πΏAuthenticate using OneLogin
18 January 2023
zli v. 6.15.12
zli v. 6.15.12IMPORTANT
This zli release is mandatory for all Okta-based BastionZero organizations.
This can be done via:
yum update zlifor yumbrew upgrade zlifor Homebrewapt update,followed by anapt install zlifor apt
This change has no impact on our APIs or web app access.
IMPORTANT REMINDER
zli v. 6.14.3** introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.**
> Bzero-context is no longer used to connect to your cluster. Instead, all contexts follow a format that includes both the targetUser (Kubernetes role) and targetName (cluster name): bzero-{targetUser}@{targetName}
> Each Kubernetes connection creates an additional context entry following the same bzero- format mentioned above
> zli generate kubeConfig is no longer required before connecting to a Kubernetes target. Simply run zli connect {targetUser}@{targetName}, and the zli will update your kubeconfig to a new context entry to connect to your target
> Before upgrading, adjust any tooling that relies on the former context name, bzero-context
New
OneLogin authentication support. The latest
zlirelease,v. 6.14.3, contains support for authenticating to BastionZero via OneLogin SSO. To set up a OneLogin organization, see our product docs for a step-by-step guide
Enhancements
JIT policy expiration and policy modification. Improved error messaging is returned to users when their JIT policy expires and/or they have lost access to a target due to policy modification
Fixes
zli send-logs. Resolved issue sozli send-logssendszlilogs when no daemon logs exist
bzero v. 7.5.2
bzero v. 7.5.2New
OneLogin support. This release of
bzeroincludes the changes required to support OneLogin authentication support[Released 21 December] ARM64 bzero agent. Resolved issue with installing the ARM64
bzeroagent
Enhancements
JIT policy expiration and policy modification. This release of
bzeroincludes the changes needed to improve error messaging when users' JIT policy expires and/or they have lost access to a target due to policy modification
Fixes
Log level. Resolved issue with the
-logLevelflag in both the systemD and Kube agents
Web app & backend
New
OneLogin groups support. The latest backend release contains support for integrating OneLogin groups with BastionZero. This capability allows you to create policy using OneLogin groups rather than having to name specific users
Enhancements
SSH connection response. Improved the SSH connection response to include the target user
Fixes
Onboarding tool. Resolved issue with the onboarding tool when onboarding a cluster with the same name as a current
offlineclusterBastionZero app on Slack. Resolved issue preventing the BastionZero app from accepting JIT requests for tunnel or file transfer verbs
SSH connections. Resolved issue with revoking active SSH connections when policy is modified
Connect to targets with altered control channel. Resolved issue with connecting to a target after the control channel has changed AWS availability regions
For questions or to provide feedback on how we can improve our updates, reach out to [email protected].
Last updated