WinMagic strongly recommends that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and new features.
This document contains important information about the current release. We strongly recommend that you read the entire document.
Recommended – WinMagic recommends this service release for all environments. Apply this update at your earliest convenience.
December 9, 2022
Updates, improvements, new features
July 20, 2022
|Updates, improvements, new features|
March 31, 2022
Initial Release of MagicEndpoint and
Download the latest release notes for each version listed within Knowledge Base Article 1756.
Client OS Support
In this initial version, only Windows devices are supported.
Devices utilizing MagicEndpoint authentication must have Windows 10 or Windows 11 – Windows 7 is not supported.
Customers who had been testing MagicEndpoint 1.0, 1.1 or 1.2, or the same product under pre-release/Beta names like FIDO Eazy Diamond/3.0/Enterprise or SecureDoc Passwordless Authentication, should upgrade to the full release final version.
Issue: SecureDoc IdP will benefit from Administrators having the ability to manage access to Service Providers
Solution: With this improvement, each Service Provider definition gains settings to define which users or groups of users can access it and use the service.
These are based on groups/users that have been synchronized from Active Directory to the SES Database.
There will exist a pre-defined group encompassing everyone (meaning any user in the SES Database), and this will be automatically applied whenever an Admin is creating a Service Provider entry, but this can be dropped and replaced with more restrictive Group/User information at will.
Affected tickets: SD-41740
Issue: Customers may need to validate users and authenticate against an OIDC Source
Solution: MagicEndpoint IdP now incorporates the capacity to validate against OIDC.
Affected tickets: SD-41060
Issue: In the case multiple accounts are assigned to a user (e.g., the user works both a staff member, but also as an Administrator), the user needs to choose with which account he/she wants to sign-in to that application. The user currently can choose that account on IdP Web, but that is seen as an incomplete solution.
Solution: During authentication, a pop-up will appear from the MagicEndpoint client during on each service request (where multiple accounts exist for the user), which permits the user to choose with which account they want to use to login.
Affected tickets: SD-42025
Issue: Customers may need to validate users and authenticate against an LDAP Source
Solution: MagicEndpoint IdP now incorporates the capacity to act as an LDAP. server
Affected tickets: SD-42070
Issue: Authentication using a Mobile Device over a network connection is not manageable at the Group level.
Solution: Groups now include an option to enable authentication using a Mobile Device over a network connection (versus a Bluetooth connection), so that any user belonging to this group, or any user group member of this group can be allowed such network-based authentication authorization functionality.
Affected tickets: SD-42092
Issue: To provide maximum flexibility and customer focus, users authenticating using RADIUS can still be optionally required to prove presence at the device, in accordance with their organization's security policies.
Solution: MagicEndpoint IdP will offer the choice of two User Action modes for RADIUS authentication: a) User Present (default) b) User Verification
Issue: To provide as seamless and non-intrusive a user experience as possible, the use of the device-unique MAC address will permit device-user relationships to be defined such that the user need not enter a User ID during authentication to the Cisco AnyConnect VPN client.
Issue: WinMagic is always striving to provide as seamless and non-intrusive a user experience as possible during authentication.,
Solution: Use of the device-unique MAC address will permit device-user relationships to be defined such that the user need not enter a User ID during authentication to the Cisco AnyConnect VPN client during RADIUS authentication.
Issue: As MagicEndpoint and its integration with SES evolve as an Enterprise solution for authentication, the need arises to keep user-level administration simple to manage, yet remain powerful.
Solution: A new "IdP" tab has been added to SES Web's group properties functionality, permitting tying a Group to IdP-defined Service Provider configurations, providing the users who are members of the Group to access said Service Providers. The settings also permit use of "Out of Band" (network-based) authentication (as opposed to only using Bluetooth Low Energy communication between endpoint and the user's Mobile Device (Phone) as well as configuration of whether user must provide simple or more stringent proof of presence at the device
Issue: There are no options an Administrator can define re: how the user should prove presence during authentication authorization when using an LDAP-based authentication modality.
Solution: With this version, there will be User Action modes for LDAP:
User Present (default)
Affected tickets: SD-42937
Issue: Now that customers can elect to protect their Key Files using the WinMagic Mobile Token (which uses the WM Authenticator app in their phone), it would be beneficial to ensure users can install the app if they do not currently have it.
Solution: As a benefit to customers this panel will now display the download QR Code (which when scanned will take the user directly to the app in either the Apple Store or Google Play - as appropriate to their mobile device type - when the user opts to use a WinMagic Mobile Token. For any other token types, the existing static blue "Key + USB" image will be shown in the top left corner of the panel.
Further, since the instructions for conversion to Mobile token differ from the use of a physical token (e.g., no insertion), the text at the top of the panel will provide specific guidance for converting to the Mobile token.
Affected tickets: SD-43241
Issue: Where IdP-related log entries are added, they must be accessible separately as the IdP should be considered its own source of logged events.
Solution: IdP-related Log Entries will be accessible in an IdP-specific Logs viewer within the SESWeb console.
Affected tickets: SD-42058
Issue: Presence in Bluetooth manager (under Device Manager) of FIDOEazy" and "Your Phone" appears to block ability to complete Phone-based Authentication.
Scenario: A device has SecureDoc deployed using an Installation Package successfully. The profile used specifies use of SecureDoc Credential Provider and Bluetooth Low Energy (BLE) authentication.
1. Boot Logon is installed, the drive is successfully encrypted, and device ownership is established (the "Secure Moment").
2. The user logs in to Pre-boot, SecureDoc Credential Provider, and into SecureDoc Control Center (SDCC) - these will be successful and without error
3. The user paired the Phone's Bluetooth with PC for any purposes
4. The user opened SecureDoc Control Center and logged in to it.
5. At this point, the user should have been able to login to SecureDoc Control Center successfully by authenticating using WMAuthenticator on the Phone, and without error
The actual result was an error message "An unidentified error has occurred. Error code: 0x9B08CA" shown.
6. Click the "OK" button to close this error message and close SecureDoc Control Center
7. In Device Manager, open the Bluetooth Device section and remove "FIDOEazy" and "Your Phone"
8. In Device Manager, disable and re-enable Bluetooth device
10. You should now be able to successfully login at Preboot, SecureDoc Credential Provider, and to SecureDoc Control Center using Bluetooth
NOTE: After applying the work-around from steps #7 to #8, an attempt to pair the Phone's Bluetooth in the PC resulted in being unable to detect the Phone to login to SecureDoc Control Center or SecureDoc Credential Provider - it was only possible to login at SecureDoc Pre-Boot
Customers with an active support plan should contact email@example.com to receive the latest download link for their SecureDoc upgrade.
5770 Hurontario Street, Suite 501
Mississauga, Ontario, L5R 3G5
Toll free: 1-888-879-5879
Phone: (905) 502-7000
Fax: (905) 502-7001
Human Resources: firstname.lastname@example.org
Technical Support: email@example.com
For information: firstname.lastname@example.org
For billing inquiries: email@example.com
This product includes cryptographic software written by Antoon Bosselaers, Hans Dobbertin, Bart Preneel, Eric Young (firstname.lastname@example.org) and Joan Daemen and Vincent Rijmen, creators of the Rijndael AES algorithm.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).
WinMagic would like to thank these developers for their software contributions.
© Copyright 1997 – 2022 by WinMagic Corp. All rights reserved.
Printed in Canada Many products, software and technologies are subject to export control for both Canada and the United States of America. WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations. Exports and re-exports of WinMagic Inc. products are subject to Canadian and US export controls administered by the Canadian Border Services Agency (CBSA) and the Commerce Department’s Bureau of Industry and Security (BIS). For more information, visit WinMagic’s web site or the web site of the appropriate agency.
WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac, MySecureDoc, MySecureDoc Personal Edition Plus, MySecureDoc Media, PBConnex, SecureDoc Central Database, and SecureDoc Cloud Lite are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2022 WinMagic Corp. All rights reserved.
© Copyright 2022 WinMagic Corp. All rights reserved. This document is for informational purpose only. WinMagic Corp. makes NO WARRANTIES, expressed or implied, in this document. All specification stated herein are subject to change without notice.