❗️

High-Risk Update: Enhanced Security in Client Credential Grants

This release introduces changes to the /token endpoint and client credential grants, expanding access while ensuring tighter security controls. We will monitor the system closely post-release and have a 15-minute rollback plan ready for any critical issues. Please report any anomalies promptly.

The following changes are included in this release of the Next Identity platform.

New Features

Analyze

⭐ Enhanced Feature Adoption Analytics

We've upgraded the Feature Adoption section under Analyze, providing a more intuitive and informative experience for monitoring the adoption of various security features. This enhancement includes new features and improves existing functionality, ensuring a comprehensive view of feature utilization. With this update, you can:

• Instantly view the top 5 features with the highest Adoption Rate upon first accessing the Feature Adoption list.
• Flexibly sort the list by Feature Name or the default Adoption Rate, tailoring the view to your needs.
• Explore a range of new and updated features, including Google reCAPTCHA, Honeypot, various forms of Two-step Verification, Biometric Authentication, One-time Passwords, advanced Threat Guard detectors like Bot, Impossible Travel, New Device, and Risk Detectors, along with Federated Groups and Progressive Profiling.

This enhancement is designed to provide a clearer, more actionable insight into how security features are adopted within your environment, aiding in better decision-making and strategy formulation.

For a detailed overview of the new functionalities and how they can benefit your security posture, check out our documentation.

Operate

⭐ Continuous Self-Service Enhancements

In our ongoing commitment to improve the Next Identity console's usability, we're proud to announce a series of Continuous Self-Service Enhancements. These updates are designed to empower you with greater flexibility and customization of your application.

With the Continuous Self-Service Enhancements:

• Direct edit the "Site Name" field for up-to-date client details.
• Update new client settings, including verification and reset URLs.
• Comment configuration changes, supporting comprehensive audits.
• Enjoy a refreshed Inventory UI designed for better clarity and efficiency.

Discover how to leverage these new self-service capabilities and streamline your management process by exploring our guide.

Enhancements

Adopt

• UI Clarity for Site Naming: Enhanced user interface for clearer site naming during setup.

Analyze

• Analytics Data Collection Update: Our data collection approach in Analytics has been refined, ensuring that only essential data is captured.
• Snowplow Analytics Customization: Enhanced flexibility in analytics settings to better meet specific privacy requirements.

Operate

• Enhanced Inventory and Advanced Search with Two-Step Verification Details: The Inventory feature now includes the "Method" information for Two-step verification, visible when verification is "required" or "optional". Advanced Search now filters by this method, enhancing search precision and user experience.

• Updated Labeling in Inventory and Advanced Search: We've refined the user interface in Inventory and Advanced Search for enhanced clarity and consistency with other product areas.

Unify

• Enhanced Authorization and Auditing for Delegated Access: Introduced a robust authorization mechanism and a comprehensive auditing system in the Delegated Access feature, ensuring secure and traceable admin activities.

• Refined Scope Management in Delegated Access to Third Parties: Explicit user consent is now required for scope grants during registration and login, enhancing control and transparency over data permissions.

• Widget Status Code Information: Improved widget diagnostics with detailed status code visibility.

• Streamlined Email Notifications: Updated notification system to efficiently guide existing users during new application registrations. Learn more about the Registration process on Next Identity.

Infrastructure

• Enhanced Database Namespace and Secret Management: System infrastructure improvements include renaming the database namespace and updating certain secrets for a more secure and efficient environment.

Bug Fixes

Analyze

• Customer Selection Navigation: Corrected navigation errors when switching between customer views.

Connect

• Akamai Identity Cloud Instances Visibility: Addressed display issues for accurate visibility of Akamai Identity Cloud instances.

Operate

• Redirect URI Display Issue: Fixed a bug ensuring consistent display of allowed redirect URIs.
• App Link Update Visibility: Corrected visibility issues for updated app links in the user interface.

Secure

• Threat Guard Enhancements: Improved validation processes and corrected enablement settings for enhanced security control and functionality. Learn more about Threat Guard.
• Device Identification Accuracy Improved: Refined the logic for detecting new devices during security checks, offering greater configuration flexibility and ensuring more accurate device recognition without relying on specific header values.

Unify

• OTP Verification Issue in Customer Mobile Client: Fixed an issue regarding OTP verification challenges when switching from an email client to a mobile client.

• 2FA Activation Text Error for Mobile: Resolved an issue for mobile clients in the 2FA activation process. Previously, users received a misleading message stating that an email with a code was sent, even when using a mobile number. This has been corrected to accurately reflect that an SMS is sent for mobile number verifications, particularly for existing numbers in our system.

• Biometric Login Redirection: Resolved redirection errors for smoother biometric login processes.

• IDP Login Endpoint for JIT Migration: Fixed the login endpoint to support Just-In-Time migration flows effectively.

• User Removal Reliability Enhanced: Resolved a critical bug affecting the reliability of the user removal process. This update ensures users are appropriately managed upon meeting specific criteria, enhancing system integrity.