Visual Guard Update List

VG 2024.3

MFA ValidatE Operation (for Business Actions)

  • Enhanced Business Security
    Introduced a Multi-Factor Authentication (MFA) process for authorizing specific business actions within Visual Guard. This feature ensures that critical operations are executed only after verifying the user’s identity through multiple authentication methods, enhancing security for sensitive tasks.

Purpose of MFA Validation

  • Enhanced Security for Critical Business Functions
    Strengthens security for critical business functions, especially those involving sensitive or high-impact operations, by requiring multi-method user authentication (e.g., password and one-time code sent to a mobile device).
  • Selective MFA Application for Sensitive Actions
    Adds an extra layer of security for tasks such as transaction approvals, confidential data access, and administrative commands.

Benefits of MFA Validation

  • Enhanced Security
    Protects sensitive business operations with extra authentication layers, reducing the risk of unauthorized access.
  • Compliance Support
    Meets regulatory and compliance standards by safeguarding critical actions with robust identity verification.
  • User Accountability
    Establishes a clear audit trail linking actions to authenticated users, improving traceability.
  • Risk Mitigation
    Minimizes the impact of compromised credentials by requiring multifactor checks before high-risk actions.
  • Operational Flexibility
    Allows selective application of MFA to specific actions, balancing security needs with user convenience.

Performance Improvement for Private Connections

  • Private Connection Overview
    A private connection can be configured using secure protocols like HTTPS, HTTP, and gRPC, optimizing the secure communication pipeline and establishing an efficient, high-security data transfer channel. This refined architecture protects sensitive data while enhancing response times and system performance.
  • Secure Application Connections
    The Visual Guard Identity Server allows secure application connections to retrieve user security data from the database, isolating the application from direct database access.

Benefits of Private Connections

  • Enhanced Data Security
    Isolates data from public networks, reducing the risk of interception and unauthorized access.
  • Controlled Access
    Limits access to authorized systems and users within the private network, improving control over identity management resources.
  • Improved Performance
    Provides lower latency and stable bandwidth, resulting in faster, more reliable authentication, especially for high-transaction environments.
  • Compliance Support
    Facilitates compliance with regulatory requirements for secure, private data channels.
  • Reduced Exposure to Threats
    Limits external threat exposure by restricting access to private network users.

VG 2024.2

VG WinConsole

  • Azure Entra Integration
    Introduced Azure Entra as an advanced feature in Visual Guard to enhance identity and access management. Azure Entra, Microsoft’s unified identity and access platform, strengthens security and simplifies access control across applications.

Benefits of Azure Entra Integration

  • Enhanced Security
    Utilizes Azure Entra’s security features to ensure only authenticated and authorized users access sensitive applications.
  • Improved User Experience
    Integrates SSO and seamless MFA, offering a frictionless experience with high security.
  • Scalability and Flexibility
    Enables effortless scaling of identity management for on-premises and cloud-based applications.
  • Advanced Access Control
    Allows custom security policies with conditional access based on real-time risk.

Key Aspects of Azure Entra Integration

  • Seamless Integration with Visual Guard
    Supports streamlined user authentication, enhancing the authentication and authorization process.
  • Multi-Factor Authentication (MFA)
    Expands Visual Guard’s MFA capabilities, incorporating TOTP and OTP methods for enhanced identity verification.
  • Conditional Access
    Supports advanced access controls based on user risk, device state, and session context for better policy control.
  • Single Sign-On (SSO)
    Allows users to access multiple Visual Guard applications with a single credential set, improving user experience and reducing password fatigue.
  • Compliance and Governance
    Supports compliance with security regulations via detailed auditing and reporting tools.

VG 2024.1

Multi-Factor Authentication (MFA)

  • TOTP Support for Windows Authenticator
    Introduced Time-Based One-Time Password (TOTP) support, adding an extra layer of security by requiring a temporary code along with the usual password. TOTP is now supported via Windows Authenticator, enhancing the security of sensitive data and applications.

VG WinConsole

  • User Impersonation Feature
    Master Administrators can now manage user impersonation for Identity Server and workflow tasks. This feature facilitates internal administrative activities by allowing a designated user account to operate in the background during identity server and workflow operations.

VG WebConsole

  • .NET 8 Compatibility
    VG WebConsole now runs on .NET 8. The hosting bundle can be downloaded from the ASP.NET Core Runtime 8.0.7 section on the official Microsoft website.

VG Identity Server

  • .NET 8 Compatibility
    IdentityServer has been updated to use .NET 8. The hosting bundle is available for download from the ASP.NET Core Runtime 8.0.7 section on the official Microsoft website.

Database Permissions

  • SQL User Permissions
    New permissions are now required for SQL users to connect to VG database tables.
  • Published Folder Permissions
    Updated permission requirements for managing published folders.

Release Candidate

Major Features of Visual Guard

  • MFA Policy at 2 Tiers
    Introducing a two-tiered approach to MFA policies, Visual Guard 2024.0 allows for the implementation of both GlobalPolicy and ApplicationPolicy. This dual-layered policy framework ensures a flexible yet secure environment, catering to the broad security requirements at the organizational level while allowing for application-specific MFA configurations.
  • MFA Deployment to Other VGRepository:
    Expanding the reach of MFA, Visual Guard 2024.0 enables the deployment of MFA settings across different VGRepositories. This feature ensures that MFA protections are uniformly applied, enhancing security across all platforms and applications managed within the Visual Guard ecosystem.
  • Enrollment of the User with VGIdentityServer
    A streamlined user enrollment process with the VGIdentityServer simplifies the integration of MFA, ensuring that users are quickly and securely onboarded with multi-factor authentication protocols.
  • Comprehensive MFA Integration:
    Visual Guard 2024.0 intricately weaves MFA into all its functions, providing detailed insights into how multi-factor authentication works seamlessly within the Visual Guard framework to protect sensitive data and applications.
  • Duplicate Role:
    Visual guard allows you to duplicate a Shared Role & Application role within your system that mirrors an existing role, duplicating all similar permissions and responsibilities.
    [This feature is exclusively available in VG 2024 and later versions].

Introducing VGMagicLink

A standout feature of Visual Guard 2024.0 is the introduction of VGMagicLink, a revolutionary technology that enhances the MFA experience. VGMagicLink allows for real-time authentication, enabling users to gain access to secured applications immediately after validating a unique link. This technology offers an alternative to traditional OTP and email link methods, providing a seamless and efficient way to ensure security without compromising on user convenience.
VGMagicLink exemplifies Visual Guard’s commitment to innovation in security, offering users a quick and secure authentication method that aligns with the modern need for immediate and reliable access to applications.

Visual Guard’s Login Flow with Magic Links

Visual Guard Magic Links

VGSecurityRuntime

  • MFA Integration in the Authentication flow
    This update ensures that during authentication, users are required to provide multiple forms of verification, adding an extra layer of defense against unauthorized access, and fortifying the overall security posture of the system. Read More
  • MFA Deployment – Repository and Application Level
    This feature allows to import MFA policy and its configuration from the source repository to the target repository. This is helpful when an administrator want to copy the policy and configuration from Dev or QA repository to the Production repository.
  • MFA Enrollment Flow
    The MFA enrollment flow involves users registering one or more secondary authentication methods, such as a phone number for SMS or email ID for link, which are then required in addition to the primary password for enhanced security during login.
  • MFA Integration in Angular Apps
    This update enables Angular applications to implement MFA, providing a secure, interactive user verification experience without compromising the app’s performance or user interface.
  • MFA Policy – Global and Application Level
    This feature allows for the precise tailoring of MFA requirements, ensuring that security measures align perfectly with specific organizational policies and application-specific needs.
  • Password Policy Flow Change for MFA
    This change harmonizes password regulations with MFA requirements, enhancing overall security while streamlining the user’s authentication journey.
  • .Net 8 Support
    VG 2024 will support .Net 8.0

VG WinConsole

VG WebConsole

  • MFA Login Integration
    This update ensures a fortified entry mechanism, balancing strict security measures with a smooth user authentication flow.
  • MFA Policy – Global and Application Level
    Administrators can now define multi-factor authentication policies to secure the entire organization (Global) and customize them for specific applications, ensuring flexible yet robust security measures. Read More
  • Passwordless Authentication
    This feature gives the access to your account using alternate methods, such as secured link or one-time codes (OTP), enhancing both security and user experience.
  • Password Policy with MFA
    This feature allows users to set and manage strong password requirements while incorporating multi-factor authentication for an added layer of protection.
  • Getting Started
    This feature provides a user-friendly onboarding experience, guiding new users through the essential steps of setting up Visual Guard. Read More
  • Duplicate Shared Role / Application Role
    Visual guard allows you to duplicate a shared role and application role within your system that mirrors an existing role, duplicating all similar permissions and responsibilities. Read More

VG IdentityServer

Visual Guard’s Identity Server receives significant updates in 2024, focusing on user experience, customization, and security enhancements. These updates streamline the configuration process, enhance user interface customization, and integrate advanced security features like Multi-Factor Authentication (MFA).

API Level

Implementation of MFA Enrollment Web-API Functions

  • Send Verification & Validation for EmailAddress and Mobile Number 
  • Register Email Address, Mobile Number

This allows for easy, programmable MFA credential management, significantly bolstering application security.

  • Integration of MFA in Existing Authentication Methods of hhAPI
    This integration ensures a robust, user-friendly authentication process without compromising the existing API structure and flow.
  • Integration of MFA in Existing Authentication Methods of API for PowerBuilder
    This feature seamlessly incorporates an additional verification layer into PowerBuilder applications, ensuring secure user access without altering the established API workflows.
  • Integration of Passwordless Authentication in API for PowerBuilder and Other Authentication Modes
    This innovative approach enhances security and user experience by eliminating the need for traditional passwords, instead utilizing secure, user-friendly authentication methods such as biometrics or verification codes.
  • Postman Changes for all Methods
    These changes are designed to simplify the integration and testing of various authentication methods, including MFA and Passwordless authentication, directly within the Postman environment.

VG 2020.3

New Features

  • VG Angular
    We have upgraded our framework to Angular version 15. This upgrade enhances performance and security.
  • API Documentation
    We have published new API documentations on Postman. These documentations will aid developers in understanding how to use our APIs more efficiently.
  • MFA Azure Front Door
    We added a “no-store” cache control header to the response of MFA Azure Front Door. This will help to ensure that sensitive data is not stored in the browser’s cache.
  • WinConsole: Repository Connection
    The WinConsole can now connect to the VGIdentityServer. This will allow better integration between these two components.
    WebConsole Attendance Monitoring
    Modifications have been made to the calendar control for tracking attendance hours. This will help to improve time tracking accuracy.
  • WebConsole: Role Deletion
    The “Delete Role” option has been moved to the bottom menu in the WebConsole for better ergonomics.
  • WebConsole: Loading Icon
    A loading icon has been added to the workflow data monitor in the WebConsole to indicate when data is being loaded.
  • WebConsole: Workflow Settings Improvement
    The last execution time of VGWorkFlowServer has been added to the WebConsole settings. This will allow users to see when the workflow server was last run.
  • IdentityServer Configuration
    Several configuration changes have been made to the IdentityServer and new properties have been added to the WinConsole settings. This allows for more flexible configuration of the IdentityServer.
  • Angular Documentation
    The Angular integration documentation has been updated
  • VG SaaS UI Update
    The UI of VG TRIAL SAAS has been updated to include left-hand margins, clickable titles that open in new windows, a separator below the ProgressBar, and CSS changes on button click. This improves the overall user experience.
  • VG Runtime
    The system has been upgraded to version 4.6. This upgrade brings security and performance improvements.
  • Password Policy Comment
    A comment has been added for the Auto-Unclock feature in the password policy. This gives users a better understanding of this feature.

Bug Fixes

  • WebConsole | Monitoring | Graph
    The graph display for a 15-month range has been fixed. The graph no longer reverts to only two bars.
  • Documentation
    Fixed the bug where the eazydocs_get_option() function was not found. This solved an issue with the documentation site’s theme.
  • Oracle Migration
    Fixed migration errors from 2019.2 to 2020.3 in oracle repositories. Users will no longer see error messages when logging in.
  • VGSecurityRuntime VGUser Creation
    Fixed an issue that prevented creating a second VGUser in a new SQL repository without a license. The incorrect error message will no longer appear.
  • Authentication Modes
    Fixed differences in authentication mode selection when adding a new repository in WinConsole and WebConsole. The options will now be consistent between the two.

VG 2020.2

VG Security Runtime

  • VG Multi-Factor Authentication (VG MFA)
    Visual Guard now includes a proprietary Multi-Factor Authentication system. Users have to enter a Pin code (One-time Password / OTP) or click on a link, sent by SMS or email.
  • VG Passwordless Authentication
    Users can verify their identity without entering a password. In addition to simplifying the user experience, VG Passwordless Authentication strengthens security and reduces the risk of Identity thefts.
Multi-factor Authentication
Visual Guard MFA

VG WinConsole

  • Enabling MFA for existing Visual Guard Accounts.
    You can choose which account is MFA ready and progressively implement strong authentication.

VG WebConsole

  • Enabling MFA for existing Visual Guard Accounts.
    You can choose which account is MFA ready and progressively implement strong authentication.
  • Deleting Applications
  • Support for Office 365 SMTP
  • Enhanced export of VG EventViewer to Excel

VG Identity Server

  • Load Balancing
    Load Balancing is now supported, between several VG Identity Servers connected to the same VG Repository, and sharing the same configuration.
  • New protocols added to speed up communications between VG Identity Server and VG Runtime(s): GRPC V1 and GRPC V2 (Windows 11)

Bug Fix

  • Separate Authentication from the Workflow Server
    Because the Workflow Server works continuously, we saw 1000 to 2000 authentication per day only for the Workflow Server
  • Improve maintenance operation
  • Connection to VG IdentityServer

VG 2020.1

VG Security Runtime

    • Enhanced permission management for PowerServer
    • A new entity called VGDistributedTransient has been added for supporting load balancing

VG WinConsole

  • Permission Matrix
    Generating permission Matrix from the WinConsole, for Applications, Roles, and Users
  • Managing Web API permission for PowerServer
    • Datastores are listed automatically by scanning the PBLs of the PowerBuilder application.
    • Mapping Datastores and Resources (which datastores access which tables for Create/Read/Update/Delete purposes). This allows creating permissions at table level : VG will enforce these permissions anytime a PB client is accessing the related datastores.
    • Creating fine-grain authorizations to allow Reading / Updating / Deleting / Creating from specific Resources (tables)
    • Creating fine-grain authorizations to allow Reading / Updating / Deleting / Creating from specific datastores
  • When searching for users, the “contains” operator is now selected by default.
  • Exporting Groups and Roles details in Excel files
  • Enhanced Configuration UI for Identity Server
  • New progress bar to monitor repository deployment / importing processes.
  • Support for Cross-origin Resource Sharing (CORS)

WebConsole

  • Migration to .Net Core 3.1
    Overall response time and performance improvements
  • New WebConsole features
    • Renaming an Application from VG WebConsole
    • Managing Web API permission for PowerServer
      (see WinConsole for more details)
    • Exporting Event Logs in Excel
    • Generating Permission Matrix from VG WebConsole
    • Generating VG configuration files
    • Viewing VGLicense details
  • If a user accessed the WebConsole with a Windows SSO authentication, he is able now to edit the UI language

VG Identity Server

  • New APIs
    • ChangePassword()
    • ForcePassword()
    • WriteLog()
    • GetCurrentPermissions()
    • GetCurrentRoles()
    • SetProfileAttribute()
    • GetProfileAttribute()
    • GetAllRoles()
    • Grant and Revoke Role
  • When connecting to a VG Repository via VG Identity Server, accessible databases are automatically listed.

Visual Guard 2020.0

VG Security Runtime

  • Support for .NET Core
    Visual Guard now supports .NET Core with a new assembly  Novalys.VisualGuard.Security.Core
  • Permission Matrix
    You can now generate a permission matrix at role, group, and user level. This matrix shows in a grid the dependencies between users, roles, and permissions.
    Permission  Matrix
  • VG Server private mode is now replaced by a direct HTTPS communication from the VGSecurityRuntime to VG Identity Server
  • Support for PowerServer 2021
    • Authentication modes supported with PowerServer 2021:
      • Windows accounts (authentication via Active Directory)
      • Single Sign-On with Windows accounts
      • OAuth2 authentication
      • Token-based authentication
      • Login/password authentication

PowerServer 2021
    • Dynamic permissions supported for PowerServer 2021
      Dynamic permissions are Fine-grained permissions implemented without modifying the code.
      They control access to specific features in the PB client, as well as the Web API. On the server-side, they allow securing resources (DB tables in most cases), regardless of the client technology: PowerBuilder, .NET, Angular, etc.

VG Identity Server 

VG Identity Server is a new Server. It is replacing both VG Server and VG WebPortal, which are no longer included in Versions 2020 and above.
VG Identity Server manages Identities and Access Control, using OpenID Connect or OAuth 2.0 protocols.

In addition, VG Identity Server can also:

  • Authenticate users via external identity providers (Microsoft, Google, Facebook, etc.)
  • Manage user sessions 
  • Federate several independent websites or applications across a single user session (Single Sign-on)
  • Generate or validate tokens
  • and more…

VG Identity Server supports contextual roles and groups, to adapt an authentication UI to the business context of a user.

WebConsole

  • New Design
    The Visual Guard WebConsole has been redesigned and offers more customization options and styles

  • Visual Guard WebConsole User Identity Management Dashboard
  • New features: 
  • Enhanced monitoring:  information has been narrowed down to relevant events. Data is preloaded for faster response time.

  • Visual Guard Workflows
    VG Workflows are managed within the VG Web Console.
    They replace VG notifications and are meant to automate the detection of certain application events, to trigger required actions.
    They are created/edited with a visual designer.
Visual Guard WebConsole User Identity Management Dashboard

Visual Guard Documentation

Visual Guard 2019 GA

Support of .NET Core

  • Visual Guard 2019 is compatible with .Net Core to secure cross-platform (Windows, macOS, and Linux), cloud, and IoT applications
Visual Guard supports .NET Core

Support of Angular

  • VG 2019 includes a new module to simplify the integration with Angular applications.
Visual Guard supports Angular

Web Administration Console

  • The VG 2019 Web Console has been redesigned. In addition to offering a modern look, it is now responsive and can be used on all screen sizes, including mobile devices.
  • The web console also includes new graphs for applications and sensitive activities monitoring

Win Administration Console

  • Visual Guard 2019 supports securing .Net Core applications (.Net Core Console and .Net Core Web Applications), Hence using Visual Guard WinConsole, you can add your .net core applications to the repository.
  • In the Event viewer wizard, it allows to filter event logs by application.
  • Now, you can have the progress status of deployment process in deployment repository wizard.
  • It allows to 'Edit Permissions' for Role and PermissionSet in more user-friendly way.
  • It allows to 'Edit PermissionSets' for Role and PermissionSet in more user-friendly way.