Skip to main content

Changes between 22.02 and 22.12

Organizations that want or need a cloud or hybrid solution with ease of use at the forefront of the design, will find a lot to like in the SecureAuth® Identity Platform release 22.12. Existing customers will see the new features discussed briefly in the following table.

Admins will use the Identity Platform release 22.12 New Experience to configure and manage more aspects of the environment than in earlier releases of the Identity Platform product.

The following table maps terms, concepts, and features that you know from using the Identity Platform release 22.02 and earlier to new terms, concepts, and features in the Identity Platform release 22.12.

For a list of all enhancements, updates, and known issues for the current release, see What's new.

22.02 or earlier

22.12 and later

Differences

Classic Experience

Advanced Settings

On the Identity Platform UI, in most places, we've renamed the Classic Experience to Advanced Settings.

---

Arculix by SecureAuth

You can set up the Identity Platform as an IdP factor to enable intelligent MFA with Arculix by SecureAuth and the Arculix Mobile app. With the powerful combination of the Identity Platform and Arculix, this extends your capabilities with a passwordless continuous authentication solution.

To set up an integration, see Identity Platform and Arculix integration.

Themes

Arculix theme

We've added a new Arculix theme in the Identity Platform for the end user login pages.

---

Bulk upload hardware tokens

Added support for bulk uploads of hardware OATH tokens (TOTP and HOTP tokens).

For more information about this, see Bulk upload hardware OATH tokens using CSV file.

FIDO2 WebAuthn

Device registration improvements

We've added support for administrators to define FIDO2 device restrictions for their end users in the global settings.

For more information about the Advanced Settings configuration, see FIDO2 WebAuthn global MFA settings.

DMZ support (Advanced Settings)

DMZ support (New Experience)

You can now set up a DMZ connection in the Identity Platform in the New Experience.

For more information, see Configure a DMZ SecureAuth Connection.

---

Migrate legacy realms

You can now move legacy realms that were created in the Classic Experience (renamed to Advanced Settings) to the New Experience. With this migration you can assign integrated data stores and an authentication policy that are set up in the New Experience to migrated applications.

For more information about migrating realms, see Classic Experience migration to the New Experience.

Login for Endpoints

New configuration properties in Login for Endpoints

New configuration properties were added to the Login for Endpoints installer UI in the New Experience.

To learn more, see the Login for Windows 22.06 release notes and the Login for Mac 22.06 release notes.

Data store properties

No restrictions on data store property mappings

All data store property mappings are now editable. This applies to the following data stores:

  • Active Directory (AD)

  • Azure AD

  • eDirectory

  • Generic LDAP

OIDC

OIDC, added features

Enhancements to OpenID Connect (OIDC) include the following updates:  

  • Ability to add custom claims to OAuth2 access tokens

  • For all custom claims, you can define a scope relationship to dynamically include in the tokens

  • Client scope deny list can be inverted to an allow list

  • Configurable nbf (not before) claim time offset

  • Ability to make the claim with group values as an string array instead of a comma delimited string

Policies

Policies, copy policy

Administrators have a new option to copy authentication policies in the Policy List.

Realm number, auto-assigned

Realm number, selection option

When adding a new application in the New Experience, you can select a realm number for that application.

Role-based access control (RBAC) in Advanced Settings

Role-based access control (RBAC) in the New Experience

Role-based access control (RBAC) is now available in the Identity Platform New Experience. RBAC is also supported in both Identity Platform cloud and hybrid deployments.

For more information about RBAC, see Role-based access control overview.

---

SCIM support

The Identity Platform now supports the System for Cross-domain Identity Management (SCIM) specification for managing user identities. In this release, we now support the just-in-time provisioning of SCIM user identities for service providers. Support for updating SCIM user identities will be coming soon in a hotfix update.

For more information about SCIM support, see SCIM provisioning overview.

SecureAuth Connector

SecureAuth Connector, version number on UI

SecureAuth Connector version number is now displayed on the UI.

SQL data store

SQL data store, password hashing

Added new field in SQL data store to set the password hashing encryption format to SHA-1 or SHA-256.

Test Credentials only with Active Directory

Test Credentials in more data stores

The Test Credentials button is available in more data tore integration settings to help test your data store connection.

Windows SSO integration only with Active Directory

Windows SSO integration with Azure AD

In the Identity Platform, you can set up Windows SSO for your integrated resources with Azure AD using Azure AD Domain Services. The configuration connects with the SecureAuth Integrated Windows Authentication (IWA) services for Kerberos-based authentication.

For more information about this integration, see Windows SSO integration with Azure AD.