We are pleased to announce the 9.0 release of Topicus KeyHub. This release brings several new features and enhancements and addresses many issues found in previous versions. It is recommended to update your KeyHub deployment.

Personal vault

TKH-260 Every account in KeyHub now has access to a personal vault. This vault can be used to store personal work related passwords and keys. It is not recommended to use this vault to store private accounts because you will lose access to these passwords when your KeyHub account is revoked.


Federated identities

TKH-503 KeyHub 9.0 allows any OpenID Connect provider with discovery support to be used as a directory. This allows you to use cloud platforms such as Microsoft Azure AD and Google for authentication. You can even add one KeyHub deployment as a directory of another KeyHub deployment. Future releases will bring support for other protocols such as SAML 2.0.


Small improvements

The following smaller improvements and bugfixes were made:

  • TKH-499 Removing KeyHub Administrators now requires approval from another administrator.
  • TKH-587 The user is now always prompted for password and 2FA at sign-on for a new session.
  • TKH-588 KeyHub now uses the official initiate_login_uri for IDP initiated login at the Console.
  • TKH-590 Registration wizard no longer prompts for group memberships when this is disabled for the user.
  • TKH-591 New internal accounts are now marked valid directly after activation.
  • TKH-592 The UPN for provisioned ADs no longer contains OU parts from the BaseDN.
  • TKH-593 Users are no longer prompted for their password twice when adding a new vault record.
  • TKH-601 The audit log now shows the manager who removed someone from a group.
  • TKH-603 Users can now choose their own username if enabled for a directory.
  • TKH-604 prompt=login now also prompts for 2FA.
  • TKH-610 Extended access can no longer be requested for dates outside the allowed range.
  • TKH-611 An error was fixed with searching for audit records with a space in the query.
  • TKH-612 An error was fixed with opening your given consent under your profile.
  • TKH-613 An error was fixed with removing multiple records from a vault.
  • TKH-617 The password for admin was not accepted in maintenance mode.
  • TKH-619 Added missing audit records when using SSO.
  • TKH-598 TKH-599 TKH-605 TKH-606 TKH-607 TKH-608 TKH-609 TKH-614 TKH-615 Code coverage from tests was increased substantially.
  • TKH-596 TKH-600 TKH-602 Various styling and translation fixes.