As part of our commitment to being Secure by Design and providing a more resilient platform, this Service Release focuses on hardening of the Orion Platform and its modules, removal of legacy code, security and bug fixes, and feature enhancements.
For detailed release notes, please click the links below:
- Orion Platform local user accounts security improvements.
- One-time required password change for all Orion Platform local accounts
- Password complexity enforcement
- Account lockouts
- No “guest” account created on new installations
- New custom property management UI (user interface)
- Migration of account limitation builder application
Orion Platform Local Account Security Improvements
One-time required password change for all Orion Platform local accounts
NOTE: All local Orion Platform accounts will be required to have their passwords updated within 30 days of the upgrade.
- Accounts which do not update their passwords in this period will result in the password expiring for these accounts, and these accounts will be unable to log on.
- This is a one-time requirement. Once updated, passwords will not expire again.
The requirement to change password, changes to the minimum password complexity, and account lockouts apply only to Orion Platform local accounts. Other Orion Platform accounts such as Windows/SAML are not affected.
Account passwords can be updated by the users or by Orion Platform admins.
The notification alert will show Orion Platform admins how many accounts will expire.
Users will see the following notification dialog on initial logon post upgrade.
A New “Profile” menu under the user profile icon provides access to reset your password.
The account management page now shows the password expiry date and Lockout Status of the accounts.
From here, Orion Platform admins can change account passwords and unlock accounts.
Password complexity enforcement
Password complexity requirements for Orion Platform local accounts are now enforced when updating passwords.
Orion Platform local accounts will now be locked out following 10 failed login attempts.
An out-of-the-box alert has been added, which triggers on this event.
Auditing events capture unsuccessful login attempts.
Recommendation: Do not use the built-in admin account as primary administrator account—create a new account instead. As the account name (“admin”) is well-known, it can be easily locked out by anyone.
New Custom Property UI
The custom property management page has been updated with a new UI. This provides feature parity with the legacy custom property management page.
When creating a custom property in the new interface, you now have the option to select “Account Limitations.”
If for any reason you want to switch back to the legacy view, you can click the vertical ellipsis on the top right-hand side.
Here you will also notice a link to directly manage account limitations, which can also be accessed from the Node & Group Management section on the Main Settings & Administration page.
Removal of the account limitation builder applications
As account limitation functionality isn’t available in the Orion Platform web console and the standalone account limitation application is no longer installed, it’s also removed during upgrade to 2020.2.6.
If you don’t see the features you’ve been waiting for, check out the What We're Working On for the Orion Platform post for a list of features our dedicated team of log nerds and code jockeys are already researching. If you don’t see everything you’ve been wishing for, add it to the Orion Platform Feature Requests forum.