LogonBox 2.3.9 Released


LogonBox version 2.3.9-1553 has now been released

Changes since previous release:

New Desktop Credentials Provider


A new version of the Windows Desktop credential provider is now available to address several bugs we discovered in the initial implementation. This rewrite has also helped pave the way for future RDP support. This release provides compatibility with RDP logins, and a future release will introduce additional MFA options.


The new credential provider now replaces the standard Microsoft Password Provider and supports chaining if you already have another provider that wraps the Microsoft provider. 


This release of the Credential Provider also supports integration with the LogonBox VPN. When the provider detects an installation of the LogonBox VPN client, it adds a new link to the user's pre-login options to allow the user to start the client and establish a VPN connection to their company network.



User Delegation


Whilst it's always been possible to delegate rights to manage users in LogonBox, once an account had the permission, they would be able to change any user in the Users list. The new delegations feature allows the administrator finer control over which users an elevated helpdesk account can manage.

 The feature is available in Security & Permissions->Delegations. By default, the delegation is for all users, meaning if you assign the User Read/User Update permissions to a user, they can see all users. 

 To create a delegation set, change the Default Delegation resource assignment to just the System Administrator role. You can then create a new delegation, add users to the Delegates tab, and assign it to those who work with those users in the Assignment tab. When those users log into the portal, they will have access to the User Directory menu and only see and manage users delegated to them.



  • User delegations feature added.
  • New Desktop Credentials Provider released.
  • SAML updated to support SHA2 signatures.
  • SAML now supports encrypted assertions.
  • System IP restrictions merged into the new service-based set of rules. The new IP Authentication menu now looks and works more like a set of Firewall rules.
  • Added an option not to show a default realm if you use the realm dropdown to login pages.
  • Email subsystem reworked - Emails will now be sent only in plaintext if there is no HTML content.
  • Email subsystem reworked - Batched emails (i.e. password reminders, profile reminders) should now send significantly faster (several per second rather than once per few seconds).
  • New permission added for User Dashboard view. Remove this permission from the Everyone Role if you don't want users to see the new User Dashboard on login.
  • Added a CSV Export option for items stored in the Password Server.
  • Password Reveal now generates audit events.
  • The Portuguese language added.
  • System Configuration->Configuration->Application Name now accepts a - character.



  • Changing SMTP hostname no longer requires a restart to take effect.
  • We fixed some issues with sessions not timing out as expected when on certain pages.
  • On session timeout, the system will automatically refresh the login screen rather than only doing so after the next page interaction after the expiry.
  • A bug restricted automatic account linking to only the first 100 accounts. The job now correctly iterates through all users.
  • The user's credentials page incorrectly interpreted the username as an email address.
  • SSH User directory now correctly prompts for an authenticity check on the first connection to the remote server.
  • Deleting users from a secondary directory no longer throws a 404 error when performing a bulk delete.
  • We fixed an issue with the Duo widget not displaying for a password reset.
  • LogonBox authenticator app for Android now correctly displays text when in dark mode.
  • Authentication flows will now iterate through nested group memberships for the Assigned Flow authentication module.
  • Dashboard password reset statistics are no longer one day out of sync.
  • Password Expiring alerts should now run correctly for secondary accounts.
  • Combining an Assigned Flow with User Flow Selection in Authentication Flows now works as expected.
  • Realm Selection dropdown option now working on Windows installs.
  • Secure Nodes should now connect to a realm correctly if you entered the configured hostname with a different case.
  • Password server features are now visible for Enterprise licenses.



The LogonBox team.