Skip to main content

Known issues

SecureAuth Identity Platform release 23.07 has the following known issues. Where possible, use the described workaround until we can apply the fix in a later release.

23.07 known issues

Ref ID




The Service Account Password is a required field in the SecureAuth IWA Service Settings section of the AD data store.

In edit mode, when the password field is empty, the data store does not warn the user when clicking Save.

Make sure the Service Account Password field is populated.


In edit mode, after saving changes in the SecureAuth IWA Service Settings section, using the Backspace key in any field automatically causes the page to Save.

After saving and if you're still in edit mode, select and overwrite text.

Or, click Back to Summary and click the pencil edit icon to edit the page again.


The Authenticated User Redirect field on the Post Authentication tab in the Classic Experience is not disabled for a new internal application created in the New Experience.

This issue happens when you immediately click the link to finish the configuration in the Classic Experience as soon as the new internal application is created in the Internal Application Manager.

When you click Create Connection for the new internal application, leave the page and return to the newly created internal application in edit mode.

Then, click the Go to Classic Version to finish the configuration for this application at the bottom of the page.


In the Classic Experience, after making some changes on the Adaptive Authentication tab for a realm, and selecting the check box for another realm, when you click Save, there is no prompt to confirm your changes.

Be sure to save your on the changes on the current realm before selecting another realm.


An issue occurs for an Administrative Password Reset page configured in the Classic Experience with the Username Textbox field set to Enabled - change other user passwords.

It does not send an email notification to the user whose password was changed on their behalf by an administrator.



An issue occurs when an application realm is configured with the following settings:

  • Set to Theme 2019

  • Any of the following login workflows with Password as the last MFA method:

    • Username | Second Factor | Password

    • Username | Password

    • (Valid Persistent Token) | Password

    • (Valid Persistent Token) | Second Factor | Password

  • Device Recognition Method section has Client Side Control set to Java Applet

User can successfully log in, however it incorrectly displays a "Password does not match" error message.



An issue occurs with correctly displaying the password complexity rules created using the Password Policies in the New Experience, and then attached to the Password Reset page in the Internal Application Manager.

The issue is that it incorrectly displays the password complexity rules from the Classic Experience instead of from the New Experience password policy.

Modify the rules in the Classic Experience to match the rules created for a password policy in the New Experience.


For Mobile Enrollments view In the Dashboard, the Device Name sort order incorrectly displays all device names with the first character as uppercase A-Z first, followed by lowercase a-z.



Browser language changes the field name on end user login pages with the Arculix theme.

For example, the field name should be Username, but it displays User ID.



On the Password Reset page, the user receives an error message that the new password does not meet the password policy requirements. However, it incorrectly resets the old password.

The issue occurs when there is an Identity Platform password policy attached to the Password Reset page. The Azure AD password policy takes precedence for meeting password requirements.



In Password Throttling, the following scenarios could occur:

  • When the login workflow is User | MFA | Password, it displays the password page after n failed attempts and thereafter, it displays the locking / blocking message.

  • When the login workflow is User & Password | MFA, the behavior is inconsistent and allows up to two more attempts.



In the login workflow, when two different MFA options have the same name, one of them will not work correctly.

For example, a FIDO2 (with PIN) method has a name like "PIN". And you have the Personal Identification Number (PIN) enabled as a method on the MFA options page.

Change the name of the FIDO2 method to something other than "PIN", like "Windows Hello PIN".


There is an issue with registering a FIDO2 Platform authenticator type (like Windows Hello) with an Attestation Type of Indirect or Direct on a Windows 11 machine.

Use an Attestation Type of None for Platform authenticators on Windows 11.


Preferred MFA does not work correctly on a machine that has FIPS enabled.



The login page does not open for a realm configured in the Advanced Settings with Azure AD data store that has an expired or incorrect service account password.

Update the service account password for the data store.


In the Advanced Settings, when creating a new realm by cloning an existing realm and then clicking the link of the newly created realm, the page loading animation never stops.



Using the Classic Migration feature in the New Experience does not work for applications with the following postauth pages:

  • Authorized/SAML20SPInitPost.aspx

  • Authorized/WSFedProvider.aspx