- 💻
Administrator 3 1
- RapidIdentity 1
- Insights
- Reports
- Back to School Playbook Template
- OnPrem vs Cloud Webinar
- Writing LDAP Filters Webinar
- Basic Troubleshooting Webinar
- End-of-Year Wrap-Up Webinar
- Global Attribute List
- Configuring a Dynamic List Attribute
- Attribute Fields - Best Practices
- Configuring Global Search - Requirements
- Checking your RapidIdentity Version Number
- How to Grant Support Access
- How to Hide Notifications
- Allow/Block Network Traffic
- Internet Browser Requirements
- Using a Google App Password for Google SMTP
- Retention Policies
- Vanity URLs in RapidIdentity
- Role-Based or Attribute-Based ACL Authorization
- Configuring a Custom SMTP Server
- Customizing the Login Page
- Syslog Configuration
- Using CSS to Customize the Login Page
- Web Security Configuration
- Cross-Origin Resource Sharing (CORS) Configuration
- Foreign Language Support within RapidIdentity Updated
- RapidIdentity Authentication 1
- Sample RapidIdentity End User Communication Email
- Using Programmable TOTP tokens with RapidIdentity
- Applications
- Applications Module
- Applications Module - Applications Filter
- Applications Module - My Applications
- Applications Module - Applications Catalog
- Applications Module - Settings
- Form Fill Authentication via Plugin
- Applications Module: Settings & Catalog Webinar
- RapidIdentity IdP Configuration
- How do I Hide or Disable Applications?
- Controlling Application Access
- Administrator Portal 1
- People Module 1
- How to Require Users to Add Profile Information
- Showing Group Memberships on People Details
- How to configure an attribute to be End User Editable
- How do I set Affiliations in RapidIdentity?
- People Module - Delegations Webinar
- People Module - Settings Webinar
- People Module - Sponsorship Webinar
- Managing Locked and Disabled Accounts Deprecated
- Groups Module
- People Module 1
- RapidIdentity GO! View
- Configuring RapidIdentity GO! View
- Profile Self-Service Options in GO! View
- Administrator Managed Folders in GO! View
- Creating Custom Apps in the GO! View
- How to Configure RapidIdentity Go! Mobile Application
- GO! View Portal Personas and Applications Demystified
- GO! View Portal Logo Guidelines
- Creating Announcements
- Using RapidIdentity GO! Mobile Application
- Configuration Module - GO! View Webinar
- Administering the SSO Portal as a Teacher
- Authentication
- Authentication Methods
- Account Claim
- Forgot Username and Forgot Password
- ISAPI Filters
- Configuring Multi-Factor Authentication in RapidIdentity
- Adding MFA to Compromised Users
- Roles Criteria for Authentication Policies
- Preventing Choose Another Policy
- Configure User Preferences for Authentication Methods
- Allow or Block IP Addresses in RapidIdentity
- Service Identities in RapidIdentity
- AD | RapidIdentity Cloud Password Sync
- ECP Lockouts
- RapidIdentity Security
- Hide "Login with Windows Credentials" on the Login Page for Non-Windows Devices
- Authentication Policies - Best Practices
- Authentication Policies Webinar
- Password Vaulting
- Downloadable Password Vault Browser Extension Files
- Creating Applications with Password Vaults
- Managing the Password Vault as an Administrator
- Password Vault Extension
- Using the Password Vault in GO! View
- Using the Password Vault in Classic View
- Deploying RI Password Vaulting Extension with Management Services
- Single Sign On
- OAuth 2.0
- SAML 2.0
- OpenID Connect (OIDC)
- Configuring SAML SSO with StemScopes
- How to Configure Single Sign-On with CAS
- Configuring SSO Applications with LTI 1.0
- Using InCommon
- Integrating EntraID with RapidIdentity for SSO
- Federated RapidIdentity Web Sign-In for Entra Devices
- Federated Chromebook Username Passthrough
- Federated Chromebook Login
- Federated Chromebook Settings
- Configuring SAML SSO with Google
- Configuring SAML SSO with Clever
- Configuring SAML SSO with Canvas
- Configuring SAML SSO with HMH
- Configuring Let's Talk! with RapidIdentity
- Creating a Federation Partner with Jamf Connect
- Universal Authentication Director
- User Agreement Policy
- Social Authentication
- RapidIdentity Lifecycle
- Provisioning
- Example Fields for HR and SIS Extracts or Views for RapidIdentity
- Identity and Access Management Permissions for Cloud Deployment
- Creating a Google Extended OAuth2 Service Account in RapidIdentity
- Creating a Google OAuth2 Service Account for ID Hub
- Creating an Azure OAuth2 Application for RapidIdentity
- Initial Tenant Creation
- Connect Basics Webinar
- How to Update your Third Party Service Account Credentials
- Active Directory Password Filter Details
- Password Filter Installation
- Username Policies: Best Practices
- Provisioning
- RapidIdentity Access Governance
- RapidIdentity Threat Detection and Response
- Rostering 1
- Studio 1
- Infinite Campus API Sync
- Studio Overview Webinar
- Studio Updates Webinar
- Studio Advanced - Part 1 Webinar
- Importing Source from Studio Catalog
- Setting up REST API Target from Catalog
- Setting up a Delimited Text CSV Target from Catalog
- Using Access Groups in Studio
- RapidIdentity Studio Plug-in for PowerSchool
- Rostering Applications Catalog Updated
- Advanced Functions in RapidIdentity Studio
- Troubleshooting in Studio
- Studio Troubleshooting Best Practices
- Job History Logs
- Data Explorer
- Excluding Unneeded Files from Application Templates
- OneRoster CSV Provider Template
- Studio Job Scheduling Update in RapidIdentity 2022.4.5
- Common Studio Log Error Definitions
- Verification of OneRoster REST Consumer on the Studio Tenant
- Studio Access Groups
- How Do Access Groups Work (at a high level)?
- Studio 1
- Phishing Protection
- PhishID Settings
- PhishID Label
- PhishID Contact Info
- PhishID Progress Bar
- PhishID 'This is Safe' button
- Spear Phishing Webinar
- Webinar: Districts can Fend off Sophisticated Phishing Attacks
- Content Filtering Configuration for PhishID
- PhishID Communication Template
- Deploying PhishID with Google Workspaces
- Deploying PhishID Manually
- Deploying PhishID with GPO
- Deploying PhishID with Jamf Pro
- Deploying PhishID with Mosyle
- Deploying PhishID with Jamf Pro for iOS Devices
- Deploying PhishID with Microsoft Intune
- Manually Blocking a URL in the Admin Console
- Adding a domain to the Allowed Domains for PhishID
- Testing PhishID to Generate Suspicious Message
- RapidIdentity Folders
- Installable Components 1
- Identity Bridge
- Identity Bridge Quick Start Guide
- Testing Identity Bridge Connectivity
- Setting up a Windows File Share with Identity Bridge
- Upgrade Process for In-Place Identity Bridge Agents
- Using an Identity Bridge in Connect
- Allow/Block Network Traffic
- Oracle Database troubleshooting over Identity Bridge
- Identity Bridge Connection Troubleshooting
- Identity Bridge Webinar
- Exchange Agent
- Installing Exchange Agent 2023.03.27
- Installing Exchange Agent 2022.7.15
- Configuring IIS For RapidIdentity Exchange Agent
- Error Unable to Open IIS W2SVC Root Object when installing RapidIdentity Exchange Agent
- Test Failure with RapidIdentity Exchange Agent - Connect-MSOLService is not recognized
- How do I know what my RapidIdentity Exchange Agent is connecting to
- Windows Authentication Client 1
- Support for Disconnect/Offline Desktop Access using Password Updated
- Support for WebAuthn - FIDO2 Authentication
- Quick Reference: What's Supported in the Windows Authentication Client?
- Installing the Windows Authentication Client on a Hyper-V Machine
- Windows Auth Client Project Setup, Installation, and Upgrade on VM
- System Requirements
- Installation
- Configuration
- Authentication for Windows Client
- Uninstalling Windows Client
- Known Issues for Windows Authentication Client
- Deploy MSI Installer for Windows Authentication with Windows Group Policy Object (GPO)
- Device Enrollment Manager - Enrolling a Device in Microsoft Intune
- Windows Autopilot - Enrolling a Device in Microsoft Intune
- Deployment of MSI packages through Microsoft Intune
- Silent Install for Windows Client using Command Line Parameters
- Options for Customizing Windows AuthClient Logo
- Fast User Switching with Windows Authclient
- Troubleshooting
- Legacy Form Fill RapidIdentity Browser Plugins
- Identity Bridge
- RapidIdentity On-Premise
- RapidIdentity 1
- 🖥️
Developer 1 1
- Connect Reference 1
- Core Actions
- Array Actions
- Crypto Actions
- Database Adapter Actions
- Date & Time Actions
- DN Actions
- Email Actions
- Encode and Decode Actions
- File Actions
- Flow Control Actions
- Logging Actions
- JSON Actions
- Network Actions
- Port Forwarding Actions
- Records Actions
- XML Actions
- Variables Actions
- Syslog Actions
- System Actions
- String Actions
- Telephony Actions
- Adapter Actions 1
- Active Directory Adapter Reference
- AWS IAM Record Fields Reference
- AWS IAM Actions
- Command Line Interface CLI Actions
- Database Adapter Actions
- JDBC Drivers
- Edmodo Adapter Actions
- Configure OAuth for Edmodo Adapter
- Exchange Adapter Actions
- Force.com Adapter Actions
- Google Classroom Adapter Actions
- Google G-Suite
- Groupwise Adapter Actions
- Keepntrack Adapter Actions
- LDAP Adapter Actions
- MackinVIA Adapter Actions
- Notes Adapter Actions Deprecated
- Office 365 Adapter Actions
- Org Adapter Actions
- Portal Adapter Actions
- QuickSchools Adapter Actions
- Schoology Adapter Actions
- ServiceNow Adapter Actions
- SharePoint Adapter Actions
- Text Adapter Actions
- TIES Adapter Actions
- Web Services Adapter Actions
- Community Adapter Actions
- Example Action Sets
- RapidIdentity Connect - Best Practices
- General Standards
- RapidIdentity Connect Security Considerations
- How to Export a Connect Action Set
- How to build an AD change cookie in RapidIdentity Connect
- Core Actions
- Integrating RapidIdentity with Incident IQ
- Integrating RapidIdentity with Incident IQ in Batch
- Connect RESTPoints
- Accessing RapidIdentity APIs
- RapidIdentity Cloud Directory Schema Updated
- Updating Action Sets from Microsoft Basic to Modern Authentication
- Connect Basics Webinar
- Using pubsub API calls to collect audit events
- Connect Reference 1
- 📎 Educator
- ✏️
Learner
- Claim My Account
- Claim My Account - Spanish
- Account Access and Customization
- Account Access and Customization - Spanish
- Forgot Username (Legacy Policy)
- Forgot Username (Legacy Policy) - Spanish
- Forgot Password (Legacy Policy)
- Forgot Password (Legacy Policy) - Spanish
- QR Username
- QR Username - Spanish
- QR Login
- QR Login - Spanish
- Pictograph Authentication
- Pictograph Authentication - Spanish
- PingMe Authentication
- PingMe Authentication - Spanish
- Using RapidIdentity GO! Mobile Application
- Webinars 2
- ⏰
Features and Enhancements
- RapidIdentity Cloud Release Highlights
- Release 2024.11.0 - What's New?
- Release 2024.10.0 - What's New?
- Release 2024.07.0 - What's New?
- Release 2024.06.0 - What's New?
- Release 2024.03.0 - What's New?
- Release 2024.02.0 - What's New?
- Release 2024.01.0 - What's New?
- Trusted IdP Query Parameter Support
- 2023
- 2022
- New Identity Bridge Agent 2022.3.22
- New Rostering Application Verification Indicator
- New InCommon Federation
- New Rostering Access Groups
- New CAS Authentication Configuration UI
- Enhanced Localization Support
- New Reset Password Policy
- New Forgot Username Policy
- Improved Tenant Administrative Support Access
- New WebAuthn Authentication
- In-app Update Notifications
- User Agreements Added to the Login Flow
- New Persona-based Announcements
- SSO Portal Enhancements
- Release 2022.6.29 - What's New
- Release 2022.8.2 - What's New
- Release 2022.8.25 - What's New
- Release 2022.10.3 - What's New
- Release 2022.10.27 - What's New
- Release 2022.12.8 - What's New
- RapidIdentity GO! Release Highlights
- RapidIdentity LTS Release Highlights
- RapidIdentity Exchange Agent Release Highlights
- RapidIdentity Google Chrome Extension
- RapidIdentity Windows Authentication Client
- RapidIdentity PingMe Mobile App
- RapidIdentity Cloud Release Highlights
- RapidIdentity Release Notes 2
- RapidIdentity Cloud Release Notes
- RapidIdentity GO! Release Notes
- RapidIdentity LTS Release Notes 1
- RapidIdentity Password Vault Browser Extension
- RapidIdentity Legacy Browser Extension
- RapidIdentity Windows Authentication Client Release Notes
- RapidIdentity PingMe Mobile App
- RapidIdentity Installable Components Release Notes 1
- 🎯 Known Issues 1
- 📙
Support Policies
- Support Plans and Service Level Agreements
- Submitting a Support Case
- Escalating a Support Case
- Service Units
- Submitting Product Ideas
- Subscribing to Product Ideas
- Product Idea Status Definitions
- API Support Policy
- Product Support Policy
- Accessibility Policy
- RapidIdentity Security Statement Addendum
- Master Subscription Agreement
- RapidIdentity Copyright Notice
- Third Party Software
- 📕
Support Bulletins 1
- Safari v18 Update Impacts SSO
- RapidIdentity Google Chrome Browser Extension Update
- Social Authentication Methods Deprecation Notice
- CentOS 7 Extended Support for RapidIdentity LTS
- Identity Automation Brand Launch
- CISA Secure By Design Pledge
- PingMe Session Timeout
- WebAuthn Biometric Device Support
- Alternate Change Password Action Vulnerability
- Microsoft PowerShell Deprecations
- RapidIdentity Connect Notes Adapter End of Life Notification
- Duo Universal Prompt
- Connect Process ID Change and Daily Log File Aggregations
- addDistributionGroupMember function fails when called in a Connect Action
- Proxy As Security Vulnerability Identified
- LDAP Filter Deprecation in January 2023 Deprecated
- Chrome FIDO U2F API Deprecation for RapidIdentity
- Introducing Help.RapidIdentity.Com
- Disabling TLS v1.1 on June 1, 2022
- Dropping Support for Internet Explorer 11
- Spring4Shell Vulnerability
- Google Legacy OAuth Flow deprecation
- Microsoft Basic Authentication for Exchange Online Deprecation
- 🔒
Threat Advisories 1
- Phish Wire - December 9 2024 New
- Phish Wire - Nov 25 2024
- Phish Wire - Nov 11 2024
- Phish Wire - Oct 28 2024
- Phish Wire - Oct 14 2024
- Phish Wire - Sept 30 2024
- Phish Wire - Sept 16 2024
- Phish Wire - Sept 3 2024
- Phish Wire - Aug 19 2024
- Phish Wire - Aug 5 2024
- Phish Wire - July 22 2024
- Threat Advisory - June 12 2024
- Threat Advisory - June 7 2024
Phish Wire - December 9 2024
The last two weeks have experienced an increase in spearphishing targeting corporate users on their personal accounts, along with a rise in Netflix phishing activity. Here are some examples and highlights.
hebelex[.]com/
ry74tykjrnm[.]asialink88[.]info
taxliencode[.]constructappsolution[.]com
2ndlinksffice[.]appforconstruction[.]com/
onlinery[.]norterc[.]com/
signin[.]neflix[.]payment-reminders.144-126-136-207[.]cprapid[.]com
payments[.]oauth-netflix[.]updateverification[.]50-6-173-246[.]cprapid.com
signin-netflixpaymentsupdates[.]50-6-172-50[.]cprapid.com
Personal Email Delivery
On November 25th, a staff member at a school district clicked on a spearphish targeting their Microsoft credentials. While the hacker was targeting their professional email password, the end user confirmed that they clicked the phishing link in their personal email.
Hackers know that corporate email is better defended than personal email. Targeting users via their personal email often, therefore, presents a path of less resistance.
Lateral Phishing
On Thanksgiving day, a staff member at an organization opened the below spearphish. It was sent from a valid email address from a known business associate at a local Home Builders Association.
The previous day, an executive at the Home Builders Association had their own corporate email compromised. Leveraging the trusted communications with their contact, the hacker sent an email to the targeted user via the compromised account.
The email contained a View Document call to action, referencing a proposal that was likely anticipated by the recipient. The full email included the sender’s signature and a headshot photo.
Netflix Surge
During the same period, we saw a large surge in Netflix phishing attacks being clicked in districts across Georgia, Texas, and Washington.
Numerous subdomains were detected like the above that use disposable hosting services so that they only stay active for a short period. The phishing attack further redirects security sandboxes to a legitimate Netflix help page. Most of the URLs reference billing or payment.
Actions
Add the specified domains to your block lists.
Focus awareness efforts on high-risk credentials (staff and students).
Educate users that phishing in their personal email can pose serious risks.
Educate users to exercise caution when opening links even when they are delivered from trusted associate email addresses.
Deploy PhishID to protect credentials from targeted spearphishing campaigns.