Privileged Remote Access 24.3.1 release notes

November 14, 2024

Requirements

Requires Base 7.3.0.
Requires ECM 1.6.2.
Requires Integration Client 1.7.5.
Supports upgrades from PRA 23.3.4+.
Before upgrading, ensure any SSL certificates used are either from a trusted Certificate Authority, or, for self-signed certificates, the certificate is either trusted on all endpoints or explicitly included in their installation.

New features and enhancements

Linux Jumpoints can now be deployed as Docker containers.
Linux Jumpoints now support Network Tunnel Jumps.
Clustered Jumpoints can now server as Jump Zone Proxies.
- Configuration of Jumpoints as Jump Zone Proxies has been moved to /login on the edit Jumpoint screen.
- Jump Zone Proxies now leverage mDNS to broadcast availability. If Jump Clients and Jumpoints cannot reach the appliance directly, they will automatically attempt to use a reachable and broadcasting Jump Zone Proxy without having to be pre-configured to do so. This requires multicast to be enabled on those networks.
Postgres database proxy protocol tunnel Jumps are now supported.
MySQL database proxy protocol tunnel Jumps are now supported.
Azure SQL is now supported by SQL Server Protocol Tunnel Jumps.
AWS EKS is now supported by Kubernetes Proxy Protocol Tunnel Jumps.
Users can now right-click on a Jump Group to start sessions with all items in the group (a maximum of 10 Jump Items in the Jump Group is supported for this).
The desktop access console user interface has been updated in a number of ways.
- Active session queues and group chats have been moved to their own separate tabs, to increase focus on starting sessions with Jump Items.
- Jump Group membership is now update in real-time; a user no longer has to log out and log back in to see the changes.
- The login screen no longer shows "Launch Infrastructure Access Mode" as a selectable option. The UI modes of behavior are now located under File > Settings, and three modes are supported.
- When the UI is in system tray mode (formerly known as "Infrastructure Access Mode"), you are no longer forced to use external tools, and the session respects the console settings.
Added the option to have sessions use static username and port values when using external tools. This enables creation of bookmarks in all external tools that can point to a username ("bt") and port number that will persist from session to session.
A full integration with Entitle is now available from the Entitle library of integrations. Managing user membership in Jump Groups, Group Policies, Accounts, Account Groups, and Teams are all currently supported.
Automatic SSH aliasing is now supported, enabling the start of an SSH session with the simple syntax of "ssh `jump_item_name`.bt.ssh".
Added a new special action to reconnect RDP sessions without ending the current customer session.
Users can now drag files from their desktop or file manager and drop them into the remote file transfer window.
Password Safe Jump Items are now automatically listed without requiring a search.
The external tools dropdown menu now shows locally detected tools.
Windows Jump Client installers have been updated to use MSI.
The simultaneous Jump setting is now a Jump Policy setting in addition to a global setting.
Endpoint automation has been enhanced with resource files and various UI improvements.
Group policies can now be reordered using numbers instead of having to drag and drop them.
The Jumpoint configuration API now includes a key_info attribute.
macOS 15 Sequoia is now supported.
Administrative Units in Microsoft Entra ID are now supported in Vault.
Added the request number to the Jump Approval panel in the representative console.
Enhanced session support for Cloud PC (AVD/Windows365 and Terminal Services Environments).
While editing an IP Network Tunnel Jump Item, you can now double-click a filter to edit the entry.

Issues resolved

Product Area	Description	Resolution
/login > Users & Security > Users	When generating a user account report for SAML users, the report failed to populate data, displaying only headers, and the Excel download functionality was non-operational.	User account reports for SAML users now populate correctly with data and can be successfully exported to Excel.
/login > Vault > Account Groups	When associating generic credentials with a large number of Shell Jump Items, the process would fail and display an error.	Associating credentials with Shell Jump Items now works as expected, regardless of the number of Shell Jump Items involved.
/login > Vault > Discovery Jobs	When performing OU-specific credential discovery, the discovery would fail if the OU had special characters in the name.	Credential discovery now succeeds even when the OU name contains special characters.
/login > Vault > Accounts	If a vendor user created a personal Vault account and the vendor user was deleted, the personal Vault account remained instead of being removed.	Personal Vault accounts are now automatically deleted when the corresponding vendor user is removed.
/login > Users & Security > Security Providers	Kerberos and RADIUS servers could not authenticate or use one-time passwords with Jump Items.	Kerberos and RADIUS servers can now successfully authenticate and use one-time passwords with Jump Items.
/login > Jump > Endpoint Automation	Scheduled endpoint automation jobs could not be canceled.	Scheduled endpoint automation jobs can now be successfully canceled.
/login > Jump > Endpoint Automation	Deleted endpoints did not update their status properly.	Deleted endpoints now update their status correctly.
/login > Users & Security > Vendors	The default vendor portal settings were blank after changing languages.	The default vendor portal settings now display as expected after a language change
/login	When logging into a failover or clustered appliance, users were sometimes directed to an unavailable page, resulting in an Internal Server error.	Users are now directed to the Status page.
/console	When logging into /console on an Atlas cluster node, the connection would frequently disconnect.	The connection to /console on an Atlas cluster node now remains stable.
/login > Vault > Discovery	When attempting to import local credentials using Jump Client discovery, a "forbidden" error would display.	The error message now provides information about the permission that is required.
/login > Reports > Jump Items	A tooltip pointed users to the wrong location to specify logging limit values.	The tooltip now points users to the correct location.
/login > Jump > Jump Items	The help text for RDP Jump Items used an incorrect term for the Best Performance quality setting.	The help text now correctly references Best Performance as a setting.
Session authorization request	After clicking a Jump approval link and logging in, users were directed to the wrong page.	The correct page now loads when a user clicks a Jump approval link.
/login Jump > Jump Clients	An error was displayed when trying to extend a Jump Client installer immediately after creating it.	A Jump Client installer's duration can now be extended immediately after creation.
/login > Status > Information, API	The Company API Name was displayed when it should have been hidden.	The Company API Name has been hidden.
Site Login	Daylight saving time would cause time-based one-time password authentication to fail.	TOTP authentication now succeeds regardless of daylight saving time changes.
/login > Jump > Jump Items	Attempting to edit the endpoint user agreement resulted in a Forbidden error.	The endpoint user agreement can now be edited and saved.
/login > Jump > Jump Clients	Jump Client installers appeared to expire two hours before their actual set expiration time.	Jump Client installers now show the expiration time correctly.
/login > Reports > Compliance	The Compliance tab was hidden for users with limited permissions to view presentation reports.	The Compliance tab now appears as expected.
Access Console > Jump Groups	Attempting to search for a Jump Item in My Jump Group would result in an error.	Searching in My Jump Group now works correctly.
Access Console > Infrastructure Access Console Mode > Jump Items	The Jump Item list in Infrastructure Access Console Mode was sorted by Name Ascending, whereas feedback indicated a preference for sorting by Recently Used.	The Jump Item list is now sorted by Recently Used.
Access Console > Jump Item Approval	The Jump Approval window would sometimes remain open even after the user clicked outside the window.	The Jump Approval window now closes as expected.
Access Console	If network restrictions require the access console to be on the VPN to connect, a VPN disruption would cause the access console to disconnect and reconnect, allowing access as if the VPN were still active.	After a VPN disruption, the access console will disconnect and not allow reconnection until the VPN is restored.
Access Console > Session > Command shell	The command shell window would not scroll under certain circumstances.	The command shell now scrolls as expected.
Access Console > Network Tunnel	IP address ranges were not working correctly, causing Network Tunnel sessions to fail.	IP addresses are now handled correctly.
Access Console > SQL Server Tunnel	SQL Server Tunnel sessions on Windows 11 would timeout and end unexpectedly.	SQL Server Tunnel sessions now run correctly on Windows 11.
Access Console > Network Tunnel	Network Tunnels in Microsoft Azure environments would sometimes terminate unexpectedly or show the incorrect tunnel status.	Network Tunnels through Windows Jumpoints in Microsoft Azure environments are now better supported.
Access Console > Network Tunnel	The access console would sometimes stop responding immediately after connecting to a Network Tunnel Jump Item.	The access console now runs consistently after connecting to a Network Tunnel.
Access Console > Infrastructure Access Console Mode	The access console would sometimes stop unexpectedly when exiting a Shell Jump session in Infrastructure Access Console Mode.	The access console now remains stable during Shell Jumps in Infrastructure Access Console Mode.
Access Console	The access console was unable to reconnect after a network connection interruption if the host system had more than one NIC.	The access console now attempts to reconnect if the active NIC is disabled and a secondary NIC is available.
Access Console > Jump	A new Jump could not be initiated if another Jump Item was already in the process of starting.	Jumping to multiple Jump Items is now allowed and correctly handles cases where some Jump Items are already starting.
Access Console > Network Tunnel	A Network Tunnel Jump Item would not start if the system's username had Unicode characters in their name.	Network Tunnel Jump Items can now handle Unicode characters in usernames.
Access Console > Jump Clients	When updating to a new release, Jump Clients updating via Jump Zone Proxy would appear as though they never finished.	Jump Client updates now correctly show completion.
Access Console > Web Jump	When attempting a Web Jump to the Azure Developer Portal, a redirect interfered with the injection process, disrupting the connection.	Web Jumps now ignore redirects, allowing connections to sites like Azure to function properly.
Access Console > Web Jump	Web Jump attempts failed on Ubuntu 24.04 because remote terminals were included in the terminal list.	Web Jumps can now connect on Ubuntu 24.04.
Access Console > Web Jump	If someone attempted to start more than one Web Jump session through a Linux Jumpoint, the second session would time out.	Multiple Web Jump sessions can now be run through a Linux Jumpoint.
Access Console > Web Jump	Web Jump attempts would fail to log in to certain Palo Alto interfaces.	Web Jumps can now be completed to Palo Alto interfaces.
Linux Endpoint Client	The endpoint client icon was appearing incorrectly on Ubuntu 24.04.	The endpoint client icon now displays correctly.