What’s New in Secure Access 12.50 and Insights for Network 3.50

Sections:      Secure Access 12.50      Insights for Network 3.50       Secure Access Cloud and MSP      Maintenance Releases

Absolute expands its ZTNA platform to detect, protect, and repair with new self-healing SaaS or On-prem infrastructure that supports both local and global organizations, tightened security controls, and expanded network and event visibility.

Absolute Edge, powered by Secure Access v12.50 and Insights for Network v3.50, adds support for new user authentication modes, adds resiliency for geo-dispersed deployments, bolsters security with new policy enforcement modes, and supports new ARM processors powering the next generation of mobile devices.

Key new features:

  • SAML authentication support.*
  • New active-active warehouse support–offers automated failover, self-healing, and improved distributed pool support.*
  • New ZTNA policy action strengthens security by forcing user reauthentication when security contexts change.
  • New ZTNA policy actions for enabling/disabling data collection improve compliance and enforcement.
  • New visibility for ZTNA policy enforcement to evaluate the impact of applying ZTNA policies and make proactive security policy decisions.
  • New resilient client option for Windows monitors, detects, and automatically repairs problems with client files and processes.
  • Agent support for Windows 11*
  • Client support for ARM processors on macOS and Windows devices.*
  • Improved support for Intune autopilot with hybrid-domain joined machines.
  • New and enhanced Insights for Network dashboards including 5G signal quality and network coverage, Wi-Fi signal quality mapping, and Secure Access connection status.    

Secure Access v12.50

Support for Modern, Federated Authentication Solutions

SAML Authentication*

Organizations are adopting modern, federated, and cloud-hosted authentication solutions for both remote and on-premises personnel. Secure Access customers can easily convert all or some of their users or administrators to any standards-compliant SAML identity provider, gaining instant access to the out-of-band, multi-factor authentication options, federated identity management in the cloud, and other capabilities available from their chosen identity provider.

  • Standards-compliant SAML authentication
  • Supports MFA options like push notification, voice calls, or SMS available in your SAML provider’s solution
  • Easy integration with cloud-hosted authentication solutions, regardless of where your Secure Access servers are deployed.
  • Simplifies administrative access to the Secure Access console, consolidates account management into a single directory service and facilitates single sign-on for apps sharing that identity provider.
  • Configurable “session token” option creates a persistent authentication session for a specific length of time, controlling how often users are prompted for SAML/MFA credentials.
  • Map SAML groups defined in the IdP to Secure Access groups and leverage Secure Access Policy and Role-Based Access Controls to manage their access to Secure Access services.

Mutual Authentication Protects all Authentication Protocols*

Regardless of which authentication method you configure, Secure Access v12.50 now automatically protects all authentication exchanges between agents and server.

  • AES encryption protects agent & server communications for all authentication methods
  • Secure Access agents and servers automatically establish a mutually authenticated tunnel to positively identify the user’s device and the Secure Access server before authenticating a user.
  • Protects against ‘pass the hash’ attacks on NTLM authentication exchanges. 

Zero-Trust Policies

Easy-to-implement, zero-trust, security controls provide the visibility and control administrators need to enforce a strong security posture without reducing user productivity. This release offers greater visibility to blocked and allowed traffic, and fine-grained controls over what behavior is allowed, denied, routed, or optimized by policy.

Reauthenticate Policy Action

Re-challenge a user’s security credentials when the context changes. For example, if a user moves to a public, unsecured network or to a network they’ve never used before, Secure Access can ask them to reauthenticate before accessing allowed resources.

  • Challenge for authentication credentials when security parameters such as time of day, network name, connection name, access point ID, the presence of external conditions, and the like change.
  • Challenge the identity of the person in possession of the device.
  • Mandate compliance with corporate security policies for authentication.

Control Data Collection and Privacy

To respect user privacy on COPE or BYOD devices, policies can now disable data collection. Disable data collection by policy conditions like time of day, network name, connection name, access point ID, the presence of external conditions, etc.

  • Automatically disable/reenable data collection by policy to comply with relevant privacy regulations and agreements.
  • Fine grained control to limit data collection to legitimate business purposes.
  • Supports over 25 different policy conditions.

Set Interface Selection Preference – force traffic over a specific interface

Secure Access supports ordering the network interfaces in policies to solve routing issues caused by network interfaces that report inaccurate speeds.

  • Fine-grained control over the order in which network adapters are used to route traffic on mobile clients.
  • Override hardware vendors’ claims of performance with custom routing preferences.

Self-Healing and Super-Distributable

Active-Active Warehouses*

When Secure Access v12.50 is deployed with redundant warehouses, if any warehouse becomes unavailable, other warehouses in the deployment automatically take over without administrator intervention. Administrators no longer need to promote a secondary warehouse in the event of a failure.

  • Secure Access pools are fault tolerant and automatically self-healing in the event of a warehouse failure.
  • All warehouses are active-active backups for each other. If one goes offline, the others automatically take over and administrators are notified.

Improved Support for Geographically Distributed Pools*

The new active-active architecture now supports pools with up to 300 milliseconds of latency between warehouses. Support for higher latency enables using public networks–not just expensive, private circuits—to deploy a distributed pool for fault tolerance or geographically distributed teams between cities, countries, and continents.

  • Supports distributed pools with up to 300 milliseconds of latency between zones.
  • Increased fault-tolerance supports combining multiple smaller pools into a single pool with a single management UI
  • More flexibility in designing for disaster recovery or global deployments

Encrypted Warehouse Communications*

Secure Access v12.50 now uses TLS encryption by default for communication between the warehouses and Secure Access Servers to ensure the confidentiality and integrity of the data-replication.

  • Strong encryption, enabled between all v12.50 warehouses and NMSs.
  • Secure data within and between data centers, regardless of their physical location.

5G Network Intelligence

Secure Access and Insights for Network are now fully 5G-aware. Secure Access agents collect and monitor 5G networks including signal quality, availability, technology generation (5G) and network technology (5G Sub6, 5GMM).
Note: Apple platforms do not provide cellular signal information.

  • Track and analyze 5G network availability, coverage, signal quality and usage in Insights for Network.

Client Improvements

Ensure Secure Access Agent Health

Protect against malicious or inadvertent tampering with the Secure Access Agent. Beginning with Secure Access version 12.50, Secure Access agents are available in an optional Resilient version. The Resilient Secure Access Agent monitors device files and processes. If it detects tampering, the agent will automatically repair or reinstall itself using a known good copy from a trusted source in our cloud infrastructure. 

  • Continually monitor the state of the Secure Access Agent's health and automatically remediate as necessary
  • Automatically restart if key processes aren’t running
  • Automatically reinstall the agent in the case of file corruption

Automatically Detect Authentication Certificates

When presented with multiple choices for authentication certificates, Windows users often struggle to choose the correct one. With Secure Access 12.50, administrators can easily pre-select the proper user or device authentication certificate and minimize the chance that users select the wrong certificate and fail to authenticate.

  • Pre-configure the Secure Access 12.50 client for Windows to automatically use the correct certificate
  • Supports multiple criteria for matching certificates and wild card logic when specifying certificate attributes
  • Configure new Windows certificate matching criteria from the Secure Access administration console

Windows 11 Support

Secure Access 12.50 supports the latest version of Microsoft’s Windows desktop operating system. Leverage Secure Access to improve your productivity on Microsoft’s newest platform for enterprises with the only VPN available that has been designed specifically with mobile workers in mind, providing seamless remote access in a way that actively improves the employee experience.

ARM Platform Support

The Secure Access v12.50 agent supports ARM processors in Windows and Apple device tablets and laptops that offer low power consumption and powerful mobile computing.

Near line-speed macOS downloads

We tripled the performance to near line-speed when downloading large files that are split-tunneled (local proxy) outside the VPN. (Up to 900 Mbps under ideal circumstances.)

Enhanced Drop-ship Deployment Options

Administrators can now drop-ship new Windows laptops to end users and script the initial configuration process. Improved support for Hybrid/Azure AD Join with a VPN when using Microsoft Intune. This allows for “zero-touch” remote deployment of Windows PCs using Windows Autopilot or other Windows system management tools.

Insights for Network v3.50

Visibility of ZTNA policy enforcement

New and enhanced dashboards provide visibility into traffic policy-blocked to hosts/websites, addresses/ports, and web reputation.  Administrators can now evaluate the impact of applying Secure Access ZTNA policies and make proactive security decisions.

New Connection Status History dashboard

A new Secure Access Connection Status History dashboard compliments the Secure Access Connection Status dashboard by providing more granular filtering and the ability to export all data to CSV, XML and JSON files. This allows administrators to better analyze Secure Access Agent usage history, including identifying when mobile users are actively connected and working remotely. 

New Insights for Network Access Audit dashboard

Administrators can now see a history of every dashboard that has been viewed, who viewed that dashboard(s), when viewed, and what specific filters were applied. 

Enhanced dashboards

5G Network Reporting

Insights for Network shows 5G-specific data on dashboards that display cellular coverage, signal quality and usage.  Dashboards with maps include Technology Generation (5G) and Network Technology (5G Sub6, 5GMM), as well as signal quality.     

Wi-Fi Signal Quality Mapping

The Device Details dashboard provides a visual map of a device’s movement and signal quality when connected to Wi-Fi networks. Customers can use this dashboard to identify problem Wi-Fi access points and poor Wi-Fi coverage areas. 

Option to Display and Export More Data

Several dashboards with tables are no longer restricted to 1,000 rows. Customers with more than 1,000 devices and/or users can now view and export all the data. 

Filter to Display all Carriers in Cellular Coverage Maps

The Cellular Coverage Map dashboard can now be filtered to show an individual carrier or all carriers on a single map. This is helpful for customers that rely on multiple carriers and want to better understand their end user’s overall experience. 

Display PCI and Cell ID

Dashboards that display cellular telemetry data now include the Physical Cell Identifier (PCI) and Cell ID, when available.  Customers can use this information to work with their cellular providers on improving service and coverage. 

Personalize Wi-Fi Network BSSID Names

Insights for Network administrators can now create a look-up table to map non-friendly Wi-Fi BSSID names to user-friendly names displayed in dashboards. This makes it easier for customers with many Wi-Fi access points to quickly identify an access point that may be having problems.

New Server Connections Over Time Chart

The Deployment Status dashboard now includes a line chart that displays the number of Secure Access Agent connections to each Secure Access Server over a selected time.  This helps Secure Access administrators determine if the Secure Access Servers are properly loaded and identify any historical outages. 

Updated Carrier Definitions

The Cellular Coverage Map has an updated list of carriers to reduce “unknown” carrier color assignments. 

Include Grid Cell Statistics in Cellular Coverage Map KML Exports

The Cellular Coverage Map can be exported to a Keyhole Markup Language (KML) formatted file for use in 3rdparty mapping tools.  Insights for Network now includes the actual grid cell statistics to display in the KML imported map. 

Administrative and Management Enhancements

Improved Console SSO Log-Off Experience

Insights for Network now provides the option to configure where the user’s browser is redirected after log-off to reduce user confusion after console log-off.

License Management Enhancements

More information about applied licenses appears in the Insights for Network Management tool and Licensing dashboard, making it easier for customers to view their license history and better understand when subscription licenses expire.

Self-Hosted Map Tile Servers

The maps displayed in several Insights for Network dashboards are generated by an Internet- hosted map tile server (Microsoft Bing maps). Customers that do not want to permit Internet access to the Insights for Network server can now manually configure Insights for Network to render maps using a self-hosted map tile server.   

Secure Access Cloud and MSP Enhancements

Automated Server Deployment

Secure Access v12.50 contains new installer features for scripting server deployments and upgrades. Managed Service Providers (MSPs) and other organizations that frequently install or upgrade Secure Access infrastructure can integrate those operations into their existing Ansible or other automation environments to reduce human error and scale deploying infrastructure.

Custom Domains for Secure Access Cloud Deployments

Customers deploying to Secure Access cloud can choose custom domain names, simplifying, access and configuration of their cloud subscription.

  • Choose your custom name and simplify access to the cloud environment for example – customer_name.on.netmotioncloud.com
  • Create a name that’s easy for end users and administrators to recall and use.

Full Insights for Network Scalability in NetMotion Cloud

For customers with large SaaS deployments, the Secure Access Cloud platform supports up to 30,000 devices in Insights for Network. Insights for Network in Secure Access Cloud offers all the capabilities of our on-premises product with full scale in a managed cloud environment.

  • Scale parity between Insights for Network and Secure Access Cloud
  • Insights for Network in Secure Access Cloud also supports large, on-premises Secure Access pools.


*  Feature also available in Absolute Core.

Secure Access 12.51 Doubled Scalability for Secure Access and Insights for Network (Core & Edge)

Secure Access 12.51 Doubled Scalability for Secure Access and Insights for Network (Core & Edge)

Secure Access 12.51, available in Absolute Core & Edge, doubles capacity to support 60k simultaneous agent connections. Organizations can confidently deploy a single pool for their entire organization and benefit from improved manageability across globally deployed networks. A pool now supports up to 24 Secure Access Servers and up to 8 active-active warehouses located in 4 geographically dispersed regions. Insights for Network deployments larger than 15,000 users are only supported in Secure Access Cloud, which offers all the capabilities of the on-premises product with support for up to 60k users in a SaaS managed cloud environment.

Secure Access 12.51 Server Improvements

  • Increased maximum supported latency for connections between pool regions/zones from 100 ms up to 300ms of latency. (Core & Edge)
  • Improved the accuracy of data published to the Blocked Network Traffic dashboards in Insights for Network (Edge only)

Secure Access 12.51 Agent Improvements (Core & Edge)

  • Improved DNS support on Android
  • Improved NAC compatibility with third party software on Windows
  • New support for “no touch” deployments on Sonim XP8 Android devices
  • General stability improvements on the Android client and macOS client

Review Known and Resolved issues for more details on issues fixed in this release.

Secure Access 12.52 Improved SAML and Group Mapping Support (Core & Edge)

Secure Access 12.52 is a server only release improving support for SAML-based authentication controls and providing more flexibility for Secure Access group mapping. 

Secure Access 12.52 Server Improvements

  • Fixed an issue with short SAML inactivity time outs not being honored.
  • Increased the number of Secure Access groups supported in a SAML session reauthentication token.

Review Known and Resolved issues for more details on issues fixed in this release.

V12.53: Improved Memory and Certificate Management (Core & Edge)

Secure Access 12.53 is a server and agent maintenance release addressing issues related to memory utilization, certificate management, and general stability

Secure Access 12.53 Agent Improvements

  • Improved memory management on Android
  • Simplified Android agent UI
  • Improved filtering logic for certificate pre-selection on Windows agents
  • Automated error logging for NAC module

Secure Access 12.53 Server Improvements

  • Improved reliability of publisher ‘client host’ setting

Review Known and Resolved issues for more details on issues fixed in this release.

Financial Services