Release Notes Archive - 2020

This article lists the features, enhancements, bug fixes, and components of the Banyan Platform released in 2020

Refer to the current release notes here for the latest Banyan Product features, enhancements, and bug fixes.

2.63 Release Highlights

Enhancements & Updates

  • Filters in the Events Log Viewer support multiple values; for example, you can now search for events corresponding to User-A OR User-B OR User-C.
  • Improved Access Tier documentation, with dedicated sections on deployment models and troubleshooting.

Bug Fixes

  • Access Tier Site Domain Names were sometimes not reflecting correctly in Banyan Command Center.

2.62 Release Highlights

Enhancements & Updates

  • Performance and stability improvements.

Bug Fixes

  • Added backend validation to disallow invalid characters (such as a slash (/)) in service names.

2.61 Release Highlights

Enhancements & Updates

  • Additional filters (Event Severity, Event ID, and External ID) in the Events Log Viewer.
  • Command Center Dashboard displays a dedicated tile for Unregistered Devices. (This tile only appears if your organization has Unregistered Devices allowed at the Organization level.)

Bug Fixes

  • If an IDP sends a large number (>100) of groups to Banyan in the SAML/OIDC assertion, users may see failures when logging in via Banyan Desktop App.

2.60 Release Highlights

New Features

  • Support for OneLogin as an IDP Routed Service. (This feature is in early preview and will be enhanced with future releases.)
    • Allows OneLogin customers to enable device trust for SaaS applications.

Enhancements & Updates

  • Various enhancements for Banyan Apps (Desktop App v.1.10.0 and Mobile App v.1.9.0).
  • Updated TCP Service templates (SSH, RDP, Kubernetes, and Generic TCP) to allow Hostnames and CIDR ranges.
  • Select multiple Access Tiers for a single service.
  • Filter Devices by TrustScore in Command Center.

Bug Fixes

  • Attempting to view or edit existing services in the Command Center only loaded a blank page.

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.10.1 (macOS, Windows, Linux-Ubuntu, Linux-RPM) Netagent v1.31.0 (Changelog) Shield v1.29.0 (Changelog)
Mobile App v1.9.0 (iOS, Android)   Command Center v1.41.0

* Not updated since last major release

2.54 Release Highlights

2.53 Release Highlights

  • Initial release of Banyan’s Just-In-Time SSH User (JITSU) provisioning and auditing script to streamline Advanced SSH capabilities.
  • Performance and stability improvements.

2.52 Release Highlights

  • Unknown Devices are now referred to as Unregistered Devices throughout Banyan. Devices in Banyan are classified as:
    • Managed – Device is administered by a Device Manager (such as VMware Workspace ONE UEM, Jamf Pro, Microsoft Intune, etc.)
    • Registered – Device has a Trusted Device Certificate in its keychain/certificate manager; the Device Certificate can be placed in the keychain/certificate manager either by the Device Manager or by the Banyan App.
    • Unregistered – Device does not have a Trusted Device Certificate in its keychain/certificate manager
  • Performance and stability improvements.

2.51 Release Highlights

  • Updated TrustScore logic so that the range for High Trust Level changed from 81-99 to 81-100 and AlwaysAllow changed from 100 to 101.
  • Added ability to configure SAML attribute mapping and ability to persist Name ID for SAML SaaS applications.
  • Improved Dashboard data quality.
  • Deprecated the Legacy Events page in the Command Center along with Legacy Events API, which has been replaced by the new Events API.

2.50 Release Highlights

  • One-click access for Kubernetes Services.
    • Introduced a new TCP Service Type of “Kubernetes” for secure access to Kubernetes API via kubectl. Includes support for just-in-time user provisioning and integration with native K8S RBAC. No updates to kubectl client or Kubernetes API required.
  • Enhanced support RDP Servers.
    • Leverage RDP clients’ RD Gateway support to provide access to a collection of RDP Servers.
  • Added ability to exempt specific Source IPs from Policies for OIDC Web Services

Component Versions

Client Components Enforcement Components Management Components
Desktop App* v1.9.0 (macOS, Windows, Linux) Netagent* v1.30.0 (Changelog) Shield* v1.28.0 (Changelog)
Mobile App* v1.8.0 (iOS, Android)   Command Center v1.38.0

* Not updated since last release

2.43 Release Highlights

  • List all Users and Devices by Role in the Command Center.
  • Performance and stability improvements.

2.42 Release Highlights

  • Updated Users and Devices list views to support pagination.
  • Minor Desktop App release for bug fixes and stability.

2.40 Release Highlights

  • Administrators can customize TrustScore remediation instructions and links displayed to end users in the Desktop App. These instructions can be customized for each TrustScore factor and are specific to the device’s operating system.
  • Improvements to SSH service connectivity, including the ability to access collections of SSH servers by IP address via HTTP_CONNECT mode in Netagent. (This feature requires Desktop App v1.8.0+).
  • Initial release of Device Trust Verification capability to support native “sandboxed” apps. “Sandboxed” apps are iOS/Android/MacOS/Windows apps that use WebViews for authentication that are unable to access the Banyan Device Cert placed in the device cert store or keychain. Also introduced a Device Trust Verification tab in the Banyan Desktop and Mobile Apps to enter the device Trust Code to verify the device. (This feature is in early preview and must be explicitly enabled for your organization.)
  • Updated Role details and Policy details pages.

Component Versions

Client Components Enforcement Components Management Components
Desktop App* v1.8.2 (macOS, Windows, Linux) Netagent* v1.29.1 (Changelog) Shield* v1.28.0 (Changelog)
Mobile App* v1.8.0 (iOS, Android)   Command Center v1.33.0

* Not updated since last release

2.34 Release Highlights

  • Content and stability enhancements to the new Events API.

2.33 Release Highlights

  • Automatically remove terminated agents from Command Center views after 48 hours of inactivity.

2.32 Release Highlights

  • Updated Command Center landing page
  • Initial release of new Events API and UI. The current Events API will be deprecated later this year.

2.31 Release Highlights

  • Added ability to remove terminated agents from the Command Center

2.30 Release Highlights

  • Preferred Apps for Device Trustscoring now supports regex pattern matching for apps having process names that are variable or change regularly.
  • Enriched information collected about a Netagent when generating a one-click support bundle.
  • Ability to create allow list of backends and ports (including CIDR ranges) when configuring services.
  • (Bugfix) Previously, when configuring CORS, the target parameter only supported a wildcard (*). Now, the target parameter supports actual domains.

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.7.1 (macOS, Windows, Linux) Netagent v1.28.0 (Changelog) Shield v1.27.0 (Changelog)
Mobile App* v1.6.0 (iOS, Android)   Command Center v1.29.0

* Not updated since last release

2.23 Release Highlights

  • (Bugfix) Certain end user facing “reporting” APIs were incorrectly applying Policy calculations.

2.22 Release Highlights

2.20 Release Highlights

  • Simplified configurations for TCP Services - admins can preconfigure all end user parameters and optionally allow end users to override those.
  • Added HTTP_CONNECT mode to Netagent and a corresponding HTTP_CONNECT_DAISY_CHAIN mode in the Desktop App banyanproxy. When enabled, the banyanproxy forwards the client’s HTTP CONNECT request to Netagent, and Netagent forwards the request to the configured destination.
  • Issue short-lived SSH certificates for certificated-based authentication and authorization to SSH servers. (This feature is in early preview and must be explicitly enabled for your organization).
  • Initial release of Application Catalog, which features guides to configure access to common enterprise applications for Zero Trust security using Banyan.
  • Added ability to delete Device Registration in the Command Center.
  • Added ability to manage cryptographic tokens and certificates, such as your organization’s Root CA, in the Command Center.
  • Pagination for User and Device APIs.
  • When configuring SaaS Applications, you can specify nameid format for SAML applications.
  • (Bugfix) Email address response to SAML providers was formatted as a transient nameid.

Component Versions

Client Components Enforcement Components Management Components
Desktop App* v1.6.0 (macOS, Windows, Linux) Netagent* v1.27.1 (Changelog) Shield* v1.26.1 (Changelog)
Mobile App v1.6.0 (iOS, Android)   Command Center v1.23.1

* Not updated since last release

2.16 Release Highlights

  • Added configuration options for deploying Desktop App via Device Managers.
  • For devices managed by Workspace ONE UEM, device TrustScore calculation accounts for Workspace ONE UEM factors.
  • Command Center displays the Banyan App version installed on a device in the Device Details view.
  • (Bugfix) Admins could create a single role or policy multiple times with different letter casings.

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.5.2 (macOS, Windows, Linux) Netagent v1.25.1* (Changelog) Shield v1.23.1* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)   Command Center v1.18.0

* Not updated since last release

2.15 Release Highlights

  • Extended service spec to handle Cross-Origin Resource Sharing (CORS) traffic to Banyan-protected web services.
  • Updated Identity Provider configuration fields to consistently use new OIDC V2 endpoints. (If you have previously configured Passwordless Authentication with Okta, please review the steps to migrate from OICD V1 endpoints to OIDC V2 endpoints here.)
  • Added new Roles to apply policies based on the device’s operating system and whether it is managed by a device manager.
  • Added capability for an Admin to de-register and delete a Device from the Command Center.
  • Updated Settings > TrustProvider Settings > Device Manager page for added granularity when updating Workspace ONE UEM API configuration and device certificates.
  • (Bugfix) Admins could create a single service multiple times with different letter casings.

2.14 Release Highlights

  • Added configuration options for deploying Desktop App via Device Managers. Admins can customize specific Banyan Desktop App functionality such as device registration, startup behavior, visible views, and more.
  • Added Settings > Desktop & Mobile > App Deployment page, which includes download links for the latest Banyan Desktop and Mobile Apps, the Organization Invite Code, and Device Manager Deployment Settings.
  • Performance and stability improvements.

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.5.1 (macOS, Windows, Linux) Netagent v1.23.0* (Changelog) Shield v1.21.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)   Command Center v1.16.0

* Not updated since last release

2.13 Release Highlights

  • Initial release of Banyan Zero Trust security policies for SaaS Applications.
  • Added capability to send a “Support Bundle” of Netagent logs to the Banyan customer success team via a button click in the Command Center, streamlining support and troubleshooting processes.
  • Passwordless Authentication no longer always blocks unregistered devices. Now, if an organization configured for Passwordless permits access from unregistered devices, a user on an Unregistered Devices will skip the Passwordless flow and instead receive a prompt to enter IdP credentials.
  • Published Users & Devices APIs.
  • Shield logs are now displayed in the Banyan Command Center.

2.12 Release Highlights

  • Added capabilities to enable large-scale fleet deployments using Device Managers.
  • Desktop App - Added features to improve the authentication experience and to support developer workflows.
  • Updated Access Tier CloudFormation deployment template to support traffic redirection from Port 80 (HTTP) to Port 443 (HTTPS).
  • (Bugfix) Inconsistent Device TrustScore enforcement in certain situations.
  • (Bugfix) Users on Unregistered Devices were not being tracked correctly in the Command Center.
  • (Bugfix) Netagent - Cookie logic fix for WebSockets and Multi-domain Services.

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.5.0 (macOS, Windows, Linux) Netagent v1.22.0 (Changelog) Shield v1.19.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)   Command Center v1.14.0

* Not updated since last release

2.11 Release Highlights

  • Host Agents and Access Tiers display their current status in the list and overview pages. The status for an Access Tier is the “best” (Reporting, Inactive, or Terminated) status of any of its aggregated Netagents.
  • Added IDP Routed tab to the Manage Services page to distinguish SaaS Applications secured via Identity Federation.
  • Netagent - Added a configuration option to redirect traffic from Port 80 (HTTP) to Port 443 (HTTPS). (Previously documented as Known Issue FD-212)
  • Changed Transactional Email provider from GoogleCloud to SendGrid. (Please check your spam filters in case Banyan system emails are automatically filtering as spam)
  • (Bugfix) Aggregation of User/Device/Role was being done inconsistently.

2.10 Release Highlights

  • Banyan App - Desktop App can be installed on devices running the Ubuntu Linux operating system.
  • Service configuration details are now reported from Netagent and displayed in the Banyan Command Center.
  • Wildcard service definitions (*.example.com) have been extended to cover WEB services (wildcards previously only worked for TCP services).
  • Netagent - When OpenID Connect is enabled for a Service, you can now exempt specific paths from the OIDC Authentication requirement. (Previously documented as Known Issue FD-467)

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.4.1 (macOS, Windows, Linux) Netagent v1.20.0 (Changelog) Shield v1.16.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)   Command Center v1.12.0

* Not updated since last release

2.9 Release Highlights

  • Desktop App - Enhanced user experience, with specific focus on Developer workflows.
  • Command Center - Added OpenID Connect Discovery endpoint to Settings > OIDC Settings.
  • Published new enhanced V2 OpenID Connect (OIDC) endpoints, used in federated authentication flows. (Existing V1 endpoints used for Passwordless Authentication have been deprecated and will be removed in a future release.)
  • (Bugfix) Netagent - A race condition at the token validation stage was causing sporadic hangings of connections to applications.
  • (Bugfix) User Roles based on Device Claims were not computing correctly.

2.8 Release Highlights

  • More consistent real-time policy enforcement via TrustScoring.
  • Command Center - Organizations enabled with Single Sign-On can conveniently view types of Admins via the Manage Admins page.
  • Command Center - Added Hosts list and overview (Directory & Infrastructure > Hosts) to display and easily manage all hosts across clusters.
  • (Bugfix) Command Center - When creating services, removed the IDP-First option if an organization’s Identity Provider was not Okta. (Banyan currently only supports Okta for Identity Federation for Device Policies on SaaS Apps.)

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.3.0 (macOS, Windows) Netagent v1.18.0 (Changelog) Shield v1.16.0 (Changelog)
Mobile App (iOS v.1.4.0, Android v.1.3.1)   Command Center v1.10.0

2.7 Release Highlights

  • Added OCSP capability for device certificate revocation and the ability to ban and unban devices
  • Events API surfaces new Identity event types (OCSP, MDM, IDP) during authentication flow
  • Organizations can now have multiple Owners
  • New restrictions on SAML-Only administrators
  • Command Center - Streamline Infrastructure (Cluster, Access Tier, Host Agent) views
  • Desktop App - Added auto-update capability so end users are automatically notified of new versions and can update with a button click
  • (Bugfix) Desktop App - Fixed ‘Delete Device Registration’ error, banyanproxy now placed in PATH consistently
  • (Bugfix) Mobile App - Fixed “Invalid Token” error - notifications to inactive Mobile App is now sent based on the TrustScore TTL instead of every 24 hours

Component Versions

Client Components Enforcement Components Management Components
Desktop App v1.3 (macOS), Windows Netagent v1.17.0 (changelog) Shield v1.15.0 (changelog)
Mobile App v1.3 (iOS, Android)   Command Center v1.9

2.6 Release Highlights

  • Added support for OpenID Connect (OIDC) Discovery endpoint
  • Desktop App displays list of available Services and supports multi-org registration
  • Improved Services templates in Console UI
  • Added Role attribute “Device Registration” to configure roles for Known and Unregistered Devices
  • Disabled token generation and password-setting for SSO Admin accounts that use SAML

Component Versions

Client Components Enforcement Components
Desktop App v1.2.1 Netagent v1.15.1


Last modified: Aug 18, 2021