Skip to main content


SecureAuth documentation for Identity Platform release 22.12.

What's new

Read on to learn more about new features and improvements in the SecureAuth® Identity Platform release 22.12.

Role-based access control (RBAC)

Role-based access control (RBAC) is now available in the Identity Platform New Experience. RBAC is also supported in both Identity Platform cloud and hybrid deployments.

For more information about RBAC, see Role-based access control overview.

SCIM support

The Identity Platform now supports the System for Cross-domain Identity Management (SCIM) specification for managing user identities. In this release, we now support the just-in-time provisioning of SCIM user identities for service providers. Support for updating SCIM user identities will be coming soon in a hotfix update.

For more information about SCIM support, see SCIM provisioning overview.

OIDC enhancements

Enhancements to OpenID Connect (OIDC) include the following updates:  

  • Ability to add custom claims to OAuth2 access tokens

  • For all custom claims, you can define a scope relationship to dynamically include in the tokens

  • Client scope deny list can be inverted to an allow list

  • Configurable nbf (not before) claim time offset

  • Ability to make the claim with group values as an string array instead of a comma delimited string

Windows SSO integration with Azure AD

In the Identity Platform, you can set up Windows SSO for your integrated resources with Azure AD using Azure AD Domain Services. The configuration connects with the SecureAuth Integrated Windows Authentication (IWA) services for Kerberos-based authentication.

For more information about this integration, see Windows SSO integration with Microsoft Entra ID.

Available only in Identity Platform cloud deployments.

DMZ support

You can now set up a DMZ connection in the Identity Platform in the New Experience.

For more information, see Configure a DMZ SecureAuth Connection.

FIDO2 device registration improvement

We've added support for administrators to define FIDO2 device restrictions for their end users in the global settings.

For more information about the Advanced Settings configuration, see FIDO2 WebAuthn global MFA settings.

Identity Platform and Arculix integration

You can set up the Identity Platform as an IdP factor to enable intelligent MFA with Arculix by SecureAuth and the Arculix Mobile app. With the powerful combination of the Identity Platform and Arculix, this extends your capabilities with a passwordless continuous authentication solution.

To set up an integration, see SecureAuth IdP and Arculix integration.

Arculix theme for end user logins

We've added a new Arculix theme in the Identity Platform for the end user login pages.

Migrate legacy realms

You can now move legacy realms that were created in the Classic Experience (renamed to Advanced Settings) to the New Experience. With this migration you can assign integrated data stores and an authentication policy that are set up in the New Experience to migrated applications.

For more information about migrating realms, see Classic Experience migration to the New Experience.

Other improvements and fixes

Bulk upload hardware tokens

Added support for bulk uploads of hardware OATH tokens (TOTP and HOTP tokens).

For more information about this, see Bulk upload hardware OATH tokens using CSV file.

Copy authentication policy

Administrators have a new option to copy authentication policies in the Policy List.

For more information about copying policies, see Manage policies.

Global Aux ID in New Experience

Added support for Global Aux IDs in the Application Manager connection settings in a new "Static Attributes" section.

New configuration properties in Login for Endpoints

New configuration properties were added to the Login for Endpoints installer UI in the New Experience.

To learn more, see the Login for Windows 22.06 release notes and the Login for Mac 22.06 release notes.

Set password hashing encryption format for SQL data store

Added new field in SQL data store to set the password hashing encryption format to SHA-1 or SHA-256.

Remove data store property mapping restrictions

All data store property mappings are now editable. This applies to the following data stores:

  • Active Directory (AD)

  • Azure AD

  • eDirectory

  • Generic LDAP

Rename Classic Experience to Advanced Settings

On the Identity Platform UI, in most places, we've renamed the Classic Experience to Advanced Settings.

Select realm number for applications

When adding a new application in the New Experience, you can select a realm number for that application.

SecureAuth Connector version number

SecureAuth Connector version number is now displayed on the UI.

Test credentials

The Test Credentials button is available in more data store integration settings to help test your data store connection.

Available to supported data stores in Identity Platform hybrid deployments.