address being displayed when an Access Window is created

• Improved usability by moving Group Devices to the top of the device list when ACLs are activated on them

• Improved the page load experience for ACLs when there are many ACLs configured

• We now log an event when Users, Regions, Facilities, Groups, and Devices are deleted

• Clarified the error messages associated with inviting new users to give better guidance on remediation

• We now prevent existing Users from re-using VSO links 

• Fixed a bug that was preventing the filtering of Stacks

Administrators can now enforce that all their users must sign in using single-sign on when logging into Dispel. Previously, users could sign in via SSO or a hybrid model where Dispel Privileged Access Management worked alongside an SSO platform such as Okta or Microsoft Active Directory. With this new update, admins can require that all users must use the organization's SSO provider to authenticate. This disables Dispel Privileged Access Management within the dashboard.

This allows your organization admins more control over user passwords, and can control who has access to the application from the dashboard of the SSO identity provider. With this, admins have centralized management of all their users and all types of users within their organization.

Bug Fixes and Updates

• Fixed translations in Password Vaulting.

• Fixed an issue with showing a success toast when an admin re-sends an invite to a member that hasn't accepted their invitation.

Group Access Windows

Access Windows are fast and safe way to allow users "just in time" access to your devices.

With the introduction of Group Access Windows, you can now create Access Windows in bulk and extend them to entire role based access control (RBAC) Groups.

Facility Level Groups

Groups, and the ability to use invite links to onboard users into them, are a powerful feature for management at scale. Previously, as Groups have the ability to span multiple facilities, these features were only available for organization-wide admins. With this release, we are launching the ability to scope groups and their invite links within a facility level, thus providing enhanced control and flexibility for admins who manage facilities, but not the whole organization. Facility-level admin who have control over even just a single site can now independently create groups, and generate invitation links attached to those groups to efficiently and securely onboard and manage their internal and vendor teams.

Fixes and Improvements

• Updated our emails to include more local languages

• Fixed a documentation link in the Nozomi Import feature

• Cleared out old API routes to keep everything nice and neat

• Added missing translations for the request access flow

You can now import a lot of devices at once using a CSV file. Go to Devices and click Add Devices in the 2nd column, in the dropdown you will now have a new option to Add Multiple Devices. Additionally we provide a CSV template on that page that you can download and use when you build out your CSV.

Additional languages

Within the coming couple of weeks we're looking to launch Brazilian Portuguese and Simplified Chinese as new language options on our platform. Currently, in addition to English, we support Japanese, German, French, and Spanish. You can access the settings to change your language under Account Settings. If you'd like to beta test Brazilian Portuguese or Simplified Chinese on your deployment, please talk to your account manager.

Fixes and Improvements

• We now hide Virtual Desktop passwords by default and you can only see passwords of your own Virtual Desktop.

• We now show if a Stack has been paused due to failed builds and show information about how to get it unpaused.

• Fixed a rate limiting issue for the password reset flow.

• It's now possible to copy the Wicket ID on the Wicket list item. This will be helpful if you want to bulk import devices, as the Wicket ID is a required item in the CSV template.

• Fixed an issue with SSO during the vendor self-onboarding process.

• Fixed an issue where it was not possible to create a Stack unless the language was set to English.

• Fixed an issue where the Approving or Denying of Access Windows would not work under certain circumstances.

• Fixed an issue where it was not possible to reserve a Virtual Desktop from the Access Window Connect tab.

• Fixed an issue where sometimes a double Virtual Desktop reservation would occur.

• Fixed an issue where it was not possible to remove a Member from a Region if they were added via a Member Group.

• Fixed a few translation issues in Japanese.