❗️

High-Risk Update: Delegated Access, User Status, & 2FA Logs

This update affects delegated access scopes, user session handling for disabled users, and two-factor authentication logging. Potential issues include incorrect permission assignments, session terminations, and broken redirects. Please report any issues immediately to ensure platform stability.

🌟

Highlights

This release delivers key improvements in security, usability, and platform capabilities:

• Enhanced Application Management Experience: Launched a new homepage for App Management View, updated Client Details with key components, and refined Application Manager role permissions for better workflow control.
• Granular Delegated Access & User Status Management: Introduced admin-controlled user record scopes for Delegated Access, ensuring precise permissions. Added a "Disabled" user status for better identity lifecycle management and controlled reactivations.
• Strengthened Security & Logging Enhancements: Improved 2FA logging with UUID inclusion, resolved authentication code rejection issues, and enforced password prompts for security changes. Addressed biometric authentication account selection and Google social login failures for a smoother user experience.

The following changes are included in this release of the Next Identity platform.

Enhancements

Operate

• Expanded Secret Rotation Capabilities: Users can now initiate and complete secret rotation independently, extending support to NI Vault clients.
• Updated Application Manager Permissions: The Application Manager role now has View and Edit permissions for the User Hosted Journeys component in Next Identity Console and can create, edit, delete, and assign workflows.
• New App Management View Homepage: Introduced a redesigned homepage for the Application Management View with dynamic components that adjust based on user permissions, ensuring a visually consistent and user-friendly experience. Learn more about this new homepage.
• Client Details Enhancements in Application Management View: Added new components, including a quick link to documentation, datasource details, theme configuration, Redirect URI allow list, and configured providers. Components adjust based on user permissions. Learn more about the page and the enhancements.
• Biometrics Setting Logic Update: Improved the logic for detecting apps enabled for biometrics or passwordless, ensuring invite-only apps and those without profile screens are accurately included in Feature Adoption and Inventory.

Unify

• Granular Scopes & Admin Control for Delegated Access: Enhanced Consumer Access Control for Delegated Access by enabling admins to define specific user record scopes per property and refining read/write scope handling. This update ensures granular permissions, explicit restrictions, and better control via token scope settings, supporting implicit clients with a standardized naming pattern.
• New "Disabled" User Status: Added a DISABLED user status to improve identity management and account lifecycle processes. This status supports controlled deactivation and reactivation based on user activity.
• Enhanced Access for App Reviewers: Introduced a controlled mechanism to facilitate app reviews on Apple and Google Play while maintaining security standards.

General

• Next Identity Console Frontend Framework Update: Upgraded Next Identity Console to Angular 19 and updated components using the date range picker for improved performance and compatibility.

Bug Fixes

Analyze

• Integration Distribution Chart Selection Issue: Resolved an issue where the right-side panel remained empty when multiple slices had the highest percentage. The system now prioritizes Hosted Journeys, followed by Hosted Journeys & API, and API.

Operate

• Workflows List Filtering Issue: Resolved an issue where the Workflows list in the Application Management View displayed workflows from all properties instead of only those related to the selected property.

Unify

• 502 Errors in User and Authentication Endpoints: Resolved an issue where users/find, /token, and otp/send endpoints returned 502 errors, ensuring successful request processing.
• Missing UUID in Two-Factor Authentication Logs: Resolved an issue where UUID values were not included in two-factor authentication logs, ensuring accurate logging and traceability.
• Biometric Login Account Selection Issue: Resolved an issue where enabling biometrics for a second user prevented the first user from logging in via biometrics. Users can now select the correct account during biometric authentication.
• 2FA Code Rejection Issue: Resolved an issue where valid authentication codes from an auth app or email were not accepted during login, ensuring seamless authentication without requiring a page reload.
• Missing Password Prompt for Security Changes: Resolved an issue where users were not required to enter their password before changing their email or security questions, ensuring proper authentication verification.
• Google Social Login Issue: Resolved an issue where users were unable to log in via the Google button after registering through social login.
• User Search Endpoint UUID Issue: Resolved an issue where the user/find endpoint did not return the UUID value, ensuring accurate user data retrieval.