Skip to main content


SecureAuth documentation for Identity Platform release 24.04

What's new

Read on to learn more about new features and improvements in the SecureAuth® Identity Platform release 24.04.

Add external identity provider (IdP) in policy

New setting in the authentication policy allows you to delegate SAML-based authentication to an external identity provider, like Arculix.

To learn more, see SecureAuth IdP and Arculix integration (IdP Chaining) and SecureAuth IdP and Arculix integration (IdP Factoring).

Aux ID for cloud storage

The data store properties have a new setting, Use Cloud Storage. Instead of storing this value in your data store, you can store this value in an Aux ID to the cloud profile database.

To learn more, see How to set up Aux ID for cloud storage.

Dashboard enhancements

We've improved the look and feel of the Identity Platform dashboard. Some updates include:

  • Data organization: The dashboard now categorizes data into the following four tabs to optimize analysis:

    • Login Data – Explore data related to logins by system, applications, or users.

    • User Profile Data – Explore cloud profile data associated with each user name.

    • Authentication Types – Explore data on enrolled mobile and authenticator devices, and view push notifications blocked by users.

    • Deployment Data – View product versions for services deployed with your Identity Platform tenant.

  • Quicker data refresh: Dashboard data now refreshes every 3 hours for quicker visibility to key metrics such as user logins.

To learn more, see Dashboard insights.

Password Policy updates

Some password policy updates include:

  • Password Policy change. Before, the password policy was linked to the application in the Application Manager. We changed where password policies are linked, which is now in the authentication policy. It's on the Login Workflow tab. The password policy is no longer restricted to the Password Reset page at the application level. You can now set a password policy for all applications attached to the authentication policy. This includes Account Management pages and SAML applications.

  • Real-time password rules. Users can now see the password rules in real-time when they change their password in the application.

  • Inline password change. Setting now available in the New Experience for authentication policies. It's on the Login Workflow tab. The setting allows users to change their password inline without leaving the page.

To learn more about setting up password rules, see How to configure and display password rules for users.

SAML Logout and Single Logout (SLO)

SAML Logout provides seamless termination of user sessions in the Identity Platform (IdP) when they log out of a service provider (SP).

Single Logout (SLO) provides seamless termination of connected SPs within the corporate SSO ecosystem when the user logs out of an SP.

To learn more, see How to configure SAML Logout and How to configure Single Logout (SLO).

SecureAuth Risk Engine updates

We've integrated a machine-learning based Assurance Provider to analyze login patterns of users. It generates a Level of Assurance (LOA) confidence score for each user. The LOA score helps decide whether to increase or decrease user friction at the time of login.

To learn more about configuring and using LOA, see SecureAuth Level of Assurance (LOA) Provider settings.

Send FIDO2 confirmation email

Send a confirmation email to the user when they enroll or remove a FIDO2 authenticator in their profile.

To learn more about configuring this setting, see How to send a confirmation email about a FIDO2 device.

Send password change notification

Send a notification to the mobile app to let the user know about a password change.

To learn more about configuring this setting, see How to send a notification about a password change.

SSO Portal page improvements

Customize the look and feel of your organization's SSO Portal. You can edit the default portal theme, or create custom themes, and set how application tiles appear. Apply your theme when you configure an SSO Portal page in the Internal Application Manager.

For more information, see SSO Portal themes and SSO Portal configuration.

Windows SSO as an adaptive rule

Windows SSO as an MFA method has moved to the Authentication Rules tab in the authentication policy. You can use Run Windows SSO as a condition in an authentication rule for Country, IP Range, or Threat Service.

Other improvements and fixes

Copy data store

We've added the ability to copy a data store. This makes it easier to clone a data store and change attributes for other applications.

Deprecate Create New From Template

In the Advanced Settings (formerly Classic Experience), we've deprecated the Create New From Template feature.

Extend realm limit

Added improvement to extend the realm limit beyond 999.

FIDO2 device card view

New admin setting to set how users will view their devices on the FIDO2 Enrollment page. Admins can choose the card view or table view for their users.

FIDO2 device restriction options

More options to restrict how many FIDO2 devices a user can enroll. Available settings are No limit, or 1 through 10.

Microsoft Conditional Access Custom Controls

Added out of the box integration with Microsoft Conditional Access and the Identity Platform.

Mobile services updates

We've added some configurations that relate to mobile services features.

  • Override company display name – In the application configurations, you can override the default company name that is set in the Multi-Factor Methods > Authentication Apps settings. This setting is in the Application Manager and Internal Application Manager.

  • Enable blocking of push notifications – New admin setting allowing users to block unknown login requests. This setting is in the Multi-Factor Methods > Authenticate Apps configuration.

    To learn more, see How to block and unblock login requests in Authenticate.

  • Prevent third-party app scan of QR code – You can prevent users from using third-party apps to scan the QR code on the QR enrollment page. This setting is in the Internal Application Manager for QR enrollment page configuration.

  • Only allow enrollment from MDM devices – You can only allow QR and URL enrollment from mobile device management (MDM) devices. This setting is in the Internal Application Manager for QR or URL enrollment page configuration.

New OTP Validation field for Login for Endpoints

We've added a new OTP Validation field in the data store properties. For end user authentication in Login for Endpoints, you will need to map to this field instead of an Aux ID.

SAML post-auth message

During a SAML post-auth login workflow, it displays a message to users to be patient. To customize this message, see How to modify SAML post-auth message.

SecureAuth Connector Installer UI updates

When generating the Connector configuration files, we added the ability to confirm or change the email address where you receive the passcode.

Split profiles

In the New Experience, we've improved the ability for applications to pull Membership information and Profile information from different data stores.


Changed the default theme to SA IdP on the Overview tab in the Advanced Settings. This is the theme for the pre-authentication login page that displays MFA options.