Known issues

The Identity Platform release version 20.06 has the following known issues. Where possible, use the described workaround until we can apply the fix in a later release.

20.06 known issues

Ref ID

Description

Workaround

IDP-4777

On the Self-Service page, the user cannot update their account information because it requires KBA (even though it not set as required). This occurs in the Classic Experience on the Multi-Factor Methods tab, when a value (for example, 2) is set for the Number of Answers field under Knowledge Based Settings, and then the KBA for the Self-Service page is set to enabled (but not required).

Set the Number of answers field value to "0" (zero).

IDP-5687

Knowledge based questions and answer entries are missing from the Web.config file. This occurs when you set the Profile Connection Settings to No Data Store, saving it and then going back in and selecting a data store.

Go to the Web Configuration Editor and add the fields back in.

IDP-7030

Device Recognition works with Internet Explorer 10+, but will not function properly in Compatibility View.

If the Compatibility View setting is required, then change the realm configuration to not use Device Recognition.

IDP-7565

This issue exists in realms that have the following conditions:

  • Application integration created in the New Experience

  • Policy assigned to the application integration has KBQ / KBA and/or PIN enabled as multi-factor authentication (MFA) methods

  • 2016 Light theme selected on the Overview tab (legacy realm)

If you have realms with the above conditions, the PIN and KBQ methods do not display on the One-Time Registration Code delivery method page to end users.

Option 1: Change the application realm to use the 2019 Theme.

Option 2: If you must keep the 2016 Light theme, do the following:

  1. In the affected application realm, go to the Multi-Factor Methods tab (Classic IdP Experience), and scroll down to the Multi-Factor Method Order section.

  2. Reorder the multi-factor method by moving one up or down.

  3. Save your changes.

IDP-7569

On the Multi-Factor App Enrollment realm, when OATH Seed (Single) is selected for mobile app enrollment, the Time-based Passcode does not display on the pick list to the end user to enroll in the Authenticate app.

Option 1: The recommended workaround option is in the App Enrollment realm, use the OATH Token option instead of OATH Seed.

Option 2: In order to use the OATH Seed option, both the OATH Seed and OATH Token must be mapped in the Directory Property mapping in a legacy realm in order for the Identity Platform to convert the Authenticate App (OATH Seed) to a token. See the KB article: How to convert an OATH Seed to OATH Token .

And then use a workflow that includes second factor (for example, Username | Second Factor | Password) for the default workflow login and enable Time-based Passcode in the Multi-Factor Methods configuration. Once the end user has successfully authenticated with Passcode in the legacy realm, the Passcode option can be used in any realm.

IDP-7592

On the Portal Page Builder page, when you change the Portal Page Authorization from one form of authorization to "Not Available", all of the realm check boxes are not enabled for selection.

As a workaround, select any option other than "Not Available", then select the "Not Available" option, and click Save.

IDP-7595

Unable to receive certification on the Revoke Certification page.

As a workaround, update the web.config file from the Tools menu.

IDP-7597

Cloud data store latency issue with service account update.

None

IDP-7710

TRX logging enabled on data realms creates redundant traffic.

For a workaround, contact Support.

IDP-8028

The realm (for example, Create User) is not able to send a confirmation email (which is set in the Overview tab > Content and Localization link). This issue occurs in cloud deployments.

For a workaround, be sure the correct default email addresses set in the emailfrom fields (for example, createuser_emailfrom:) to something other than a @secureauth.com address. For example, change it to "do-not-reply@dev-identity.secureauth.com".

IDP-8034

IDP-8152

IDP-8153

IDP-8155

IDP-8244

On the Account Management (Help Desk) page, Using Reset All Registrations does not reset YubiKey. This issue occurs with Active Directory cloud, Azure AD cloud, LDAP, NetIQ eDirectory, and Oracle DB data stores.

To reset the YubiKey registration, do itmanually

IDP-8290

You cannot register both roaming and bound FIDO2 authenticators on the same Android mobile device.

Register either a roaming or bound FIDO2 authenticator on an Android mobile device

IDP-8573

When upgrading from an earlier version of Identity Platform to 20.06, it overwrites the globalsettings.json file.

Back up the globalsettings.json file before doing the upgrade.

IDP-8695

On the Dashboard in the MFA Methods view, when authregmethod contains an empty value or an invalid MFA method value, the label for the MFA method name is blank (or contains the name of the invalid value).

If you're adding the parameter to the API call, be sure to use the right MFA method name so it shows up correctly on the dashboard.

For Identity Platform hybrid deployments, FIDO2 as a login authenticator is not supported on the following:

  • Android using Microsoft Edge browser

  • Android using built-in Face Recognition

  • Apple Safari on desktop/laptop using Touch ID/Password

  • Microsoft Windows with any browser using YubiKey NFC

None