❗️

High-Risk Update: Backend Updates and Security Enhancement

Recent updates include adjusting auth_code_lifetime, with a fix applied to revert it to 1 minute. Also, some Next Identity Journeys calls have been migrated to Next Identity IDP as part of efforts toward IDP agnosticism. We are closely monitoring the system and have a 15-minute rollback plan in place. Please report any issues immediately to ensure platform stability.

🌟

Highlights

This release delivers key updates to enhance security, usability, and foundation for new features including:

• Notable Bug Fixes: Resolved Progressive Profile, Biometrics, Authenticator App, verification messaging, and account merge issues to improve user experiences.
• Security & Fraud Prevention Enhancements: Improved authentication code timing to strengthen security measures and reduce potential risks.
• Additional Platform Enhancements: Foundations for new Connect integrations, no-code journey builder, support for upcoming configuration propagation feature, improved 2-Step Verification layout, and refined the DE locale consent statement. Also includes streamlined Authenticator App setup and 2FA options, optimized navigation, and clarified marketing consent text.

The following changes are included in this release of the Next Identity platform.

Enhancements

Connect

• Foundation for Providers Feature: Laid the groundwork for managing identity providers and creating instances in the Providers section.
• Backend Enhancements: Continued migrating account-related endpoints to further improve compatibility with future IDP integrations and enhance IDP agnostic capability.

Unify

• Foundation for Settings Propagation and Authentication Journey Step Management: Laid the groundwork for future features that will allow App Team members to propagate settings changes across environments and manage Authentication journey steps. The Next Identity Console will detect setting inconsistencies between environments and notify users.
• Improved Back Button Navigation in Authentication Journey: Enhanced the back button functionality to ensure users are redirected to the correct client details page for the selected environment, rather than defaulting to the first tab.
• Updated Marketing Consent and Terms: Revised the marketing consent text and Terms & Conditions to ensure compliance and clarity across all supported languages.
• Redirect to Alternative Verification Methods: Updated the user flow to allow users to choose their preferred 2FA method before proceeding with verification.
• Security Tab and Authenticator App Setup Layout Improvements: Updated the Security Tab to consolidate two-step verification options in a unified layout, reordered options for easier navigation, and standardized button design for a cohesive experience.
• Improved Consent Statement Formatting for DE Locales: Enhanced the DE locale consent statement with updated text and hyperlinks, providing clear, accessible information during registration for seamless access to relevant documents.

Bug Fixes

Analyze

• Mismatched Client Counts Between Feature Adoption and Inventory: Resolved an issue where the client counts for certain features did not match between Feature Adoption and Inventory, ensuring consistency across both views.

Unify

• Progressive Profile and Biometrics Functionality Restored: Fixed issues causing the Progressive Profile screen and Biometrics features to not display or function as expected, ensuring both operate consistently with prior configurations.
• Improved Authenticator App Setup and Removal: Streamlined Authenticator App setup and removal with fixes for double-confirmation, visibility after activation, setup access for existing users, added "Skip" option for optional 2FA, corrected display on success page, fixed sign-out redirection and UI issues.
• Authentication Timing Discrepancy: Resolved an issue where authentication timing differed from expected behavior, ensuring security alignment.
• Change ID Validation Issue: Resolved an issue where attempting to change the ID with a non-existing new user resulted in an error.
• Repeated Merge Screen Display After Account Merge: Resolved an issue where users encountered the merge screen upon each Google login attempt, even after accounts were successfully merged.
• Account Activation and Verification Issues: Resolved an issue where account verification links remained active beyond their expiration time and verification codes were sent to previous mobile numbers instead of updated ones.
• 2-Step Verification and Personal Details Update Issues: Addressed an issue where the 2-step verification page displayed an incorrect message for SMS authentication and resolved an error preventing updates to personal details when modifying the mobile number for two-step verification.
• Unauthorized Access Message Displayed Correctly: Fixed an issue where users with restricted access encountered a security error instead of the expected information message advising them to contact an administrator.
• User Info Retrieval Error: Resolved an issue where accessing the User Info button returned a 500 error instead of displaying user information.