Changes between 23.07 and 24.04
Organizations that want or need a cloud or hybrid solution with ease of use at the forefront of the design, will find a lot to like in the SecureAuth® Identity Platform release 24.04. Existing customers will see the new features discussed briefly in the following table.
Admins will use the Identity Platform release 24.04 New Experience to configure and manage more aspects of the environment than in earlier releases of the Identity Platform product.
The following table maps terms, concepts, and features that you know from using the Identity Platform release 23.07 and earlier to new terms, concepts, and features in the Identity Platform release 24.04.
For a list of all enhancements, updates, and known issues for the current release, see What's new.
23.07 or earlier | 24.04 and later | Differences |
|---|---|---|
--- | Block push notifications: Added admin setting to allowing users to block unknown login requests. | New admin setting allowing users to block unknown login requests. This setting is in the Multi-Factor Methods > Authenticate Apps configuration. To learn more, see How to block and unblock login requests in Authenticate. |
--- | Use Cloud Storage: New setting in the data store properties. | The data store properties have a new setting, Use Cloud Storage. Instead of storing this value in your data store, you can store this value in an Aux ID to the cloud profile database. To learn more, see How to set up Aux ID for cloud storage. |
--- | Copy data store: Added the option to copy a data store and its configuration settings. | We've added the ability to copy a data store. This makes it easier to clone a data store and change attributes for other applications. |
--- | FIDO2 confirmation email: Added a confirmation email option to notify users of FIDO2 changes | Send a confirmation email to the user when they enroll or remove a FIDO2 authenticator in their profile. To learn more about configuring this setting, see How to send a confirmation email about a FIDO2 device. |
--- | Only allow enrollment from MDM devices: Added setting to restrict QR and URL enrollments to MDM devices | You can only allow QR and URL enrollment from mobile device management (MDM) devices. This setting is in the Internal Application Manager for QR or URL enrollment page configuration |
--- | Override company display name: Added setting in the application configurations | In the application configuration, you can override the default company name that is set in the Multi-Factor Methods > Authentication Apps settings. This setting is in the Application Manager and Internal Application Manager. |
--- | Policy configuration - Login workflow: Added setting to delegate SAML-based authentication to an external IdP. | New setting in the authentication policy allows you to delegate SAML-based authentication to an external identity provider, like Arculix. |
--- | Prevent third-party app scan of QR code: New setting in the Internal Application Manager for QR enrollment page | You can prevent users from using third-party apps to scan the QR code on the QR enrollment page. |
--- | SAML post-auth message: Displays post-authentication action message during login workflow | During a SAML post-auth login workflow, it displays a message to users to be patient. To customize this message, see How to modify SAML post-auth message. |
Dashboard: Limited data analysis. | Dashboard: Enhanced data organization and analysis for better insights. | Enhancements made for improved data organization, enriched data analysis, and quicker data refresh. |
FIDO2 device layout view: By default, the FIDO2 Enrollment page displays devices in a table view. | FIDO2 device layout view: New admin setting to choose whether devices display in card view or table view. | New admin setting to set how users will view their devices on the FIDO2 Enrollment page. Admins can choose the card view or table view for their users. |
FIDO2 device restriction options: Restrict the number of FIDO2 device enrollments as Unlimited, 1, 5, or 10. | FIDO2 device restriction options: Restrict the number of FIDO2 device enrollments as No limit, or 1 through 10. | More options to restrict how many FIDO2 devices a user can enroll. |
Inline password change: Available only in Advanced Settings for a realm | Inline password change: Now available in the New Experience in an authentication policy | Setting now available in the New Experience for authentication policies. It's on the Login Workflow tab. The setting allows users to change their password inline without leaving the page. |
Login for Endpoints: Aux ID: Map | Login for Endpoints: OTP Validation: Map | We've added a new OTP Validation field in the data store properties. For end user authentication in Login for Endpoints, you will need to map to this field instead of an Aux ID. |
Password Policy: Password policy is linked at the application level in the Application Manager. | Password Policy: Password policy is linked in the authentication policy on the Login Workflow tab | Before, the password policy was linked to the application in the Application Manager. We changed where password policies are linked, which is now in the authentication policy. It's on the Login Workflow tab. |
Password change notification: Sends only an email notification about a password change. | Password change notifications: Added push notification option to notify user of a password change. | Send a notification to the mobile app to let the user know about a password change. To learn more about configuring this setting, see How to send a notification about a password change. |
Realm limit: Supports up to 999 realms. | Realm limit: Supports more than 999 realms. | We've extended realm limit beyond 999. |
Risk Provider: Available integrations with risk providers. | Risk and Assurance Providers: Added Level of Assurance (LOA) to analyze user logins an provide LOA confidence scores for user risk. | We've integrated a machine-learning based Assurance Provider to analyze login patterns of users. It generates a Level of Assurance (LOA) confidence score for each user. The LOA score helps decide whether to increase or decrease user friction at the time of login. |
SAML Logout: Available only as a Value Added Module (VAM) | SAML Logout: Now available in the SAML application configuration settings | Provides seamless termination of user sessions in the Identity Platform (IdP) when they log out of an SP. |
Secure Portal: Comes with a standard theme and fixed layout. | SSO Portal: Now known as the SSO Portal and comes with layout customization options. | You can now change the look and feel of your organization's SSO Portal. Edit the default portal theme, or create custom themes, and set how application tiles appear. |
SecureAuth Connector Installer: Automatically sends the Connector passcode to the email on file. | SecureAuth Connector Installer: You can confirm or change the email where you receive the Connector passcode. | When generating the Connector configuration files, we added the ability to confirm or change the email address where you receive the passcode. |
Single Logout (SLO): Available only as a Value Added Module (VAM) | Single Logout (SLO): Now available in the SAML application configuration settings | Provides seamless termination of connected SPs within the corporate SSO ecosystem when the user logs out of an SP. |
Static display of password rules: Static display of password rules with no interactive or responsive guidance | Real-time display of password rules: Displays password rules in real-time | Users can now see the password rules in real-time when they change their password for an application. To learn more, about setting up password rules, see How to configure and display password rules for users. |
Theme: Default theme set to 2019. | Theme: Default theme set to SA IdP. | Changed the default theme to SA IdP on the Overview tab in the Advanced Settings. This is the theme for the pre-authentication login page that displays MFA options. |
Windows SSO: Configured as a login workflow option in a policy. | Windows SSO: Configured as a condition in an authentication rule for Country, IP Range, or Threat Service | Windows SSO as an MFA method has moved to the Authentication Rules tab in the authentication policy. You can use Run Windows SSO as a condition in an authentication rule for Country, IP Range, or Threat Service. |