Changelog

Credential Provider Release Notes

New features, improvements, and fixes for the Mideye Credential Provider.

These release notes document changes to the Mideye Credential Provider, a native Windows credential provider DLL that adds Mideye MFA to RDP and console logon. Visit downloads for installation packages or review the documentation for deployment instructions.

Looking for Mideye Server release notes? The core Mideye Server product has its own changelog — view Mideye Server releases.

Mideye Credential Provider 4 releases

Version 0.6.12

Enhancement
A single, unified configuration view
  • The user and group rosters now sit alongside the token and SMS settings in one consolidated view, so a whole deployment can be configured from a single screen instead of moving between separate tabs.
Enhancement
A setup tool that fits any screen
  • The configuration tool now scales cleanly from high-resolution monitors down to the small remote-management consoles used in server rooms, with a refreshed and more consistent layout throughout.
Bug Fix
More dependable approver notifications
  • When a sign-in needs approval, every eligible approver — whether listed individually or resolved from an Active Directory group — now reliably receives the SMS.
Known Issue
Upgrade notes
  • Drop-in upgrade from any 0.6.x preview — no manual operator step required.
  • All configuration is preserved across the upgrade.

Version 0.6.10

Feature
Group support across rosters
  • Active Directory groups and local groups can now be added to the Assisted Login Users roster — group members are resolved at logon time via LDAP, so there's no need to enumerate individuals when the population is already maintained in AD.
  • The Approvers tab gained a Group picker (Local or Domain) alongside the existing Users list. Add an AD group such as `LAB\approvers` and every current member is eligible to authorise an Assisted Login flow.
  • Group entries carry an explicit Local or Domain tag, so on hosts where a local and a domain group happen to share a name the configuration tool always targets the one the operator picked.
Feature
Identifier form flexibility
  • User and group identifiers are accepted in all three Windows forms — `DOMAIN\name`, `name@domain.tld`, and `dns.tld\name` — and resolve to the same configured roster entry regardless of which form Windows passes at logon.
Enhancement
Configuration tool improvements
  • The configuration tool now reflows and adds a horizontal scrollbar on narrow consoles (1024×768 and smaller), so every control on every tab is reachable on the compact server displays typical of Hyper-V, iLO / iDRAC, and out-of-band management sessions.
  • The Approvers tab layout mirrors the MFA Override tab so adding individual users and adding group sources use the same controls in both places.
Known Issue
Upgrade notes
  • Drop-in upgrade from any 0.6.x preview — no manual operator step required.
  • All configuration is preserved across the upgrade — Schedule cells, Break-Glass roster, Approvers, Policy keys, and credentials are kept as configured.

Version 0.6.8

Enhancement
Reliability improvements
  • Mideye+ push approval requests are sent within the push service's accepted timing range, so prompts reach the device consistently across all Touch-based flows.
  • Stored credentials survive VM cloning, sysprep, P2V migration, and domain re-join. Values migrate automatically on the first configuration apply after the underlying machine identity changes — no operator action required.
  • Approver-list integrity baselines refresh automatically when the operator applies a configuration change. A new `MideyeProviderConfig.exe --refresh-baselines` command is also available for manual rebuilds if the baseline ever needs to be reset out of band.
Enhancement
Configuration tool improvements
  • Authentication timeouts (MFA, Assisted Login user, Assisted Login approver) are editable directly from the Login Schedule tab instead of requiring a registry change.
  • The Lockdown safety dialog has been reworked — the issue list reads as a list (not an editable text box), the dialog is resizable, and the OK / Cancel buttons stay visible even when the list is long.
  • The Security Policies tab shows a statistics table of how often each policy event has fired in the last 30 days, read from the Windows Application log.
  • External Approvers integrity-check failures emit an alert event instead of blocking logon. An informational event also fires once per startup when an operator runs with a non-AD approver source, so the deployment shape is visible in the Application log without extra tooling.
  • Tab layouts (Break Glass, Approvers, Lockdown, Assisted Login Users, MFA Override) share a consistent right-edge margin and reflow correctly when the configuration window is resized.
Known Issue
Upgrade notes
  • Drop-in upgrade from 0.6.7 — no manual operator step required.
  • Existing credential values are preserved and migrated automatically on the first configuration apply after the upgrade.

Version 0.6.6

Feature
Preview release
  • Native Windows credential provider DLL that adds Mideye MFA to RDP and console logon.
  • Cloud mode (OAuth2 against the Mideye Authentication API) and on-prem mode (LAN-hosted Mideye Server, hardware-token OTP only).
  • Touch push (Mideye+ app), hardware-token OTP, OATH HOTP authenticator-app codes, and Assisted Login (4-eye approval).
  • 168-cell weekly Login Routing schedule with MFA / Assisted / Deny cells, per-user MFA-method overrides, and Deny-schedule override for on-call admins.
  • Break-Glass roster required before activation — refuses to enable while empty.
  • Internal AD-resolved approvers and External (registry-only) approver roster with HMAC-sealed integrity.
  • Signed MSI deployable interactively, silently (`msiexec /qn`), or via Group Policy.
Known Issue
Preview limitations
  • Microsoft Intune deployment guide and Entra-only joined hosts not yet supported in this preview.
  • Customer-facing documentation is published for the index, quickstart, and architecture pages only; configure / operate / security / use sections remain drafts.