Release Notes

Enhancements

Admin-configurable RDP screen resolution to prevent connection failures

Administrators can define a fixed screen resolution for RDP applications, preventing blank-screen connection failures when users with high-resolution or ultra-wide monitors access legacy RDP servers. In Web RDP sessions, the configured resolution is enforced to ensure stable rendering.

Chinese Language Support (UI)

In addition to the languages already supported by the platform, Cyolo also supports Chinese for the user interface, further expanding accessibility for global organizations.

Enhancements

Enhanced Multi-Display Viewing

Users accessing VNC applications can now view each display independently. They can choose between:

• Fit to screen – view all multi-server displays scaled to their screen
• Single display view – focus on one display at a time
• Custom screen portion – define a specific portion of a display to be shown

This provides greater flexibility and control when working with multi-display VNC environments.

Generic Secret Authentication Support VNC applications now support Generic Secret as an authentication method. This improves the user experience by eliminating the need to enter a username and password — users are only prompted for a password.

Cyolo Connect Step-Up Authentication

Cyolo Connect now detects when passwordless (certificate-based access) users attempt to access destinations that would become accessible if they were explicitly logged in to the Cyolo platform. In such cases, the agent prompts the user to sign in with a password, enabling seamless continuation of access without requiring manual troubleshooting.

Network Application Conflict Detection

Cyolo Connect now detects and prevents activation of conflicting applications with static IP configurations. When users connect, only applications without overlapping address, port, and protocol definitions are activated, ensuring predictable routing and avoiding conflicts across sites.

When Cyolo Connect users attempt to activate a network application (by clicking its icon on the Applications Portal) that conflicts with one or more other applications, they are notified of the conflicting applications and presented with the option to deactivate the conflicting ones.

Cyolo Connect ARM-based macOS

This change is transparent to Cyolo Connect users. The application no longer depends on Rosetta 2 and now runs using a macOS-compatible binary for the underlying architecture. Rosetta 2 enables a Mac with Apple silicon to use apps that were built for a Mac with an Intel processor.

Stdout-Only and JSON Log Output

Added new global logging options to disable log saving and replication, and to output logs to stdout in JSON format.

New Features

Asset Access Hub

Centralized asset visibility and control, streamlined access workflows, and real-time monitoring with auditing.

See Adding and Managing Assets.

Multi-Language Interface

The Admin and Application Portals are now available in German, Spanish, and more for a localized experience.

See Multi-Language Support.

WhatsApp for MFA and Authorization Requests

Administrators can now select to send user messages through WhatsApp and reduce the dependency on SMS.

See the section Global on the page Other Global Settings.

Policy-Level Threat Intelligence Controls

Enables administrators to turn Threat Intelligence enforcement on or off at the policy level and block specific IP categories, such as VPN, Proxy, Tor, Relay, Hosting, or other malicious sources.

See Block based on connection method under Parameters of a Conditions Profile here.

Instant Collaboration Link

Administrators can enable secure session collaboration. This provides authorized users with a secure and simple way to invite unmanaged identities to join sessions.

See Allow secure session collaboration on the Policy Actions page.

Multi-Domain Application Publishing

Admins can publish applications across multiple domains.

Multi-Level Access Approvals

Configure up to 5 approval levels in sequence, where each level must approve before proceeding to the next, with comprehensive audit logging.

Connector Management

Connectors function as stateless components that enable asset connectivity within the cluster environment. These components do not store tenant-specific configurations and are accessible through the Admin Portal interface.

Enhancements

Application Self-Service Marketplace

Introduces a controlled, auditable self-service portal where users can request access to admin-approved applications. Admins define which applications appear in the marketplace and can require users to provide a justification when submitting a request.

IDAC Storage Role Alert

Alerts administrators when none of the IDACs are assigned the storage role, ensuring uninterrupted recording and secure file transfers.

Password Reset

Administrators can now reset user passwords with two options: they can either require the user to change their password at the next login or directly set a new password on the user's behalf.

Functionality in Clusters Lacking RAFT Leadership

Two-IDAC tenants without a RAFT leader continue to operate with limited functionality.

Release Notes in New Location

The Release Notes page has been removed from the Admin Portal. Release notes are now available on the Cyolo online knowledge base - here.

Secure Certificate Artifacts

Introduces cert-safe, an encrypted container for cert.pem and key.pem, ensuring secure storage and distribution for IDAC, PG, and Connector.

Activity Log

Logs capture scanned file sizes and session duration.

Syslog JSON Format

Adds a new JSON message format option for syslog output.

Recording Storage Allocation

Enables configurable recording storage allocation via the Admin Portal for greater flexibility.

RADIUS IdP with MFA

MFA is now supported with RADIUS via challenge-response (RADIUS Challenge).

Download and Playback Recordings

Enables auditors to download large recordings and play them in-browser for easy review.

Nested Cyolo Groups

Admins can now use nested Cyolo Groups to simplify access and role assignments. Only Cyolo Groups support nesting, while Dynamic and External Groups do not.

Applications Portal Now Highlights Recently Used Applications

The Applications Portal now highlights the 12 applications used most recently.

SSH to IDAC with Non-Root Credentials

Enables admins to open SSH access to IDAC using non-root credentials, improving security and access control.

Streamlined Access Request Handling

Enables approvers to approve or reject access requests directly from their email, eliminating the need to log into the supervisor page. If a request has already been taken care of, subsequent approvers are immediately informed that it is no longer actionable. SMS notifications now include the requesting user's first and last names.

Shared Personal Secrets Across Applications

Enables users to use the same personal secret for multiple applications. Admins can assign secret groups and see which applications use them, while users are prompted once for credentials, can view all linked applications, and can delete a secret across all associated apps.

Configurable HSTS Max-Age

Admins can configure the Strict-Transport-Security (HSTS) header max-age value, controlling how long browsers enforce HTTPS for the domain.