Release Updates
Product updates to SecureAuth® Identity Platform base release 26.0.0.
Release 26.1.0
Release date: March 31, 2026
What's new
- Dashboard as a standalone application
Administrators can now publish the Identity Platform Dashboard as a standalone internal application. Users such as SOC analysts, auditors, and help desk agents can log in to the Dashboard directly and view reports on logins, user profiles, authentications, and deployments without access to the SA Idp admin console. Administrators control which reports are visible and can scope access by data store, policy, and user group.
For more information, see Dashboard application.
- Session Validation rule for authentication policies
A new Session Validation rule type is available on the Authentication Rules tab in policies. This rule checks whether a user has a valid session from another realm, allowing you to skip re-authentication when appropriate.
Use this to disable Zero Trust continuous authentication in environments where repeated MFA prompts create unnecessary friction. For example, when Transparent SSO enforces continuous authentication, users are prompted for a second factor on every login. With the Session Validation rule, you can configure the policy to skip MFA when a valid session already exists.
For more information, see Policy configuration - Authentication rules.
- Native OpenLDAP data store support
You can now add an OpenLDAP data store in the New Experience. This dedicated connection type provides native support for OpenLDAP directories, including password reset and other identity operations that did not work reliably through the Generic LDAP connection type
OpenLDAP data store support is available for hybrid deployments only.
For more information, see Add OpenLDAP data store.
- Service disruption handling in authentication rules
The Policy configuration - Authentication rules tab in policy configuration now includes a Service Disruption Handling section for managing IPv6 connectivity issues and service unavailability. Previously available only as global realm-level settings in the classic experience, these options are now part of the new experience policy configuration. Administrators can select from the following actions for each scenario: no action, continue adaptive authentication, refuse authentication request, skip to post-authentication, or require two-factor authentication.
Improvements & fixes
- Automated PostgreSQL setup for air-gapped deployments
The air-gapped installer now installs and configures PostgreSQL automatically as part of the deployment process. You no longer need to set up PostgreSQL on a separate server or prepare database connection strings. See Air-gapped deployment overview.
- SecureAuth Connector 2.2.1
The SecureAuth Connector installer now includes a cache configuration step. During installation or upgrade, you can select a caching mode for the connector service:
No Caching. The connector retrieves user data directly from the data store on every authentication request.
In Memory. The connector stores user data in memory for 30 minutes, resetting the timeout each time the same user authenticates. The connector only queries the data store for save operations like lock, unlock, or property updates. This is the default.
Redis. Same behavior as In Memory, but stores the cache in a Redis instance. You provide a connection string during installation, and the installer validates the connection.
Caching reduces the number of queries to Active Directory and other data stores during authentication, which helps with performance under high authentication loads.
For installation instructions, see SecureAuth Connector installation. For upgrade instructions, see SecureAuth Connector update.
- Reduced SecureStorage dependency for on-premises deployments
On-premises deployments no longer require SecureStorage for datastore configuration. The Identity Platform stores datastore settings directly, reducing infrastructure complexity. Existing encrypted passwords are decrypted automatically during initialization, so no manual migration is required.
- Username and password authentication with Entra ID
You can now use username and password login workflows with Microsoft Entra ID data stores that are federated to Microsoft applications like Office 365. A new Validate user password check box in the Entra ID data store connection settings sends user credentials directly to Microsoft for verification, instead of redirecting the user to the Microsoft sign-in page. This option uses the connection credentials already configured in the data store. For more information, see Add Microsoft Entra ID data store.
- Open application behavior setting for SSO Portal
You can now control how applications open from the SSO Portal page. A new Open application behavior setting on the SSO Portal Page configuration page provides two options: New tab (default), which opens the application in a new browser tab, and Same tab, which opens the application in the current tab. Previously, applications always opened in a new tab with no way to change this behavior. See SSO Portal configuration.
Release 26.0.2
Release date: February 27, 2026
Changes
Fixed an issue in cloud deployments where the broker GetDataStores request timed out during login, causing authentication errors for users. This resolves a recurrence of the issue previously addressed in release 24.4.3.
Added a feature flag to disable continuous authentication during Transparent SSO (TSSO) flows. Previously, upgrades enabled this behavior by default, which changed authentication prompts in existing customer environments without requiring a policy reconfiguration.
Release 26.0.1
Release date: February 20, 2026
Fixes
Resolved issue where SP-initiated SAML POST binding failed with a "Cannot find the requested object" error when the AuthnRequest signature contained a KeyValue element instead of an X509 certificate in the KeyInfo block.
Fixed issue in Modern Theme where the browser tab title changed to the page URL after signing in to a realm instead of displaying the configured document title.
Release 26.0.0
Release date: January 30, 2026
Updates
- Air-gapped deployment support
Continues to support air-gapped deployments for strict network isolation introduced in release 24.5.0. For implementation details, see Air-gapped deployment overview.
- Authenticate OTP verification in Help Desk
Help Desk users can verify end user identity using codes from the SecureAuth Authenticate app. This option is available only in Help Desk pages using the SA IdP theme. See Help Desk user verification process.
- Additional account management settings
Administrators can now show or hide the following settings on the Account Management and User Portal pages, allowing help desk staff and end users to view or clear them as needed:
Help Desk pagePassword Throttling
MFA Throttling
Cookie Keys
OTP Validation
OIDC Consent
User Portal / Self-Service pageCookie Keys
OTP Validation
OIDC Consent
- Support for specific Distinguished Name (DN)
Added support for creating LDAP users under a specific Distinguished Name (DN) for Active Directory datastores.
Fixes
Improved risk engine timeout handling to prevent authentication delays during database latency issues.
Fixed issue on the Account Management page where Reset buttons appeared for authentication methods set to "Show Disabled". The Show Disabled setting now prevents the Reset action from appearing in the UI.
Resolved issue where group restrictions configured in the New Experience failed to validate membership when using OpenLDAP or Tivoli datastores.
Resolved task cancellation errors that caused data store and profile property retrieval failures during broker timeouts.
Resolved datastore search issue where users with identical usernames across different domains were looked up in the wrong datastore during authentication.
Fixed issue in Policy configuration on the Login Workflow tab where the Save Changes button did not activate when enabling username or password suppression on existing conditional username rules.
Resolved PIN display issue on the User Account page where encrypted PIN values triggered an "Invalid format" error message after logout and login.
Resolved issue where TOTP failover to on-premises authentication did not occur when cloud services returned 404 Not Found errors.
Resolved issue in Advanced Settings where custom application URLs did not display correctly when copying existing realms or creating new realms, causing the "view in browser" option to fail.