❗️

High-Risk Update: Enhanced Security in Client Credential Grants

This release introduces changes to the /token endpoint and client credential grants, expanding access while ensuring tighter security controls. We will monitor the system closely post-release and have a 15-minute rollback plan ready for any critical issues. Please report any anomalies promptly.

The following changes are included in this release of the Next Identity platform.

New Features

Analyze

Enhanced Feature Adoption Analytics

We've upgraded the Feature Adoption section under Analyze, providing a more intuitive and informative experience for monitoring the adoption of various security features. This enhancement includes new features and improves existing functionality, ensuring a comprehensive view of feature utilization. With this update, you can:

• Instantly view the top 5 features with the highest Adoption Rate upon first accessing the Feature Adoption list.
• Flexibly sort the list by Feature Name or the default Adoption Rate, tailoring the view to your needs.
• Explore a range of new and updated features, including Google reCAPTCHA, Honeypot, various forms of Two-step Verification, Biometric Authentication, One-time Passwords, advanced Threat Guard detectors like Bot, Impossible Travel, New Device, and Risk Detectors, along with Federated Groups and Progressive Profiling.

This enhancement is designed to provide a clearer, more actionable insight into how security features are adopted within your environment, aiding in better decision-making and strategy formulation.

For a detailed overview of the new functionalities and how they can benefit your security posture, check out our documentation.

Operate

Continuous Self-Service Enhancements

In our ongoing commitment to improve the Next Identity console's usability, we're proud to announce a series of Continuous Self-Service Enhancements. These updates are designed to empower you with greater flexibility and customization of your application.

With the Continuous Self-Service Enhancements:

• Direct edit the "Site Name" field for up-to-date client details.
• Update new client settings, including verification and reset URLs.
• Comment configuration changes, supporting comprehensive audits.
• Enjoy a refreshed Inventory UI designed for better clarity and efficiency.

Discover how to leverage these new self-service capabilities and streamline your management process by exploring our guide.

Enhancements

Adopt

• UI Clarity for Site Naming: Enhanced user interface for clearer site naming during setup.

Analyze

• Analytics Data Collection Update: Our data collection approach in Analytics has been refined, ensuring that only essential data is captured.
• Snowplow Analytics Customization: Enhanced flexibility in analytics settings to better meet specific privacy requirements.

Operate

• Enhanced Inventory and Advanced Search with Two-Step Verification Details: The Inventory feature now includes the "Method" information for Two-step verification, visible when verification is "required" or "optional". Advanced Search now filters by this method, enhancing search precision and user experience.

• Updated Labeling in Inventory and Advanced Search: We've refined the user interface in Inventory and Advanced Search for enhanced clarity and consistency with other product areas.

Unify

• Enhanced Authorization and Auditing for Delegated Access: Introduced a robust authorization mechanism and a comprehensive auditing system in the Delegated Access feature, ensuring secure and traceable admin activities.

• Refined Scope Management in Delegated Access to Third Parties: Explicit user consent is now required for scope grants during registration and login, enhancing control and transparency over data permissions.

• Widget Status Code Information: Improved widget diagnostics with detailed status code visibility.

• Streamlined Email Notifications: Updated notification system to efficiently guide existing users during new application registrations. Learn more about the Registration process on Next Identity.

Infrastructure

• Enhanced Database Namespace and Secret Management: System infrastructure improvements include renaming the database namespace and updating certain secrets for a more secure and efficient environment.

Bug Fixes

Analyze

• Customer Selection Navigation: Corrected navigation errors when switching between customer views.

Connect

• Akamai Identity Cloud Instances Visibility: Addressed display issues for accurate visibility of Akamai Identity Cloud instances.

Operate

• Redirect URI Display Issue: Fixed a bug ensuring consistent display of allowed redirect URIs.
• App Link Update Visibility: Corrected visibility issues for updated app links in the user interface.

Secure

• Threat Guard Enhancements: Improved validation processes and corrected enablement settings for enhanced security control and functionality. Learn more about Threat Guard.
• Device Identification Accuracy Improved: Refined the logic for detecting new devices during security checks, offering greater configuration flexibility and ensuring more accurate device recognition without relying on specific header values.

Unify

• OTP Verification Issue in Customer Mobile Client: Fixed an issue regarding OTP verification challenges when switching from an email client to a mobile client.

• 2FA Activation Text Error for Mobile: Resolved an issue for mobile clients in the 2FA activation process. Previously, users received a misleading message stating that an email with a code was sent, even when using a mobile number. This has been corrected to accurately reflect that an SMS is sent for mobile number verifications, particularly for existing numbers in our system.

• Biometric Login Redirection: Resolved redirection errors for smoother biometric login processes.

• IDP Login Endpoint for JIT Migration: Fixed the login endpoint to support Just-In-Time migration flows effectively.

• User Removal Reliability Enhanced: Resolved a critical bug affecting the reliability of the user removal process. This update ensures users are appropriately managed upon meeting specific criteria, enhancing system integrity.