There are many exciting new features and enhancements in the 2016.6.0 release, but the primary emphasis has been on security, performance, and usability improvements.
Finding reports and projects in AMP has not been as easy as it should be. Our users have given us feedback that the Recent Organizations widget and the site search are not so useful as navigational elements. We agree, and we’d like to introduce Version 1 of the AMP Search Widget. The AMP Search Widget allows users to search for reports, projects and organizations and to perform some quick actions without drilling in to other pages in the application. Over the next several releases we will be improving this widget to make it more usable. Planned enhancements include filters, such as Recent Reports, Bookmarked Reports, Creation Date and other options. Additionally, users will eventually be able to customize their view of the widget, specifically the data that is displayed in it.
With this release, all new users to the system will have this widget on their dashboards instead of the Recent Organizations widget. Existing users can choose to add this widget to their dashboards when they are ready. Once the new widget is sufficiently meeting all of our users’ needs, we will deprecate the Recent Organizations widget as well as the site search that appears in the header on every page in AMP. We would love to hear your feedback on this widget as we work on subsequent versions, so please contact us at firstname.lastname@example.org to let us know what we can do to improve this widget for you.
Two-Factor Authentication and Improved Authentication Security
Many security improvements have been made across SSB systems over the past several months. Of note in this release is the introduction of Two-Factor Authentication and improvements to the system’s handling of unsuccessful login attempts.
Two-Factor Authentication: Customers who wish to require additional security for their user logins can request Two-Factor Authentication to be enabled for their AMP instance. When enabled, all users of the system will be required to enter a temporary and unique code that is emailed to them when they attempt to login, along with their username and password. To have two-factor authentication enabled for your AMP instance, please contact us at email@example.com.
Improved Authentication Security: Users who have more than five consecutive, unsuccessful login attempts into AMP will now be locked out of the system. Users who are locked out of the system will be able to reset their password with the “Forgot password?” feature after being locked out.
Bulk Upload of Users
System Administrators have the ability to bulk add users through the use of a CSV file with header row:
For the amp, university and helpdesk columns, the row should contain the end date for the User's license, formatted as follows: yyyy-mm-dd. If the user should not have a license, leave the column blank.
AMP API Authentication Method Updates: AMP 2016.6.0 Release (8/26/2016)
In order to improve system security, some AMP API methods were deprecated effective immediately upon release of AMP version 2016.6.0 on August 26, 2016. The specific methods that will be deprecated are:
- iftb_amp_login (NOTE: This method was previously deprecated but is still in use by some customers)
All support for use of these methods will be deprecated because of incompatibility with updated password security measures in the AMP system. In any case where a customer is using the AMP API for SSO or other purposes, and they are specifically using either of these methods, they will no longer work and an error message will be received. Both of the above methods should be replaced with the new method "Authenticate" anywhere they are called. Note that this new method takes in the email address and password of the user and will pass that information to AMP over SSL.
I thank you for your continued partnership with SSB BART Group, and as always, if you have any questions, concerns or feedback please reach out to me at firstname.lastname@example.org.