v1.35.2 - June 11, 2024
6 months ago
High-Risk Update: Enhanced Security for OTP Verification
This update modifies OTP verification to update the 'Last Login' field only after successful code entry. We are actively monitoring the system post-release and have a 15-minute rollback plan ready to swiftly address any critical issues. Your immediate reporting of anomalies is crucial to ensuring platform stability and security.
The following changes are included in this release of the Next Identity platform.
Enhancements
Analyze
- Foundation for Integration Insights: Developed the foundational elements for Integration Insights, with initial features deployed exclusively for internal use. This preparatory work sets the stage for a broader release to all customers, ensuring robustness and utility in the upcoming offering.
Connect
- Expanded User Data Management Service: We're introducing a new User Data Management Service as a step toward decoupling from Akamai. This service provides streamlined creation and access to user information, enhanced configuration capabilities, and data source updates in its initial phases.
- Enhanced Last Login Tracking Post-OTP Validation: Improved the update mechanism for the Last Login field to ensure it is only modified after successful OTP validation on the Next Identity side rather than post-credential verification. This change aligns login tracking with actual user authentication completion.
- Enhanced Tracking for Login and Step-Up Authentication Events: Introduced backend capabilities to track the success rates of users completing the 2FA process without using personally identifiable information (PII).
- Improved Error Messaging for Mobile Number Limits: Refined the error message in the Multi-Account Management feature to communicate the limit of 5 accounts per mobile number clearly.
Unify
- Improved App Navigation: Enhanced navigation to ensure users are redirected back to the app instead of the logout URL when navigating back from the mobile number change screen without entering the OTP.
Bug Fixes
Analyze
- New Property Client Listing Error: Addressed an issue in the Next Identity Console where selecting a new property incorrectly displayed clients from a previously selected property. Ensured that new properties are now created without pre-listed clients, maintaining the integrity of property setup.
Operate
- Missing Buttons in Internal feature to Manage Settings: Fixed an issue where the 'Add' button was absent in the internal feature to manage settings of the Next Identity Console when responses were empty.
Unify
- 2FA Configuration Persistence Issue: Resolved a caching problem in the Next Identity Console where the 2FA method did not update immediately after changing the MFA type on the Profile screen. Now, 2FA notifications adhere to the newly configured method without requiring a re-login.
- 2FA Messaging Clarity Fix: Corrected the 2-step verification messaging in the profile settings to be non-specific to the communication method. This resolves confusion by providing a generic message suitable for mobile and email verification.
- 2FA Mobile Validation: Addressed an issue where no validation occurred when updating the Two-Step Mobile field. Now, users are immediately asked for OTP validation on the same screen where they update their mobile number, ensuring consistent security checks.
- JITM Login Screen Display Issue: Resolved a bug where the JITM login screen appeared blank for migrated users and also addressed the absence of a second-time login code prompt.
General
- Increase in Webhook Events: Fixed an issue where two webhook events were triggered instead of one. Now, only a single event is triggered, and the "Changed by" field correctly reflects the client's client ID.