WinMagic strongly recommends that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and new features.
This document contains important information about the current release. We strongly recommend that you read the entire document.
Recommended – WinMagic recommends this service release for all environments. Apply this update at your earliest convenience.
March 2, 2023
Updates, improvements, new features
December 9, 2022
Updates, improvements, new features
July 20, 2022
|Updates, improvements, new features|
March 31, 2022
Initial Release of MagicEndpoint and
Download the latest release notes for each version listed within Knowledge Base Article 1756.
Client OS Support
In this initial version, only Windows devices are supported.
Devices utilizing MagicEndpoint authentication must have Windows 10 or Windows 11 – Windows 7 is not supported.
NOTE: This version does not support direct upgrade on top of a previous version. Existing customers having previous versions of MagicEndpoint installed should a) Uninstall the MagicEndpoint client, then b) Install this version, then c) Clear their Internet Browser’s cache before attempting to use MagicEndpoint for authentication.
New customers should deploy this version. Existing customers who had been testing MagicEndpoint 1.0, 1.1, 1.2, or 1.3, or the same product under pre-release/Beta names like FIDO Eazy Diamond/3.0/Enterprise or SecureDoc Passwordless Authentication and who wish to explore new and updated functionality in this version should install this service release per the recommendation above.
The ability to "recycle" (and display) IdP keys has been added into the MagicEndpoint Client application
Issue: There can come a scenario, potentially due to network issues or an attack, that a user's IdP Key can become out of step with what a given Service Provider requires.
Solution: This new feature of the MagicEndpoint client permits a user to recycle a key, which has the effect of
deleting the user’s Private Key, then re-calling the FIDO registration process automatically now based on this new private key.
This feature also improves on previous versions of the client in that it IdP Keys will be shown among any “locally-created” keys the user may have registered with sites/services (e.g. without using the IdP). All these keys appear in the "Registered Sites" view.
This is a significant improvement over the original process which required the user to delete the existing key from the table and manually register a new Key to be its replacement.
Affected tickets: SD-44085
MagicEndpoint IdP now supports central management of Software Tokens, suitable as a fall-back where TPM is not available.
Issue: Customers can encounter devices on which there is no TPM Chip, the chip available is of the wrong version (e.g. no TPM 2.0), lacks suitable firmware or may already be fully used and cannot house a MagicEndpoint token key (among other reasons). For such devices a strong fall-back solution is needed.
Solution: MagicEndpoint IdP will now permit users to utilize software-based tokens, and these will be stored/escrowed in the SES Database.
Affected tickets: SD-43915, SD-43187, SD-43213, SD-43915
Group-defined access to Service Providers works at the direct group level - there is no attribution of rights from parent/grandparent groups
Issue: If creating Group rights to access specific Service Providers defined within the MagicEndpoint IdP, such attributions at a given Group level will not "cascade" down to Child-Level Groups within the Parent Group.
Work-Around: There is no work-around at this point, though WinMagic is researching this.
Please ensure that any Sub-Groups used to provide access to Service Providers are configured to repeat the same direct Service Provider relationship as their Parent Group, or preferably avoid the use of nested groups until a solution is found.
Affected tickets: SD-42923
Where setting up groups to be notified via Email of alarm events in SES, there is no support for sub-groups at present
Issue: SES allows for the configuration of groups (typically of administrators or security monitoring professionals) who will be sent an email when alarm-specific events occur. However, where a group contains a subgroup, and that subgroup references users, those subgroup users will not be sent a notification.
Solution: WinMagic is looking to find a solution for this issue, but for this version, where group members to be sent emails please ensure that those users are added directly to the specific group associated with alarm emails - and not to a sub-group of that group.
Affected tickets: SD-42910
Manual steps are required to re-create the user's IdP Account Key if user fails to log in to the IdP with error 500 following the deletion of the user's Device from the SecureDoc Database.
Issue: If user fails to log in to the IdP with error 500 following the deletion of the user's Device from the SecureDoc Database, although the user and device information will be re-created in the SES Database when the device communicates to the SES Server following the next re-boot, the user's IdP Account Key(s) are not re-created.
Solution: Steps necessary to create new IdP Account Key.
1 - The user must delete the key for MagicEndpoint (located on-disk in: C:\Users\YourUserName\AppData\Local\MagicEndpoint) and
2 - The user must then re-start computer and see if it can work again - the keys should be re-created following the re-start and will be communicated to the SES Server to be stored.
Affected tickets: SD-42095
Attempting to add MagicEndpoint to a Windows 8.1 device already protected with SecureDoc yields an error message: Failed to Setup OSC Environment,Status=0x0B0009A2
Issue: When attempting to add MagicEndpoint to a Windows 8.1 device
already protected with SecureDoc, upon attempting to register a user with TPM Protection, an errror message will appear: Failed to Setup OSC Environment,Status=0x0B0009A2. This does not occur if attempting to set up a software token, nor does it occur if attempting to set up a TPM token under Windows 10 or 11.
Reason: It appears to be that ownership of the TPM is not taken automatically under Windows 8.1. Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM.
Work-Around: Customers are recommended to upgrade to Windows 10 or 11.
Affected tickets: SD-41914
User will be unable to login to a Service Provider if the WinMagic Authenticator app is opened after having earlier turned off 'Allow Notifications' in the WinMagic Authenticator app then closing it.
Issue: To understand this issue fully, the following conditions and steps will cause it to occur.
- Service Providers were added to the MagicEndpoint IdP Web portal
- The user has registered his account on the WinMagic Authenticator mobile app successfully
Steps to reconstruct this issue.
1. On the mobile device's WinMagic Authenticator app, turn off 'All Notification'
2. On an endpoint device that does NOT have MagicEndpoint installed, go to the Service Provider and login using the MagicEndpoint IdP.
2a) The 'Selectable authentication method' page will be displayed
3. Select the 'Mobile push' method, then fill in a valid email address
4. Click on the Login button
5. On the user's phone, launch the WinMagic Authenticator app and observe.
6. Normally one would expect a Notification to be displayed, but in this case nothing will be displayed.
NOTE: This issue does NOT occur with MS Authentication when trying to login with a MS account.
Work Around: Avoid disabling the 'All Notifications' option in WinMagic Authenticator if you intend to use Mobile Push-based authentication (or just generally, to ensure that all available means of authentication remain available to the end user).
Affected tickets: SD-41647
Customers with an active support plan should contact email@example.com to receive the latest download link for their MagicEndpoint / MagicEndpoint IdP upgrade.
5770 Hurontario Street, Suite 501
Mississauga, Ontario, L5R 3G5
Toll free: 1-888-879-5879
Phone: (905) 502-7000
Fax: (905) 502-7001
Human Resources: firstname.lastname@example.org
Technical Support: email@example.com
For information: firstname.lastname@example.org
For billing inquiries: email@example.com
This product includes cryptographic software written by Antoon Bosselaers, Hans Dobbertin, Bart Preneel, Eric Young (firstname.lastname@example.org) and Joan Daemen and Vincent Rijmen, creators of the Rijndael AES algorithm.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (https://www.OpenSSL.org/).
WinMagic would like to thank these developers for their software contributions.
©Copyright 1997 – 2023 by WinMagic Corp. All rights reserved.
Printed in Canada Many products, software and technologies are subject to export control for both Canada and the United States of America. WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations. Exports and re-exports of WinMagic Inc. products are subject to Canadian and US export controls administered by the Canadian Border Services Agency (CBSA) and the Commerce Department’s Bureau of Industry and Security (BIS). For more information, visit WinMagic’s web site or the web site of the appropriate agency.
WinMagic, SecureDoc, SecureDoc Enterprise Server, MagicEndpoint, MagicEndpoint IDP, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac, MySecureDoc, MySecureDoc Personal Edition Plus, MySecureDoc Media, PBConnex, SecureDoc Central Database, and SecureDoc Cloud Lite are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2023 WinMagic Corp. All rights reserved.
© Copyright 2023 WinMagic Corp. All rights reserved. This document is for informational purpose only. WinMagic Corp. makes NO WARRANTIES, expressed or implied, in this document. All specification stated herein are subject to change without notice.