XMedius Cloud Change History • Account Administration

Administrator -

This article lists the changes of the XMedius Cloud platform.


(Update 21)

Enhanced Password Policies

Administrators can now configure the following Password Policies:
  • Minimum length for Users and Administrators passwords
    • This setting was available prior to this update.
    • In order to adhere to best practices, the minimum acceptable value has been set to 8 instead of 6. All accounts have been upgraded to meet this minimal condition; existing passwords that do meet the criteria are not affected by this change.
  • Password Complexity
    • The Administrators can now configure how many criteria must be met and how many characters of each type must be in the password.
  • Password History
    • Administrators can now configure how many past passwords cannot be reused.
  • Password Expiration
    • Administrators can configure an expiration (in days) for passwords.
    • Once a password is expired, Users will be prompted to change their password.
    • Administrators can also enable a Password Expiration Reminder email.
    • It is possible to override the account's Password Expiration policy by setting Password Never Expires on selected User accounts.
  • Password Must be Changed at Next Logon
    • It is now possible to require a password to be changed at next logon. This can be done both at User account creation or by editing the Security settings of an existing account.

Users are now notified by email when their password is changed.

XMedius highly recommends Administrators to review their account's Password Policies.

Disabling of built-in Passwords

Some usage scenarios may not require a User to have a password on the platform. For example:
  • When using uniquely email-to-fax (and email notifications), a User may not need to authenticate against the platform's login page.
  • When using external SSO, built-in account authentication may not be required for most accounts.
    • In this situation, it is advisable to keep a password on some Administrator accounts (ideally with 2FA enabled) in order to keep control over the account in case of issues with the SSO integration.

It is now possible to disable the use of a platform's password on individual User accounts, either at account creation or by editing the Security Settings of an existing account. This does not impact the ability to login via SSO.

Once built-in password is disabled, a User cannot perform a Password Reset (I Forgot My Password).

For security reasons, it is recommended to disable built-in passwords on accounts that don't need them.

Mandatory Two-Factor Authentication (2FA)

Two-Factor Authentication (Time-based One-Time Password, TOTP) can now be made mandatory:
  • In the account settings, Administrators can set Two-Factor Authentication to be Optional (same as before) or Mandatory.
  • This setting applies to Users authenticating against the platform's built-in login page. It has no impact on the external SSO login flows.
  • If set to Mandatory:
    • Users will be asked to configure their 2FA following a first successful login.
    • It is possible for Administrators to exclude specific User accounts from this requirement.

Users are now notified by email when their 2FA is enabled or disabled.

User Account Locking

Administrators can now configure automatic account locking policies:
  • In the account settings, Administrators can now configure the number of failed login attempts before an account gets locked, as well as an auto-unlock policy (in minutes).
  • Default value of locking access after 6 failed login attempts and auto-unlocking after 30 minutes have been applied to all accounts.
  • Locked accounts are identified with a "Locked" tag in the Users administration page and a filter has been added to easily identify them.
  • Administrators can manually unlock a locked account from the User Account Security page.

Users are now notified by email when their accounts are locked because of too many failed login attempts.

Restricted Access to Enterprise Account

Account Administrators can now enable a Restricted Access mode on the Enterprise Settings page. When enabled, XMedius Customer Service Agents and Reseller Administrators (for those whose accounts can be managed by their Resellers) will completely lose access to the customer's account data and settings.

This can be used to meet internal security and contractual requirements. Customers should however be aware that blocking access to their account will prevent support teams from reviewing any account configuration and might require more customer involvement in the resolution of support tickets.

Disabling Email-To-Fax Support

A new distinctive setting has been added to enable or disable support for Email-To-Fax. By default, new accounts will have email-to-fax disabled and Administrators requiring the feature will need to enable the functionality (in the Enterprise Settings page). Email-to-fax remains enabled for accounts created prior to this update.

In order to prevent abuse due to email address spoofing, Administrators should immediately enable IP filtering or SPF record check when enabling this functionality.

Security & Privacy Officer Contacts

Customers can now configure Security and Privacy contact information that will be used in the event XMedius has to reach out to discuss an important Security or Privacy matter.

Note that these contacts don't have authority over the account. Customers should keep this information up to date by going to the Enterprise Settings page.


  • Administrators can now configure how long an invitation link is valid (default 7 days).
  • Administrators can now configure how long a password reset link is valid (default 24 hours).
  • Administrators can now export the Credit Transaction History data to CSV or Excel formats in order to better analyze where credits are spent. The credit transactions now also indicate to which service each usage relates to.
  • The fax International Price List now contains Country and Destination names (in addition to Phone prefixes). Also, the rate of 246 Phone prefixes of the fax international Price List were updated in line with market offer (147 prefixes decreased, 99 prefixes increased).
  • Various other improvements and security fixes.


  • Added support for the upcoming Fax App for HP Workpath enabled devices.
  • Refactored the loading of the navigation bar across applications to avoid a problem with browser caches.
  • Fixed various issues with the User Welcome emails content, as well as links that cannot be clicked.
  • Fixed an issue with the pagination of the Usage Detail page that would load forever.
  • Fixed issue with the thick applications (SendFAX, SendSecure for Outlook) login page that would not work if Remember Me was used previously.
  • Fixed missing translation on the US Letter Of Authorization form used for number porting.
  • Various improvements and security fixes.


(Update 20)

SAML 2.0 Support for SSO Integration

Enterprise Accounts can now be configured for user Single Sign-On (SSO) through SAML 2.0 (alternatively to WS-Fed / WS-Trust).
  • The SAML 2.0 protocol can now be selected as protocol for SSO integration and your Enterprise Settings can be configured according to your SSO Identity Provider (IdP).
  • SAML 2.0 integration has been validated with IdPs such as AD FS (on Windows 2012 R2+), Okta and F5 – but it is technically compatible with other IdPs (for example, OneLogin).
  • Once configured in your account, SSO login using SAML 2.0 works out-of-the-box with the XMedius Cloud Web applications.
  • To have it work with SendFAX or XM SendSecure for Outlook, your users need to update their application to the latest version, namely:
    • SendFAX (minimum)
    • XM SendSecure for Outlook (minimum)
  • MFP connectors can work with SAML 2.0, if they are configured to use the "shared account" or "device login" mode (conversely, they cannot work in "user prompt" mode).
  • Mobile applications (XM Fax and XM SendSecure), as well as the XM Fax Print To Web printer do not currently support SSO login using SAML 2.0.

For more information, see Single Sign-On (SSO) Integration.

AD FS Server IP Whitelisting for SSO using WS-Fed / WS-Trust

If you are considering to enable SSO using WS-Fed / WS-Trust as protocol, you may now need to have your AD FS server IP address added to an internal whitelist by XMedius, depending on your actual client integrations:
  • AD FS server IP address whitelisting is required if your users are using at least one of the following:
    • MFP connectors in "user prompt" mode
    • Mobile applications (XM Fax and XM SendSecure)
  • AD FS server IP address whitelisting is not required if your users are only using the following:
    • Web applications and the XM Fax Print To Web printer
    • SendFAX (minimum)
    • XM SendSecure for Outlook (minimum)
Important: AD FS server IP whitelisting:
  • is performed on-demand – only if needed, according to the above details – through a specific request sent to XMedius.
  • does not apply to supported SAML 2.0 integrations.
  • is not required if your SSO integration using WS-Fed / WS-Trust was already enabled before Cloud Platform Update 20 (i.e. it has been already done).

Trusted Email Domains for Email-to-Fax

If your corporate environment requires that your faxes are mainly sent by email, you can now simply enable the email-to-fax functionality based on the email address domain of your users, without needing to create user accounts.
  • In this specific use case, no user account creation is required, but your enterprise account must be configured to trust one or several email domains (owned by your company).
  • The Trusted Email Domains configuration is only performed on-demand by XMedius through a dedicated request form.
  • Anyone using an email address that belong to these trusted domains will be able to send faxes by email, but will not benefit from any other functionality of your XMedius cloud solutions – unless this person is also registered (i.e. have a user account) in your enterprise.
  • All faxes sent by email in this context will use the same default settings as defined in the enterprise account: default faxing profile, default user language and main fax number for outbound number – except for registered users (who may have different personal settings).
Important: In this context, the risk of potential abuse increases significantly, as any email address of the specified trusted domains will be accepted by your enterprise account. In all cases, it is strongly recommended to appropriately secure the email communications involved when using the email-to-fax functionality.

For more information, see Allowing Unlisted Users to Send Faxes by Email.

Other Improvements

  • The main menu of the Web portal now has the same style and behavior across all Web pages/applications to provide users with a consistent navigation experience.
  • The Fax Numbers list CSV/Excel export option now includes a new column with the Fax Number Note in the exported file.
  • Various other improvements and security fixes.


A new version of the Active Directory Synchronization Tool (1.1.3) is available:
  • The AD Sync Tool has been updated to run with Python 3.7 (which is now the minimum required Python version).
  • The AD Sync Tool now supports LDAPS for Active Directory connection/authentication, including a new option to validate the LDAP server certificate.
  • Other minor improvements and fixes.


  • Various improvements and security fixes.


  • In an effort of corporate branding consolidation, the XMedius Cloud services have been renamed across the platform:
    • XMediusSENDSECURE becomes XM SendSecure
    • XMediusFAX becomes XM Fax
  • Various other improvements and security fixes.


  • The letter of authorization (LOA) for number porting requests in Germany has been improved to allow specifying the name of the original service provider.
  • The Canadian platform now supports creating number requests for numbers in US zone.
  • The layout of PDF invoices (subscription) has been adjusted to avoid the text from being truncated at the bottom of longer invoices.
  • Various other improvements and security fixes.


  • Toll-free numbers can now be added in the same account as regular fax numbers (DID):
    • To enable the support of toll-free numbers and know the related billing details, contact your sales representative.
    • The availability of this feature may be subject to conditions if your fax service is provided through a reseller.
    • Once the feature is enabled, adding/porting toll-free numbers must be requested by opening a support ticket.
    • For more information on toll-free numbers, see the article: Managing Fax Numbers.
  • SendSecure user license information is now available in the portal for administrators of accounts in subscription mode (when the SendSecure service is enabled):
    • The total number of subscribed licenses is displayed in the Enterprise Settings page.
    • The number of licenses that are still unused is displayed at the top of the user list.
  • Call detail record (CDR) improvements:
    • A tab has been added in the CDR (Excel file) to list the number porting events that occurred within the billing period.
    • The Rate column label has been adjusted to provide a more accurate context depending on the type of recorded call.
    • Administrators of accounts in subscription mode can now enable or disable the sending of the CDR by email (attached with the invoice) at the end of the billing period.
  • Administrators benefit from several new user management options:
    • The list of users can now be exported, either in the form of a CSV or an Excel sheet. Among others, this list includes the fax numbers assigned to each user.
    • The list of users can now be filtered by role (for example, to get the current list of administrators) and by service to which they have access.
    • Administrators can now edit all users at once (bulk edit) for the following user properties: access to the SendSecure service, display language and time zone.
    • Administrators can now manually create a user account even if an invitation is pending for this user.
  • The list of fax numbers can now be exported by administrators, either in the form of a CSV or an Excel sheet. Among others, this list includes the users assigned with each number.
  • The layout of the invoice statements (PDF) has been improved to provide more accurate and detailed billing information (only available in subscription mode).
  • Various other improvements and security fixes.


  • An expiration time has been added to links sent via email:
    • Password reset links will now expire after 24 hours.
    • User Invitation links will now expire after 1 week.
  • The user email validation performed in SSO context when using MFP apps/connectors or local applications installed on user PCs is now case insensitive.
  • Fixed an issue where the RIO field (used for number requests in France) was not copied to the new request when using the "Copy As New Request" functionality.
  • The user account creation API now allows to create users with random password regardless if SSO is enabled in the enterprise account or not.
  • Various other improvements and security fixes.


  • Users now receive an email notification when they are assigned a fax number. This notification is sent separately from the initial welcome email that users receive when their account is created. Administrators can enable or disable the sending of such email notifications for all users at the enterprise level (among enterprise account settings).
  • In Single Sign-On (SSO) configuration process involving AD FS integration, the certificate fingerprint string is now automatically sanitized to avoid a common issue that was observed from copying and pasting the intended value from the AD administration console.
  • The SSO mechanism has been improved to avoid potential authentication issues using MFP apps/connectors or local applications installed on user PCs.
  • Call Detail Records (CDR) now exclude External Numbers from the totalized count of numbers shown in Excel sheet tab in order to reflect the exact count of numbers that are actually invoiced.
  • The number porting request flow has been improved to properly display the current status of the numbers involved in a request.
  • Support of the upcoming XMediusFAX App for Toshiba MFPs.
  • Various other improvements and security fixes.


  • Improved user identification process when accessing the Help Desk.
  • Prepaid credits can now be consumed by any service according to predefined credit rates specific to each service.
  • Charges for SendSecure in prepaid now appear in the Credit History of prepaid accounts.
  • Additional email addresses can now be specified to receive automated messages related to billing (i.e. monthly invoice and CDR for accounts with subscription; credit expiration reminders for prepaid accounts).
  • Implementation of a new form to support number ordering in Italy.
  • Various improvements and fixes in number ordering/porting processes.
  • Support of AD FS 2012 for Single Sign On configurations.
  • Implementation of a notification service to support upcoming mobile device notification functionality.
  • Various other improvements and security fixes.


  • A new version of Active Directory Synchronization Tool (1.0.5) is available:
    • The AD Sync Tool now tries to re-process all entries that were not successfully synchronized during the previous script execution.
    • The Country attribute of AD users can now be properly synchronized to the portal.

      Note that existing AD Sync configuration file needs to be manually updated in addition to the fix: in attributes_mapping, change the country value from "co" to "c".

    • The DistinguishedNameExtractor has been improved to properly parse the DN if the OU contains an escaped comma.
    • Other minor improvements and fixes.


  • Administrators can now enable Single Sign-On (SSO) for their users, using AD FS with the WS-Federation protocol.
  • Various other improvements and security fixes.


  • Administrators of enterprises that have subscribed to both the Fax and SendSecure services can now control the access of individual users to the SendSecure service.
  • Various other improvements and security fixes.


  • Administrators can now assign an External Fax Number to users (as outbound fax number) when manually creating user accounts.
  • Various other improvements and security fixes.


  • Enterprise Settings now include an option to enable/disable the sending of a Welcome email to users (following user account creation).
  • The fax number porting request form for European countries has been updated to include porting date fields.
  • Various other improvements and security fixes.


  • The Enterprise Account (unique identifier used among others in Web Portal URLs) can now be defined with as little as 2 characters (minimum).
  • Enterprise Settings now include a section "Account Owner" where information about the person who has authority over the Account can be specified (on demand, by XMedius Team).
  • The fax number ordering/porting request forms have been adapted to improve the processing of the requests according to the country of the requesting enterprise.
  • External Fax Numbers (owned by your company but not serviced by the XMediusFAX Cloud Service) can now be requested and added as Outbound Fax Numbers. For more information, see: Managing Fax Numbers.
  • Email Spoofing Protection (SPF record check) can now be enabled to avoid unauthorized sources to send faxes by email in the name of your enterprise. For more information, see: Securing Email-to-Fax Communications.
  • Various other improvements and security fixes.


  • Various improvements and security fixes.


  • Added support for the upcoming XMediusFAX Hybrid functionality.
  • Last Enterprise Administrator account can no longer be deleted.
  • Fixed missing German welcome emails.
  • Various other improvements and security fixes.
Have more questions? Submit a request


Powered by Zendesk