Now Available — Access Server 2.11.1
Now with Improved SAML and PAS Authentication Functionality
At OpenVPN, we’re constantly improving and perfecting our products, and responding to customer feedback is integral to that process. Customers asked for more SAML use case support, and the Access Server 2.11.1 release delivers exactly that.
What Is It?
OpenVPN Access Server 2.11.1 offers improved authentication functionality for both Security Assertion Markup Language (SAML) and Post Authentication Script (PAS) authentication methods.
Below are three use cases for which we’ve made specific improvements to this latest version of Access Server.
Automatic Group Assignment
Customers asked for automatic group assignment based on identity provider (IdP) configuration. Access Server 2.11.1 includes a post_auth group mapping script (also called a plugin) for automatically mapping SAML groups to Access Server groups.
Forced Re-authentication Option
Customers also asked for the option to force (or not force) re-authentication on each authentication attempt. Access Server 2.11.1 includes authnforce flag support, so you can set forced re-authentication for every authentication attempt using a SAML identity provider (IdP).
Flexible Authentication Methods
Additionally, customers requested the ability to use more authentication methods in addition to username/password on SAML. With Access Server 2.11.1, you now have the flexibility to use the authncontext configuration to tap into additional SAML provider authentication methods, including x509 certificate authentication and other supported SAML features, so you’re no longer limited to username/password authentication.
PAS-Only Authentication Functionality
With Access Server 2.11.1, you can still load a post-auth script for your custom authentication method, one of our provided plugins. Only now, you also assign it in the Admin Web UI as the default authentication method, or per user or group. Simply select PAS-only in the Admin Web UI.
With this PAS-only functionality, you can use the post_auth custom authentication system in conjunction with other authentication methods on a per-user or per-group basis.
Recommended Reading: How SAML Authentication Works with Access Server
Why Does It Matter?
This release is a response to specific customer requests for the use cases we detailed above. We’re happy to offer solutions that are as flexible and customizable as our users’ needs.
For network security professionals who use SAML identity providers (IdP) for authentication, Access Server 2.11.1 enables automatic group assignment based on IdP configuration, the option to force re-authentication, and the use of authentication methods other than username/password.
For network security professionals who want to control authentication with a custom Python script, Access Server 2.11.1 provides PAS-only (Post Authentication Script) authentication with enhanced security.
Recommended Reading: Now Available — Access Server 2.11.0 Update
How Do I Get Started?
To get started with the new SAML functionality, update to the latest version of Access Server — or install Access Server for the first time! Our Quick Start Guide has everything you need to get up and running.
For all the details on this latest release, be sure to check out the Access Server Release Notes.
You’ll also find a lot of helpful information in the following resources:
- How SAML Authentication Works with Access Server
- Authentication: SAML
- User Management: Group Permissions
- User Management: User Permissions
- TOTP Multi-factor Authentication
- Authentication: Settings
- OpenVPN Access Server post_auth SAML Group Mapping Script
Get Started Today
Ready to take your business to the next level with Access Server or OpenVPN Cloud? Work from anywhere and from any device with confidence. Create an account today to get the secure network connectivity your business needs.