Skip to content

Release Notes 4.13.0

Overview

This document outlines the updates, improvements, and fixes introduced between versions 4.12.0 (released on Aug 25, 2025) and 4.13.0 (released on Oct 20, 2025) of the Excalibur v4 software.

New Features

Integration with Microsoft ENTRA

We’ve added support for Microsoft Entra ID (formerly Azure Active Directory), enabling seamless authentication and user management through this popular identity provider. This integration enhances flexibility and simplifies setup for organizations already using Microsoft Entra for identity and access management.

image

Figure 1. Microsoft Entra Identity Store Creation

Unified Recording Player for PAM Sessions

We’ve introduced a new unified player for PAM session recordings, providing a consistent experience across all session types:

  • Web sessions (rrweb) and SSH/RDP/VNC sessions (Guacamole) can now be played through a single interface.
  • Enhanced player controls for Web sessions, and optimized playback for SSH/RDP/VNC sessions (speed adjustment is only available for Web sessions).
  • Integrated Message Overlay informs users of player states: loading, seeking, errors, and replay options.

  • Under the hood, a PlayerEngine abstraction manages playback, events, and recording control, ensuring smooth interaction across different session types.

  • Seamless experience when reviewing any PAM session.

  • Clear feedback and control during playback.
  • Reduced complexity with a single player interface for all session types.

image

Figure 2. Session Replayer

Centralized Audit Logs

A new Audit Logs page has been added under the Security section, providing a centralized view of all audit logs to quickly review, filter and investigate security-related events in a clear, organized format.

image

Figure 3. Centralized Audit Logs

Usability Improvements

We’ve improved how lists behave so you can stay focused on what matters most. Now, when you navigate away from a list and come back, your filters, search terms, sort order, and pagination settings will be remembered.

Improved Invitation List Visibility

We’ve added the User Full Name column to the Invitation List table. This enhancement provides better visibility and makes it easier to identify and manage invited users at a glance.

image

Figure 4. Enhanced Invitations List

Optional Identity Store Setup

The Identity Store setup in the deployment wizard is now optional. Organizations can choose an alternative user verification method, giving more flexibility during deployment and simplifying setup for environments that don’t require a full identity store configuration.

Improved Passkey Registration Error Handling

We’ve enhanced the Passkey registration process to provide clearer and more actionable error messages, helping users understand and resolve issues more easily.

  • "No Passkey has been selected for deletion"
  • "Missing discoverable credential support"
  • "Missing user verification support"
  • "No supported public key credential parameters algorithm"
  • "One Passkey already exists on this device. Please remove it first."
  • "Passkey registration ceremony was aborted"
  • "Invalid domain"
  • "Invalid Relying Party ID"
  • "Invalid User ID length."
  • "Malformed public key credential parameters"
  • "Passkey registration failed"

SMTP and MS Graph Email Configuration Enhancement

The sender field in SMTP and MS Graph email configuration now supports including a display name. You can use the following formats:

  • "Name Surname" <email@example.com>
  • Name Surname <email@example.com>
  • email@example.com

Emails sent from the platform can now show a friendly sender name, improving clarity and professionalism in communication.

image

Figure 5. SMTP Configuration