The following lists hotfixes for the Identity Platform release 22.02.

22.02 hotfixes

Release No.

Release Date

Ref ID

Issue / Description




SAML Update Issue – Addressed issue with updating SAML settings, which prevented data store lookups in the membership provider.


Digital Fingerprint (DPF) in 2019 Theme Issue – Addressed issue with browser device fingerprint sometimes not pushing out MFA.




FIDO2 Improvements – Improvement to the user experience to display the name of FIDO devices in the login authentication delivery method list.


Enhanced SAML Consumer – Added the ability to integrate the Identity Platform as a SAML SP with Acceptto eGuardian or any third-party IdP.


Data Store Test Connection Improvement – The data store integration settings now has a Test Credentials button to help test your data store connection.

Available to supported data stores in Identity Platform hybrid deployments.


Account Management Issue – Addressed issue with CyberArk SQL data store profile updates through the Account Management (Help Desk) page.


Endpoint Login Issue – When a user logs in locally on a workstation with a validated password that does not match their password stored in their organization's domain data store, the login screen will prompt the user for their domain password before MFA.


Migration Support – Added support in the Identity Platform to migrate Classic Experience realms to the New Experience.

For more information about migrating Classic Experience realms, see Classic Experience migration to the New Experience


Username Look up Performance Improvement – Added support for domain\username look ups in the New Experience to address performance issues.

To address performance issues with username look ups across multiple data stores, you can use the data store name as the "domain" identifier in the login string, like domain\username.

For example, the data store name in the New Experience is acmeAD and your login username is jsmith, you would enter acmead\jsmith as the username in the login workflow.

Data store name must only have alphanumeric characters and no spaces or symbols

For more information, see the knowledge base article: How to speed up logins to applications


Passcode App Issue – Fixed issue where it did not correctly register the Passcode app on a desktop machine.


Mobile Services Migration Issue – Addressed an Identity Platform upgrade issue with mapped OATH Tokens.


TOTP Throttling Improvement – Improvement to TOTP throttling logic; cache is correctly cleared on successful login attempt.


AppPool Performance Improvement – Improve AppPool performance with Identity Platform call to SecureAuth cloud services.


New Application Improvement – In the New Experience, when you create a new application, endpoint, or FIDO2 enrollment page, you can select the realm number.


RBAC Configuration Issue – Addressed an issue with saving configuration changes to the role-based access control (RBAC) on the UI.


Adaptive Auth Redirect Issue – Addressed issue with signature validation in SP-init redirect to a different realm.


Country Code Lookup Issue – Addressed issue with the default country code issue on the Classic Multi-Factor Methods tab.


Audit Log Update – Update in the Auth API to mask knowledge-based answers (KBA) in the Audit logs.


FIDO2 Device Registration Improvement – Added support for administrators to define FIDO2 device restrictions for their end users in the global settings.

For more information about the Advanced Settings configuration, see FIDO2 WebAuthn global MFA settings


Global Aux ID Support – Added support for Global Aux IDs in the Application Manager connection settings in a new "Static Attributes" section.


Digital Fingerprint Issue – Addressed issue with user agent string picking up identical digital fingerprint settings in Google Chrome and Microsoft Edge.

After applying the hotfix, this issue can still occur for a specific configuration. See this KB article for a workaround: Workaround for digital fingerprint hotfix


Remove Mobile Device Issue – Addressed issue with removing mobile devices on the Account Management (Help Desk) page.


Session URL Issue – EncryptUser.aspx has a ReturnURL to send the encrypted user cookie after authentication. This fix allows a dynamic ReturnURL, if it is provided and our ReturnURL is left blank.


Application Integration Support – Added support for unique application integrations that do not require the selection of a data store in the application integration settings.


Legacy Mobile App Registration Issue – Fixed an issue where legacy SecureAuth Authenticate app mobile registrations were not showing as an MFA method.


Option to Hide HID Token Button Support – Added support to optionally hide the HID token button in the Self-Service and Help Desk pages.

To use this feature, go to the Classic UI > Post Authentication tab for the Account Management Help Desk or Self-Service page configuration and set the Hard Token Button display type to Show or Hide.


Proof Key for Code Exchange (PKCE) Improvement – Improve PKCE support to revoke access tokens without a client secret.


FIDO2 Support – Added support to enable FIDO2 devices in the Classic Experience.