Enhancements
- Upgraded Java Run-Time Engine to Version 11
Corrections
- System
- Removed log4j and replaced with latest fully patched log4j2 version.
- Improved UI speed by removing unnecessary health check calls.
- Removed unused libraries from installer.
Groups and IDs
This information applies to version 9.2.9 and later.
To import AD logon accounts, you need to set up Active Directory with the Manager Group Type.
- Go to User Management – Import Users – Active Directory – Setup. Ensure that you select Group Type “Manager” and also “Create manager logon account for each manager.” Then import AD manually or schedule an import.
- A job is submitted to the job queue, and the AD logon accounts are imported. Go to User Management – Logon Accounts to view the added accounts.
- When a logon account is created, you will receive an e-mail. However, if the logon account already exists, no e-mail will be sent after logon accounts are imported.
- If a logon account is edited, it will be reset to the grouping set in Active Directory if managing your groups and IDs outside the product.
- If logon accounts are no longer manager accounts in Active Directory, they will remain as such in the product. The product does not remove the manager account role.
- When AD logon accounts are imported, they are sorted uppercase before lowercase on the User Management – Edit Users screens based on the groups and IDs in the product. This applies to all other AD group types as well.
For CyBlock Cloud customers, CyBlock Directory Agent is a directory synchronization tool that bridges the gap between your internal Active Directory (AD) and CyBlock Cloud service. It updates the user information required by the cloud service keeping the cloud service in sync with the local AD.
The highlights of how the Directory Agent works are as follows:
- A CyBlock Cloud account is created for you with the Directory Agent module enabled.
- You will receive an e-mail notification to complete your registration by logging on to the interface.
- You install the Directory Agent on an appropriate computer that has internal network access to AD
and external network access to the cloud service. - Once the Directory Agent is installed, you pair the installation with your cloud account.
- You create an AD configuration to link to your internal AD. Multiple AD configurations may be created.
- You import users and groups from AD manually or schedule a daily import.
- The imported users and groups are synced with the cloud service.
- You can view the imported users and groups to verify the grouping structure.
- When AD configuration changes occur, they automatically sync with the cloud service.
If manual attempts to import from Active Directory fail, please try the following:
- Stop the Cyfin or CyBlock service.
- Navigate to the db directory:
- Cyfin: C:\Program Files\Wavecrest\Cyfin\wc\cf\db
- CyBlock: C:\Program Files\Wavecrest\CyBlock\wc\cyblock\db
- Delete the file sessions.xml.
- Restart the service.
- Attempt the Active Directory import.
If the issue persists, please contact Technical Support.
The following explains the symbols that may appear in user names:
- User IDs with appended $ characters are machine names that are contained within the browser header information. These names are unauthenticated server names submitting a request without the machine being logged on to. Since there is no user ID for the request, the machinename$ is used for the authentication challenge request.
- If the user ID *$ does not exist in the VIP group, the machinename$ user ID is added to the Ungrouped IDs group.
- If the user ID *$ exists in the VIP group, all unauthenticated machine traffic is compiled in the *$ user ID.
- Filter policies are not applied to machine names, and they do not count against your license.
- The IDs # and none# appear if the browser fails to send a proper user name when challenged by the proxy. This happens sporadically and is not easily reproducible in order to provide a direct resolution. The issue is currently under investigation.
If you have any questions, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.