WinMagic strongly recommends that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and new features.
This document contains important information about the current release. We strongly recommend that you read the entire document.
Recommended – WinMagic recommends this service release for all environments. Apply this update at your earliest convenience.
MagicEndpoint Client and IdP Documentation can be accessed at:
ME 1.4 (Current)
November 11, 2023
Updates, improvements, new features
March 2, 2023
Updates, improvements, new features
December 9, 2022
Updates, improvements, new features
July 20, 2022
|Updates, improvements, new features|
March 31, 2022
Initial Release of MagicEndpoint and
Client OS Support
In this initial version, only Windows devices are supported.
Devices utilizing MagicEndpoint authentication must have Windows 10 or Windows 11 – Windows 7 is not supported.
NOTE: This version does not support direct upgrade on top of a previous version. Existing customers having previous versions of MagicEndpoint installed should a) Uninstall the MagicEndpoint client, then b) Install this version, then c) Clear their Internet Browser’s cache before attempting to use MagicEndpoint for authentication.
New customers should deploy this version. Existing customers who had been testing MagicEndpoint 1.0, 1.1, 1.2, or 1.3, or the same product under pre-release/Beta names like FIDO Eazy Diamond/3.0/Enterprise or SecureDoc Passwordless Authentication and who wish to explore new and updated functionality in this version should install this service release per the recommendation above.
User Interface (UI) for IdP-Initiated Single Sign-On (SSO)
Description: Enhancing the IDP Home Page and Configuration by incorporating a User Interface (UI) for IDP-initiated Single Sign-On (SSO).
Solution: The latest features include an "IDP-initiated SSO" option in the Service Provider (SP) configuration and a new "Service Providers" section on the Home Page. The Service Providers Table now exclusively lists IDP-initiated SPs, displaying only those allowed for non-admin users based on group configurations. Clicking on a specific SP in the table initiates the SAML Single Sign-On (SSO) process.
Affected tickets: SD-45281
Upon re-logging into ME via the system tray in BLE RMO, ME necessitates the use of the SD password instead of BLE.
Issue: Instead of utilizing Bluetooth, ME mandates the use of the SD password for re-login after logging out with the RMO package.
Solution: Introduce a verification step using "SdpaClientCheckUserExistEx" to confirm the user's protection type before initiating any login attempt (when SDMode = 1). This guarantees a consistent requirement for Bluetooth during re-login with BLE protection when MagicEndpoint (ME) is logged out.
Affected tickets: SD-45408
Reply with the reason for rejected authentication in the Identity Provider (IDP).
Issue: When the ME makes a request to the IDP server, the server has the capability to reject the request for various reasons, such as a signature mismatch or the user not belonging to the Service Providers (SPs) group, among others.
Solution: This issue is now updated and resolved.
Affected tickets: SD-45386
Implement access policies according to "device signals."
Issue: The MagicEndpoint Identity Provider (ME IdP) faces a challenge in assessing user and device access to Service Providers (SPs) due to the absence of event-driven signals. The current process relies on server-initiated polls instead of the endpoint notifying the server of any status changes.
Solution: This issue is now resolved.
Affected tickets: SD-45312
Single Sign-On (SSO) Initiated by IdP
Issue: The IDP Portal should display registered Service Providers (SPs), allowing users to initiate Single Sign-On (SSO) to the selected service provider by clicking on it.
Solution: A "Service Providers" section has been introduced on the IDP Home page. When a Service Provider (SAML) is configured with "IDP-initiated SSO" enabled, it will be included in the list of IDP-initiated SSO on the IDP Homepage. Users belonging to the SP access group can initiate Single Sign-On to the selected service provider by clicking on it.
Note: WinMagic IDP currently supports SP-initiated login only.
Affected tickets: SD-44033
[ME] Even after multiple unsuccessful login attempts to the Service Provider (SP), Fingerprint or FaceID authentication remains mandatory.
Issue: If a user logs out after a previous login, attempts to access an SP, and cancels or fails the biometric authentication prompt, ME will subsequently request the PIN for login.
Solution: Biometrics can no longer be used to log back in after logging out. Users are prompted to enter their PIN or password instead, enhancing security during login attempts. This change applies to accessing service providers (SPs) and logging back into ME directly from the system tray icon.
Ticket affected: SD-45013
[IdP] Launching IdP Page Fails with HTTP Error 500 in the Event of IdP-Only Installation
Issue: Upon attempting to log into the IDP portal, an HTTP Error 500 is presented.
Solution: To resolve this issue, it is recommended to install IDP on the same server as SES Console. A fix for this problem is anticipated in version 9.1.
Affected tickets: SD-46654
Customers with an active support plan should contact firstname.lastname@example.org to receive the latest download link for their MagicEndpoint / MagicEndpoint IdP upgrade.
5770 Hurontario Street, Suite 501
Mississauga, Ontario, L5R 3G5
Toll free: 1-888-879-5879
Phone: (905) 502-7000
Fax: (905) 502-7001
Human Resources: email@example.com
Technical Support: firstname.lastname@example.org
For information: email@example.com
For billing inquiries: firstname.lastname@example.org
This product includes cryptographic software written by Antoon Bosselaers, Hans Dobbertin, Bart Preneel, Eric Young (email@example.com) and Joan Daemen and Vincent Rijmen, creators of the Rijndael AES algorithm.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (https://www.OpenSSL.org/).
WinMagic would like to thank these developers for their software contributions.
©Copyright 1997 – 2023 by WinMagic Corp. All rights reserved.
Printed in Canada Many products, software and technologies are subject to export control for both Canada and the United States of America. WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations. Exports and re-exports of WinMagic Inc. products are subject to Canadian and US export controls administered by the Canadian Border Services Agency (CBSA) and the Commerce Department’s Bureau of Industry and Security (BIS). For more information, visit WinMagic’s web site or the web site of the appropriate agency.
WinMagic, SecureDoc, SecureDoc Enterprise Server, MagicEndpoint, MagicEndpoint IDP, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac, MySecureDoc, MySecureDoc Personal Edition Plus, MySecureDoc Media, PBConnex, SecureDoc Central Database, and SecureDoc Cloud Lite are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2023 WinMagic Corp. All rights reserved.
© Copyright 2023 WinMagic Corp. All rights reserved. This document is for informational purpose only. WinMagic Corp. makes NO WARRANTIES, expressed or implied, in this document. All specification stated herein are subject to change without notice.