# Authenticate using OneLogin

## `zli v. 6.15.12`

{% hint style="warning" %}
**IMPORTANT**

This `zli` release is *<mark style="color:purple;">**mandatory**</mark>* for all Okta-based BastionZero organizations.

This can be done via:

* `yum update zli` for yum
* `brew upgrade zli` for Homebrew
* `apt update,` followed by an `apt install zli` for apt

This change has no impact on our APIs or web app access.
{% endhint %}

{% hint style="info" %}
**IMPORTANT REMINDER**\ <mark style="color:purple;">**`zli v. 6.14.3`**</mark>\*\* introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.\*\*\
\
\&#xNAN;**>** **`Bzero-context`** is *no longer used* to connect to your cluster. Instead, all contexts follow a format that includes both the `targetUser` (Kubernetes role) and `targetName` (cluster name): <mark style="color:purple;">`bzero-{targetUser}@{targetName}`</mark>\
\&#xNAN;**>** Each Kubernetes connection creates an additional context entry following the same `bzero-` format mentioned above\
\&#xNAN;**>** `zli generate kubeConfig` is *no longer required* before connecting to a Kubernetes target. Simply run `zli connect {targetUser}@{targetName}`, and the `zli` will update your `kubeconfig` to a new context entry to connect to your target\
\&#xNAN;**>** Before upgrading, adjust any tooling that relies on the former context name, `bzero-context`
{% endhint %}

### New

* **OneLogin authentication support.** The latest `zli` release, `v. 6.14.3`, contains support for authenticating to BastionZero via OneLogin SSO. To set up a OneLogin organization, see our [product docs](https://docs.bastionzero.com/docs/admin-guide/authentication/sso-management) for a step-by-step guide

### Enhancements

* **JIT policy expiration and policy modification.** Improved error messaging is returned to users when their JIT policy expires and/or they have lost access to a target due to policy modification

### Fixes

* **`zli send-logs`.** Resolved issue so `zli send-logs` sends `zli` logs when no daemon logs exist

## `bzero v. 7.5.2`

### New

* **OneLogin support.** This release of `bzero` includes the changes required to support OneLogin authentication support
* **\[Released 21 December] ARM64 bzero agent.** Resolved issue with installing the ARM64 `bzero` agent

### Enhancements

* **JIT policy expiration and policy modification.** This release of `bzero` includes the changes needed to improve error messaging when users' JIT policy expires and/or they have lost access to a target due to policy modification

### Fixes

* **Log level.** Resolved issue with the `-logLevel` flag in both the systemD and Kube agents

## Web app & backend

### New

* **OneLogin groups support.** The latest backend release contains support for [integrating OneLogin groups](https://docs.bastionzero.com/docs/admin-guide/authentication/sso-management) with BastionZero. This capability allows you to create policy using OneLogin groups rather than having to name specific users

### Enhancements

* **SSH connection response.** Improved the SSH connection response to include the target user

### Fixes

* **Onboarding tool.** Resolved issue with the onboarding tool when onboarding a cluster with the same name as a current `offline` cluster
* **BastionZero app on Slack.** Resolved issue preventing the BastionZero app from accepting JIT requests for tunnel or file transfer verbs
* **SSH connections**. Resolved issue with revoking active SSH connections when policy is modified
* **Connect to targets with altered control channel.** Resolved issue with connecting to a target after the control channel has changed AWS availability regions

For questions or to provide feedback on how we can improve our updates, reach out to [<mark style="color:purple;">product@bastionzero.com</mark>](mailto:product@bastionzero.com).