The major features of 2.5 are an extensive rework of the AAA (Authentication, Authorization, Account) system, already here in Beta1; and Custom Backup Flows, which are coming in Beta2.
First there is the introduction of Object Access Policies, which replace previous Device Access rules. Since Tags can be used on many objects now (not just Devices), Object Access Policies provide more fine-grained access controls to any / all objects in Unimus. You can create as many policies as you like, and you then assign a Policy to a User, specifying their access.
Next up is the possibility to create Unimus accounts automatically for new users authenticated by external AAA systems (Radius and/or LDAP). Up until now, before a user could log in using external AAA, an account in Unimus had to be created manually. This system allows for automatic provisioning of new user accounts when using external AAA. No more manual account creation!
Builds are available for download here:
https://unimus.net/download-dev
Full Changelog:
Let us know if you have any feedback / questions on this release, or if you run into any issues!= Version 2.5.0 =
Features:
Device Tags have been renamed to just Tags, since they can be used on many more objects than just Devices now
When deleting a Zone, you can now choose to move devices to any other Zone you have access to before deleting the Zone
Added an option to create a new Credential directly in the Credential Binding window
Added a Zone ID column to "Backups > Devices" table
Added a link to open the last failed job details to the "Device > Info" window
Added a notification banner to "Backup Filters" when user doesn't see all filters due to Access Policy restrictions
Added a notification banner when tyring to edit a Backup Filter when you don't have access to all devices covered by that filter
Added a better message when a user with the "None" role attempts to log in
Added additional "Used by..." columns to the Tags table showing usage of Tags across Unimus
Added an option to not show Unmanaged devices in results of Config Search
Added an icon for credentials in High Security Mode to all relevant tables
Added an option to specify your own Pushover API Key in Pushover settings
Added an option to select the color scheme of diffs sent by notifications
Added a help popup to "Notifications > Show FQDN"
Fixed various small UI / UX issues and UI element misalignment and sizing issues
Device Access was reworked into Object Access Policies:
- you can now create complex Object Access policies which specify where a user should have access to
- Object Access Policies can then be assigned to users to limit object access across Unimus
- existing Device Access rules will be migrated to new Object Access Policies automatically
- more info at: Blog article coming soon
Added an option to create user accounts for users successfully authenticated by an external auth system:
- this allows provisioning of users on first successful login to Unimus when using Radius / LDAP auth
- using this system, you no longer need to create user accounts in Unimus for external AAA users before they can log in
- both Role and Object Access Policy for automatically created accounts are configurable
- more info at: Blog article coming soon
Improvements to APIv2 / APIv3:
- added the zoneId attribute to all Devices and Diff APIv2 endpoints
- added the zoneId attribute to multiple response objects in APIv3 where it was missing
Added support for:
- CheckPoint Gaia running on bare metal
- CheckPoint TE series
- CheckPoint QLS (Quantum Light Speed)
- iS5 IMX devices
- iS5 iES devices
Fixes:
Fixed selection model breaking in the Credentials table after editing a Credential
Fixed issues when changing large amount of objects (2000+) in a single operation when using MSSQL
Fixed multiple other object manipulation failures when using MSSQL (Device Zone change, etc.)
Fixed wrong / extraneous logging during the database upgrade stage when updating
Fixed more cases when jobs could fail on Checkpoint Gaia devices
Security fixes:
Only Administrator-level users can now change Retention settings
Fixed cases where users could see Backup Filters even for devices they did not have access to