Changelog
SkySparcContact Us
Back to All

Major Release: OmniFi v9.3

about 2 months ago by Fredrik Lindqvist

OmniFi v9.3

OmniFi v9.3 provides improvements in the areas of security, identity management and audit reporting, facilitated by a new OmniFi Server component joining the family. We have further optimized user administration by moving more functionality from OmniFi Administration to the Web portal.

OpenId Connect authentication

OmniFi v9.3 allows you to authenticate user accounts with OpenId Connect identity providers like Microsoft Entra ID, Auth0 or PingID.

OpenId Connect (OIDC) is an authentication standard supported by many leading identity providers, including Google and Microsoft Entra ID (formerly Azure Active Directory). Based on the OAuth 2 standard, OIDC supports 2FA/MFA and provides a modern and secure way for users to assert their identity.

You can enroll multiple OIDC providers to facilitate the needs of different types of users, and of course mix and match with the classical Windows or TRM authenticated accounts, all while account mapping provides seamless access to underlying data sources.

Linking OmniFi accounts to OpenId Connect identity management enables modern security features like multifactor authentication, and centralized account management.

Audit reporting

Information security standards and auditors commonly require transparency into the usage and configuration of IT systems, often manifested as different kinds of audit reports. While OmniFi's rich reporting tools are great to create audit reports by reading directly from the OmniFi database, v.9.3 provides new query types to read authentication logs and permission setup.

Authentication audit query

With OmniFi v9.3, every attempt to log in to OmniFi is logged into an authentication log and retained for reporting purposes.

The data source SkySparc->Audit->User authentication log allows you to query the authentication log and create reports to suite your needs.

Reading the authentication log requires the Administration/Users permission.

User permissions query

Using the data source SkySparc->Audit->User permissions you can query the account and permission structure and create reports to suit your needs.

Reading the permission configuration requires the Administration/Users permission.

Client disconnected from database

In the process of IT infrastructure hardening, on common TODO is to strictly separate client and server networks, including prevention of access to data stores like databases directly from the client network. With v9.3 the day-to-day client applications OmniFi for Excel, Reconciliation Board and Interfaces retrieve the data they require via OmniFi Server, allowing them to operate without direct database access.

Autotest and autotest-cli are heavy database frontends that require fast low-latency data access, and together with OmniFi Administration still require direct database access.

OmniFi Server

OmniFi Server is a new server component that enables us to deliver the previously mentioned enhancements. OmniFi Server provides authentication, authorization, session management and database access services, with much more to come in the future.

OmniFi Server is a sleek, high-security HTTP service that deploys as an IIS app, as a Windows Service or natively as an Azure App Service, including integration with Azure Insights monitoring.

All authentication and authorization runs through OmniFi Server, with optional delegation to Agent as needed, providing a centralized point of protection and monitoring.

Administer users in the web portal

Continuing on the work we started with v9.2we have moved more functionality from OmniFi Administration to the web portal. You can now manage data source mappings by individual account or by user group directly in the web portal.

This means there is one less reason to start the OmniFi Administration desktop application, and instead use the convenience of the web portal.

We have also added a Permissions main tab to the user admin page. While the Users and Groups tabs were designed to effectively manage permissions, user accounts and groups/roles, it was more difficult to answer questions like "who can administer users in OmniFi". The Permission tab does just that.

Selecting a permission, you can see all permittees listed, and navigate among them. This makes the permission structure much more transparent and navigable.