Links
🎿

Authenticate using OneLogin

18 January 2023

zli v. 6.15.12

IMPORTANT
This zli release is mandatory for all Okta-based BastionZero organizations.
This can be done via:
  • yum update zli for yum
  • brew upgrade zli for Homebrew
  • apt update, followed by an apt install zli for apt
This change has no impact on our APIs or web app access.
IMPORTANT REMINDER zli v. 6.14.3** introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.** > Bzero-context is no longer used to connect to your cluster. Instead, all contexts follow a format that includes both the targetUser (Kubernetes role) and targetName (cluster name): bzero-{targetUser}@{targetName} > Each Kubernetes connection creates an additional context entry following the same bzero- format mentioned above > zli generate kubeConfig is no longer required before connecting to a Kubernetes target. Simply run zli connect {targetUser}@{targetName}, and the zli will update your kubeconfig to a new context entry to connect to your target > Before upgrading, adjust any tooling that relies on the former context name, bzero-context

New

  • OneLogin authentication support. The latest zli release, v. 6.14.3, contains support for authenticating to BastionZero via OneLogin SSO. To set up a OneLogin organization, see our product docs for a step-by-step guide

Enhancements

  • JIT policy expiration and policy modification. Improved error messaging is returned to users when their JIT policy expires and/or they have lost access to a target due to policy modification

Fixes

  • zli send-logs. Resolved issue so zli send-logs sends zli logs when no daemon logs exist

bzero v. 7.5.2

New

  • OneLogin support. This release of bzero includes the changes required to support OneLogin authentication support
  • [Released 21 December] ARM64 bzero agent. Resolved issue with installing the ARM64 bzero agent

Enhancements

  • JIT policy expiration and policy modification. This release of bzero includes the changes needed to improve error messaging when users' JIT policy expires and/or they have lost access to a target due to policy modification

Fixes

  • Log level. Resolved issue with the -logLevel flag in both the systemD and Kube agents

Web app & backend

New

  • OneLogin groups support. The latest backend release contains support for integrating OneLogin groups with BastionZero. This capability allows you to create policy using OneLogin groups rather than having to name specific users

Enhancements

  • SSH connection response. Improved the SSH connection response to include the target user

Fixes

  • Onboarding tool. Resolved issue with the onboarding tool when onboarding a cluster with the same name as a current offline cluster
  • BastionZero app on Slack. Resolved issue preventing the BastionZero app from accepting JIT requests for tunnel or file transfer verbs
  • SSH connections. Resolved issue with revoking active SSH connections when policy is modified
  • Connect to targets with altered control channel. Resolved issue with connecting to a target after the control channel has changed AWS availability regions
For questions or to provide feedback on how we can improve our updates, reach out to [email protected].