Release of UCS 4.1 with Docker, Single Sign-On Mechanism and Two-Factor Authentication

The release 4.1 of Univention Corporate Server brings some new important features for even more secure and convenient use. For example, the Univention App Center now also supports apps which use the container technology Docker. Also new is the integrated global single sign-on mechanism which can be rendered even more secure via the use of two-factor authentication. Another particular highlight are self-service mechanisms whereby users can reset their passwords autonomously.

With the support of Docker-based apps in the Univention App Center we have decided on a standard which allows secure, parallel operation of encapsulated applications in one environment. At the same time, this technology makes it possible to satisfy the contradictory technical requirements of individual apps more simply, as they only need to be satisfied for the respective container each time. Manufacturers of enterprise solutions in the Univention App Center, which now encompasses around 70 applications for business and educational use, can make their software packages available as usual. The App Center is then capable of packaging the respective application as a Docker app automatically. Our CEO Peter Ganten explains the decision as follows: “For an app store like the Univention App Center, container technologies such as Docker are the ideal technical basis, because they allow the useful separation of all the applications that are used on the cloud or on-premises by an organization with an extreme low overhead as to resource requirements at the same time. If such easy to use containers had already been available on the introduction of the App Center, we definitely would have used them already then…”

Single sign-on in UCS management system via SAML

Although users will probably barely notice that their application is running as a Docker app, the new single sign-on feature now integrated in UCS and its management system Univention Management Console brings with it a noticeable improvement in convenience. The fact that only one login is required is a considerable simplification when viewed in terms of the continuously increasing number of enterprise applications and cloud services employed by users in their day-to-day work. With the integration of the right interface, manufacturers who make their solutions available in the Univention App Center can simply bind on to the Security Assertion Mark-Up Language (SAML). The login process to the Univention Management Console for administrators also employs this technology.

 

Two-factor authentication

As UCS is often employed to administrate IT infrastructures which also contain sensitive data, UCS 4.1 now also makes it possible to add a second factor, for example a TAN generated randomly each time, in order to reduce the risk of unauthorized access even further. In this way, UCS users can now integrate the privacyIDEA app, which implements this, from the App Center with just one click. It is then available for both the sign-on to the Univention Management Console and for sign-ons to other services based on UCS, insofar as these support the SAML standard.

Autonomous password-reset service for users

UCS now also offers users the possibility of resetting their own passwords. This function was in particular demand among UCS users in large school environments and clouds services. Users can now conveniently reset their passwords themselves. The identity of the user can be optionally verified via e-mail or SMS.

Usability improvements and more transparent interface for the App Center

These new functions are joined by numerous usability improvements. For example: the Univention App Center interface has been made considerably more transparent; the user is now provided with more information on the individual apps, e.g., via the integration of videos on the respective product or an evaluation system for the individual apps.

 

 

Technical foundations

Since the release of UCS 4.0 in November 2014, our development department has implemented 363 errata updates, security updates, bug fixes and smaller new features for Univention Corporate Server, all of which are included in today’s release. The technical basis of UCS 4.1 is formed by the long-term kernel 4.1.12, the latest version of Samba 4.3.1 and OpenLDAP version 2.4.42, thus offering state-of-the-art technology on all fronts.

The new version 4.1 is available to download as VM or ISO image in our download area.

Find detailed information on our new features in our blog in the articles about Docker, Single Sign-On with SAML, and Two-factor Authentication.