4.9.9.1 Server Release Notes

  • Updated on Apr 20, 2026
  • Published on Apr 16, 2026
  • 2 minute(s) read
  • Austin Rominger
 Prev Next

Downloads

MFA Server 4.9.9.1

Client-Side Components 4.9.9.1

  • Note: Client-Side Components are not required unless you are utilizing the MFA AD Lookup Tool

New Features

Perpetual Apple Push Certificate

This version of the MFA server includes a .p8 certificate key file for the Apple Push Notification Service (APNS). Its authentication is API key-based. In previous MFA server versions and yearly updates, we have used a certificate-based .p12 file for authentication that required annual renewal and distribution. Yearly updates to the .p8 certificate are no longer required for PingMe to function.

TWOFA-50

  • FIPS compliance for MFA Server
  • Resolve critical issues generated from Snyk report for the MFA products

TWOFA-293

  • Resolves critical Snyk issues in the MFA server

Issues Resolved

TWOFA-11

  • User unenrolled mobile device, but can still use mobile OTP to authenticate

TWOFA-318

  • PIN more than 127 characters is not working with MFA Client Windows logon

TWOFA-362

  • If one Contactless Card profile set is edited, changes are reflected for all profile sets

TWOFA-363

  • User cannot open Role List page after opening Directory Mapping page

TWOFA-371

  • PingMe Push Notifications are Delayed in 4961 when from UAC

TWOFA-381

  • SMS is not being sent to the user (NTRad Ping Utility)

TWOFA-382

  • Account should lock when Invalid PIN entered 3 times (RADIUS PingMe)

TWOFA-383

  • Multiple OTP are sent to user through SMS and Email (RADIUS)

TWOFA-391

  • User with Fingerprint method is not able to login with PIN on MFA Client

TWOFA-401

  • "Attempts Until PIN is Blocked" policy fails for OTP Users for 4 or more attempts

TWOFA-402

  • Max Attempts policy for OTP in which Pin Required is "NONE" is not working as expected for SSP

TWOFA-403

  • Max Attempts policy for OTP in which Pin Required is "NONE" is not working as expected for MFA Client

TWOFA-449

  • Reports "By User" Buttons Do Not Work

TWOFA-531

  • Account is Not Locked at MFA Server Side for Ping Me Users

TWOFA-536

  • Unlock user account at Admin portal when unlocked from mobile app

TWOFA-538

  • User is logging into MFA server without approving a PingMe request for Android

TWOFA-539

  • Lock and unlock notifications are not working on mobile app

TWOFA-541

  • Audit Logs Do Not Properly Record OTP Logins

TWOFA-615

  • User is unable to Login with fido at credential provider UI

TWOFA-696

  • AD user getting error when we reactivate or add the user with wind password

Backwards Compatibility

Compatibility has been verified for the following MFA Client versions:

  • 4.9.8.1
  • 4.9.7.1
  • 4.9.6.1

Older versions may work, but they will not contain all of the fixes in the most recent client releases, so some features may not behave as expected.

Tasks

TWOFA-505

  • Replace Apple Push Notification certificate in MFA-Server 4.9.9.1 Build

TWOFA-594

  • Update MFA Admin Portal "Help" Link

TWOFA-595

  • Offline License Activation Page Displays Wrong Info

TWOFA-601

  • Rebranding MFA Server

TWOFA-606

  • Upgrade MFA Server build version to 4.9.9.1 and verify backward compatibility

TWOFA-652

  • Rebranding PingMe Mobile App: Change Default Brand Color