Skip to main content

Known issues

SecureAuth Identity Platform release 24.04 has the following known issues. Where possible, use the described workaround until we can apply the fix in a later release.

24.04 known issues

Ref ID




The Service Account Password is a required field in the SecureAuth IWA Service Settings section of the AD data store.

In edit mode, when the password field is empty, the data store does not warn the user when clicking Save.

Make sure the Service Account Password field is populated.


In edit mode, after saving changes in the SecureAuth IWA Service Settings section, using the Backspace key in any field automatically causes the page to Save.

After saving and if you're still in edit mode, select and overwrite text.

Or, click Back to Summary and click the pencil edit icon to edit the page again.


The Authenticated User Redirect field on the Post Authentication tab in the Classic Experience is not disabled for a new internal application created in the New Experience.

This issue happens when you immediately click the link to finish the configuration in the Classic Experience as soon as the new internal application is created in the Internal Application Manager.

When you click Create Connection for the new internal application, leave the page and return to the newly created internal application in edit mode.

Then, click the Go to Classic Version to finish the configuration for this application at the bottom of the page.


In the Classic Experience, after making some changes on the Adaptive Authentication tab for a realm, and selecting the check box for another realm, when you click Save, there is no prompt to confirm your changes.

Be sure to save your on the changes on the current realm before selecting another realm.


An issue occurs for an Administrative Password Reset page configured in the Classic Experience with the Username Textbox field set to Enabled - change other user passwords.

It does not send an email notification to the user whose password was changed on their behalf by an administrator.



An issue occurs with correctly displaying the password complexity rules created using the Password Policies in the New Experience, and then attached to the Password Reset page in the Internal Application Manager.

The issue is that it incorrectly displays the password complexity rules from the Classic Experience instead of from the New Experience password policy.

Modify the rules in the Classic Experience to match the rules created for a password policy in the New Experience.


For Mobile Enrollments view In the Dashboard, the Device Name sort order incorrectly displays all device names with the first character as uppercase A-Z first, followed by lowercase a-z.



Browser language changes the field name on end user login pages with the Arculix theme.

For example, the field name should be Username, but it displays User ID.



On the Password Reset page, the user receives an error message that the new password does not meet the password policy requirements. However, it incorrectly resets the old password.

The issue occurs when there is an Identity Platform password policy attached to the Password Reset page. The Azure AD password policy takes precedence for meeting password requirements.



In Password Throttling, the following scenarios could occur:

  • When the login workflow is User | MFA | Password, it displays the password page after n failed attempts and thereafter, it displays the locking / blocking message.

  • When the login workflow is User & Password | MFA, the behavior is inconsistent and allows up to two more attempts.



In the login workflow, when two different MFA options have the same name, one of them will not work correctly.

For example, a FIDO2 (with PIN) method has a name like "PIN". And you have the Personal Identification Number (PIN) enabled as a method on the MFA options page.

Change the name of the FIDO2 method to something other than "PIN", like "Windows Hello PIN".


Preferred MFA does not work correctly on a machine that has FIPS enabled.



The login page does not open for a realm configured in the Advanced Settings with Azure AD data store that has an expired or incorrect service account password.

Update the service account password for the data store.


In the Advanced Settings, when creating a new realm by cloning an existing realm and then clicking the link of the newly created realm, the page loading animation never stops.



Using the Classic Migration feature in the New Experience does not work for applications with the following postauth pages:

  • Authorized/SAML20SPInitPost.aspx

  • Authorized/WSFedProvider.aspx



In the Application Manager, you can add a SAML application without completing the required fields.

Make sure to complete the required fields before saving the application.


In the data store settings for Microsoft Entra ID (formerly Azure AD), you can enable Allow Windows SSO and save the configuration without completing the required fields.

Make sure to complete the required fields before saving the data store settings.


When copying a data store, it allows you to save the data store with an empty Service Account Credentials password field.

In the copied data store, enter the Service Account Credentials password.


The FIDO2 Enrollment page, when seen on a mobile device in a card view, might have misaligned text at some resolutions.



In the SSO Portal, a Windows SSO application requires the user to enter their credential.

It is not recommended to have a Windows SSO application in the SSO Portal since it will always prompt the user to enter their credentials.


SecureAuth IdP and Arculix integration (IdP Chaining) issue.

An issue occurs when you log into an application that starts in SecureAuth IdP. For example, you log in with a username and password on the SA IdP page at samlSP.aspx. Then, it goes to Arculix for authentication.

If you cancel MFA from Arculix, it redirects you to SecureAuth IdP at AssertionConsumerService.aspx. But, if you click the Restart Login link, it sends you to SecureAuth IdP at the SecureAuth.aspx login page.



Transparent SSO does not work for SecureAuth IdP and Arculix integration (IdP Chaining).



SecureAuth IdP and Arculix (IdP Factoring) SP-initiated by Post integration with SCIM server.

An issue occurs when you authenticate through MFA in Arculix. You might be asked to authenticate again with MFA through SecureAuth IdP.

If the connection setting in the application is configured for SP-initiation by Post, set up the policy to skip MFA.


In the Application Manager, when creating a new application, it does not automatically assign a realm number.

Manually select the next realm number from the list.