22.12
SecureAuth documentation for Identity Platform release 22.12.
What's new
Read on to learn more about new features and improvements in the SecureAuth® Identity Platform release 22.12.
Role-based access control (RBAC)
Role-based access control (RBAC) is now available in the Identity Platform New Experience. RBAC is also supported in both Identity Platform cloud and hybrid deployments.
For more information about RBAC, see Role-based access control overview.
SCIM support
The Identity Platform now supports the System for Cross-domain Identity Management (SCIM) specification for managing user identities. In this release, we now support the just-in-time provisioning of SCIM user identities for service providers. Support for updating SCIM user identities will be coming soon in a hotfix update.
For more information about SCIM support, see SCIM provisioning overview.
OIDC enhancements
Enhancements to OpenID Connect (OIDC) include the following updates:
Ability to add custom claims to OAuth2 access tokens
For all custom claims, you can define a scope relationship to dynamically include in the tokens
Client scope deny list can be inverted to an allow list
Configurable nbf (not before) claim time offset
Ability to make the claim with group values as an string array instead of a comma delimited string
Windows SSO integration with Azure AD
In the Identity Platform, you can set up Windows SSO for your integrated resources with Azure AD using Azure AD Domain Services. The configuration connects with the SecureAuth Integrated Windows Authentication (IWA) services for Kerberos-based authentication.
For more information about this integration, see Windows SSO integration with Microsoft Entra ID.
Available only in Identity Platform cloud deployments.
DMZ support
You can now set up a DMZ connection in the Identity Platform in the New Experience.
For more information, see Configure a DMZ SecureAuth Connection.
FIDO2 device registration improvement
We've added support for administrators to define FIDO2 device restrictions for their end users in the global settings.
For more information about the Advanced Settings configuration, see FIDO2 WebAuthn global MFA settings.
Identity Platform and Arculix integration
You can set up the Identity Platform as an IdP factor to enable intelligent MFA with Arculix by SecureAuth and the Arculix Mobile app. With the powerful combination of the Identity Platform and Arculix, this extends your capabilities with a passwordless continuous authentication solution.
To set up an integration, see SecureAuth IdP and Arculix integration.
Arculix theme for end user logins
We've added a new Arculix theme in the Identity Platform for the end user login pages.
Migrate legacy realms
You can now move legacy realms that were created in the Classic Experience (renamed to Advanced Settings) to the New Experience. With this migration you can assign integrated data stores and an authentication policy that are set up in the New Experience to migrated applications.
For more information about migrating realms, see Classic Experience migration to the New Experience.
Other improvements and fixes
- Bulk upload hardware tokens
Added support for bulk uploads of hardware OATH tokens (TOTP and HOTP tokens).
For more information about this, see Bulk upload hardware OATH tokens using CSV file.
- Copy authentication policy
Administrators have a new option to copy authentication policies in the Policy List.
For more information about copying policies, see Manage policies.
- Global Aux ID in New Experience
Added support for Global Aux IDs in the Application Manager connection settings in a new "Static Attributes" section.
- New configuration properties in Login for Endpoints
New configuration properties were added to the Login for Endpoints installer UI in the New Experience.
To learn more, see the Login for Windows 22.06 release notes and the Login for Mac 22.06 release notes.
- Set password hashing encryption format for SQL data store
Added new field in SQL data store to set the password hashing encryption format to SHA-1 or SHA-256.
- Remove data store property mapping restrictions
All data store property mappings are now editable. This applies to the following data stores:
Active Directory (AD)
Azure AD
eDirectory
Generic LDAP
- Rename Classic Experience to Advanced Settings
On the Identity Platform UI, in most places, we've renamed the Classic Experience to Advanced Settings.
- Select realm number for applications
When adding a new application in the New Experience, you can select a realm number for that application.
- SecureAuth Connector version number
SecureAuth Connector version number is now displayed on the UI.
- Test credentials
The Test Credentials button is available in more data store integration settings to help test your data store connection.
Available to supported data stores in Identity Platform hybrid deployments.