πΏAuthenticate using OneLogin
18 January 2023
zli v. 6.15.12
zli v. 6.15.12
IMPORTANT
This zli
release is mandatory for all Okta-based BastionZero organizations.
This can be done via:
yum update zli
for yumbrew upgrade zli
for Homebrewapt update,
followed by anapt install zli
for apt
This change has no impact on our APIs or web app access.
IMPORTANT REMINDER
zli v. 6.14.3
** introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.**
> Bzero-context
is no longer used to connect to your cluster. Instead, all contexts follow a format that includes both the targetUser
(Kubernetes role) and targetName
(cluster name): bzero-{targetUser}@{targetName}
> Each Kubernetes connection creates an additional context entry following the same bzero-
format mentioned above
> zli generate kubeConfig
is no longer required before connecting to a Kubernetes target. Simply run zli connect {targetUser}@{targetName}
, and the zli
will update your kubeconfig
to a new context entry to connect to your target
> Before upgrading, adjust any tooling that relies on the former context name, bzero-context
New
OneLogin authentication support. The latest
zli
release,v. 6.14.3
, contains support for authenticating to BastionZero via OneLogin SSO. To set up a OneLogin organization, see our product docs for a step-by-step guide
Enhancements
JIT policy expiration and policy modification. Improved error messaging is returned to users when their JIT policy expires and/or they have lost access to a target due to policy modification
Fixes
zli send-logs
. Resolved issue sozli send-logs
sendszli
logs when no daemon logs exist
bzero v. 7.5.2
bzero v. 7.5.2
New
OneLogin support. This release of
bzero
includes the changes required to support OneLogin authentication support[Released 21 December] ARM64 bzero agent. Resolved issue with installing the ARM64
bzero
agent
Enhancements
JIT policy expiration and policy modification. This release of
bzero
includes the changes needed to improve error messaging when users' JIT policy expires and/or they have lost access to a target due to policy modification
Fixes
Log level. Resolved issue with the
-logLevel
flag in both the systemD and Kube agents
Web app & backend
New
OneLogin groups support. The latest backend release contains support for integrating OneLogin groups with BastionZero. This capability allows you to create policy using OneLogin groups rather than having to name specific users
Enhancements
SSH connection response. Improved the SSH connection response to include the target user
Fixes
Onboarding tool. Resolved issue with the onboarding tool when onboarding a cluster with the same name as a current
offline
clusterBastionZero app on Slack. Resolved issue preventing the BastionZero app from accepting JIT requests for tunnel or file transfer verbs
SSH connections. Resolved issue with revoking active SSH connections when policy is modified
Connect to targets with altered control channel. Resolved issue with connecting to a target after the control channel has changed AWS availability regions
For questions or to provide feedback on how we can improve our updates, reach out to product@bastionzero.com.
Last updated