Released April, 2024

Dashboard

https://docs.strivacity.com/docs/dashboard-overview

Our reimagined dashboard ensures brands get the data they need to make informed decisions about how to configure the product to achieve business outcomes. In this release you will see:

• Login and registration successes, failures, and abandonment metrics as trends over time, rather than single counts
• A list of failure reasons and the screen name of step the failure occurred
• The median duration per step in a login/registration flow
• Trends over time for forgotten username request (requests vs. failures), password resets, MFA authentications and MFA registrations
• Detailed Adaptive Access statistics, showing authentication step-up, step-down, and blocking action trends
• Tracking of identity verification transactions
• Tracking of SMS and SES email resend requests
• Ability to create multiple custom dashboards
• Ability to create multiple widgets of the same metric filtered differently
• Ability to filter per-widget by dates and application clients
• Easy PDF export of dashboards

These dashboard updates come with the added benefit of having more verbose account events, including more information about failure reasons, drop-off steps, and adaptive access outcomes.

Journey builder

https://docs.strivacity.com/docs/journey-builder

We continue to add new features and capabilities to our journey builder to make it easy to drop custom journeys into our existing policy-driven configuration.

New journey steps:

• Password authentication step
• Persist data collected to the users account
• Identity verification - insert any identity verification policy workflow as a journey step and branch based on the verification outcome.

Journeys can now be launched from additional hooks

Lifecycle event hook context can now be passed to a custom journey for use in conditions.

Local variables can be collected as data input and be used in conditional statements.

Condition statements now have a preview on the condition list screen.

Email and physical address risk

https://docs.strivacity.com/docs/email-and-physical-address-risk

Fraudulent accounts can costs brands money. Account onboarding is your first line of defense against fraudsters using false information to create accounts for nefarious purposes.

Strivacity’s email and physical address risk step allows brands to evaluate information submitted during onboarding for risk signals. Higher risk accounts can either then be blocked or further vetted to ensure authenticity.

Strivacity Bridge for on-premises directories

Brands can now connect to an on premises LDAP connector to sync identities into the Strivacity identity store. Much like our Bridge for headers-based authentication, Strivacity’s Bridge for on-premises directories provides a path for organizations with legacy systems to adopt modern authentication approaches before they’ve shed their dependancies these older technologies.

Account impersonation

https://docs.strivacity.com/docs/account-impersonation

Sometimes, the easiest way for a customer service representative to help a customer is to log in on their behalf and see exactly what the customer is seeing. With Strivacity’s Account Impersonation feature, customer service can temporarily login as the customer using a time-limited access link.

Physical document verification updates

https://docs.strivacity.com/docs/document-verification

Brand admins can now map attributes captured from a physical documents into native claims, allowing storage of that information in the user’s account, which can improve the customer onboarding experience.

Support for Web Application Firewalls

Brands can now put their own web application firewall in front of the Strivacity product to augment Strivacity security features and provide deeper control over access to the Strivacity product.

Account events updates

https://docs.strivacity.com/docs/account-events

More Account Event detail

Account events now contain:

• Adaptive MFA results
• Account locks that appear as failed authentications
• Information received from external identity providers

Organization admin portal

https://docs.strivacity.com/docs/delegated-administration

B2B administrators can now view per-user account events so B2B administrators can monitor access and troubleshoot issues.

Clear session of account after admin delete

Now when an administrator deletes an account, the users sessions are cleared automatically, ensuring deleted accounts lose access immediately after deletion.

External login provider experiences

We’ve added external login buttons to the password screen so the external identity users can quickly login if they have a remember account

We’ve also added a pre-external registration hook to allow customization and orchestration during external login registrations

Developer experience

We’ve added character counters to all IDEs so developers can keep an eye on their character limits for code editors

You can also now view a 10 minute/5000 line subset of lifecycle event hook logs by specifying a time stamp at the time of the log request.

Email sender address override for admin console notifications

You can now override the local-part of the sender email address for admin notifications.

Token lifespan and type configuration for OIDC clients

Each application client can now have its own, configurable, refresh, ID, and access token lifespans. You can also choose whether the access token format is opaque or uses JWT.

Other stories

• Support for failover SMS/Telephony providers
• Alphabetical organization and group ordering
• Deploy "Password requirements indicator" as a default setting
• Small table performance optimizations
• Updated default Adaptive Access policy setting
• Added monthly query option for existing statistic APIS
• Custom upstream server path for bridge clients
• Detect blocked cookies in login page

Released January, 2024

Journey builder

A journey starts with a single step. 

We are pleased to announce the initial release of Journey Builder, a hub and spoke graphical interface that lets you design and implement custom sign-in, sign-up, and self-service journeys. This feature enhances the existing policy-driven configuration by dropping custom journeys into various parts of the existing workflows.

The initial release includes:

• Ability to define the following types of journey steps:
  • Inputs - a native-claim-driven data collector step, for setting up multi-step registrations. This also supports displaying custom HTML in a journey step.
  • Conditions - a rule builder to perform conditional branching based on the value of native claims
  • MFA authentication - add an MFA step that maps to an existing adaptive access policy
• Build multiple journeys
• Trigger journey via lifecycle event hooks

Faster account searching with the ability narrow results via filtering

We’ve updated and optimized our user data stores to support faster and more flexible searches. Expect to see:

• Account filtering speed increase
• Filtering on multiple fields to further narrow searches for accounts
• Ability to filter accounts by created and last-login dates

Improved phone input field

We’ve updated our phone number input field to better support international phone number usability for all browsers and platforms.

New passcode input option

Our one-time passcode component now supports an additional segmented digit view, allowing you to make that authentication step just a bit more pleasant for your customers.

Email sender domain override 

If you use your own SMTP server with Strivacity, you can now override the email domain with a custom value.

Organization portal customization 

We’ve added features to make it easy to modify your customer service representatives' view into your customer’s accounts. Hiding and showing identity store attributes, as well as conditional invite forms are now possible.

Search all users in a organization hierarchy branch

For orgnization structures that have the unique identifier setting enabled, organization admin can now do a single search for accounts across all of the organizations in the hierarchy they have administrative rights for. 

Password change Lifecycle Event Hook

Developers can now write code that triggers after a user’s password has been changed. This can be used to sync passwords to an external identity store. 

Support for login hints for SAML clients

We now allow SAML clients to consume OIDC-style login hints. This facilitates sending various parameters from a brand’s web portal to the login and registration flow. These parameters can then be used to alter the customer journey in many useful ways. Welcome to the party, SAML!

Simplified login API

We've introduced a streamlined authentication solution with our new client type, OAuth2/OIDC - Simplified. This feature offers simplified access via API, supporting password authentication exclusively.

Other stories

• Added NameID from authentication results to external metadata
• Introduced a maximum password length

Released September, 2023

Password history, age limits, and sequential characters

https://docs.strivacity.com/docs/password-quality-settings#password-history
Strivacity now allows you to add password history, age limits, and sequential character restrictions to your password policy to ensure brands keep compliant with their internal security policies.

Account lockout

https://docs.strivacity.com/docs/account-lockout
A customer’s account can now be locked automatically based upon a configured number of failed login attempts. Locked accounts can be re-enabled by customer support via the Account Management feature or via API.

Password strength indicator

Brand administrators can now provide their customers real-time visibility into password requirements as they are typing their password.

Support for different password hashing algorithms

We’ve introduced flexibility in password hashing methods, allowing administrators to specify alternatives. Supported methods include Argon2, bcrypt, and more. Our identity store service offers a standard hashing option, with administrators able to set a "current" method. During validation, if the stored method differs, the authenticator is updated accordingly to the new method. 

Single logout support for SAML 2

Brands can now implement both IdP (identity provider) initiated and SP (service provider) initiated single log-out for in SAML 2 clients.

New identifier configuration options

Our identity stores now support granular controls for username and email identifiers. With this feature you can easily migrate and support legacy username identities while at the same time require new accounts to register with email addresses. 

Localization language selection updates

https://docs.strivacity.com/docs/translations#display-language-precedence
We now support different methods of determining which localized language is shown to the user, including specifying the language preference coming from the brand portal via login hints.

Lifecycle event hook updates

• Added Organization and Group context into the After Failed Identification and Pre-Registration Lifecycle Event Hooks
• The Before ID Token Generation hook can now add custom values into the access token

Organization support enhancements

We now include more information about organization inside of the LifeCycle Event Hook context, including the customer’s organization membership and the organizational roles assigned.

Other stories

• Geo-location selection improvements in adaptive rules
• Support for message-level encryption for external login providers
• Ability to enroll email MFA via magic link
• Audit log entries for translation-related actions
• Seamless Lifecycle Event Hook assign/unassign
• Allow "&" character for brand names in the brand policy
• New hook to customize SAML assertions
• Expose last login information to Lifecycle Event Hook contexts
• Increase invite link max age to 30 days
• Increase the max "Keep me logged in" session length to a full 2 years
• Added minute precision for the "Session inactivity timeout" setting

Released April, 2023

Organization management

Strivacity’s improved organization management capabilities allow you to provide unique sign-in and sign-up journeys to specific populations of customers. And, as usual, we do it in a way that provides a high amount of flexibility using no-code configurations. This allows brands to support many B2B and B2B2C use cases, including offering enterprise SSO to your business customer or white-labeling your product to other vendors. We now support the ability for multiple organizations to log into multiple application clients, creating even more flexibility and ease of configuration for your complex situations.

Document verification

Is KYC (know your customer) on your list of requirements? Need to establish a high level of assurance that your prospective customer is who they say they are? We now offer native support for document verification, which requires prospective customers to prove their identity using a drivers license or passport. Again, we do all the heavy lifting for you here, including managing the relationship with the ID verification vendor and providing hosted components for all of the verification journeys. All achieved using our low-code, configuration-first approach.

Conditional notification content

Have a welcome email that needs to be personalized for a specific user segment? We have the solution for you: conditional notification content. You can now put conditional logic (IFs, ELSEs, etc.) into notification templates that key off native claims or group memberships, allowing you to put that special touch on each notification you send to your customers.

Multi-factor authentication enhancements

Does your customer only have one MFA method registered? Then why are you asking them to choose an MFA method when signing in? Oh right, we didn't support that before. Now we do!
Want to give your users more options for MFA? You can now show both mandatory and optional methods of MFA during the sign-up process.
We've also added MFA capabilities for external login providers, so you can add multi-factor authentication to enterprise and/or social logins.

Identity store-based access control

We've amped up our brand administrator role-based access control (RBAC) to include restriction of access to specific identity stores. This can come in handy if you have to restrict user management between multiple business units. We also made the RBAC controls a bit easier to use by grouping related permissions together.

OIDC backchannel logout

When you absolutely, positively, have to make sure that session has been killed. OIDC backchannel logout informs your brand portal when a session has been revoked, whether that session has been invalided by an administrator or by the customer themselves. You'll have to do a little work on your brand portal to make it work, but trust us: you'll be glad you did.

Keep me logged in and remember my device available during registration

You can now offer "remember my device" and "keep me logged in" during the registration process ensuring that sign-ups have the least amount of friction possible. It's like seamless, only with less seams.

Social account linking during login

Did your customer sign up for your service with an email address associated with one of their social accounts? Now, if they try to use the social login button to log in, you can offer to link the social and local account together instead of asking them to create a new account.

Language support

• Localize all of your custom admin console content, including notifications, consents, custom attribute display names and error messages, identity verification content, and brand policy additional text
• Ensure customers get the right language experience
• Admin can select language when inviting or creating a new customer
• Customer’s can select their language preference during login, registration, and when using the my account portal. That preference is stored in the account record and used to determine which language version to show to the user in customer journey steps and in notifications

SMTP/Email servers

Brands can either use Strivacity’s built in SMTP server, or configure their own enterprise SMTP server to send email notifications

New admin console design and navigation

• New visual design
• Better usability
• Better use of white space - full width screens, multi-column layouts, collapsable left navigation
• Updated navigation - better categorization of menu items
• Split up long configuration pages into smaller chunks

Custom favicon support

Add a custom favicon to a brand policy

Organizations

• Provide a different customer journey to a use based upon membership in an organization
• Allow for self-service creation of organizations
• Support B2B and B2C customers accessing the same application

Multi-stage registration hook

• Break up registration flows into multiple steps
• Provide different steps based on information gathered during registration

External login for admin console

• You can use your own enterprise log in to the Strivacity admin console

Released: February, 2023

Strivacity’s newest product release, version Kyiv, introduces additional support for complex B2B use-cases, new identity verification methods, and many other improvements that make delivering forgettable sign-in and sign-up journeys for your customers a snap.

Enhanced organization management

Strivacity’s improved organization management capabilities allow you to provide unique sign-in and sign-up journeys to specific populations of customers. And, as usual, we do it in a way that provides a high amount of flexibility using no-code configurations. This allows brands to support many B2B and B2B2C use cases, including offering enterprise SSO to your business customer or white-labling your product to other vendors. We now support the ability for multiple organizations to log into multiple application clients, creating even more flixibility and ease of configuration for your complex situations.

Document verification

Is KYC (know your customer) on your list of requirements? Need to establish a high level of assurance that your prospective customer is who they say they are? We now offer native support for document verification, which requires prospective customers to prove their identity using a drivers license or passport. Again, we do all the heavy lifting for you here, including managing the relationship with the ID verification vendor and providing hosted components for all of the verification journeys. All achieved using our low-code, configuration-first approach.

Conditional notification content

Have a welcome email that needs to be personalized for a specific user segment? We have the solution for you: conditional notification content. You can now put conditional logic (IFs, ELSEs, etc.) into notification templates that key off native claims or group memberships, allowing you to put that special touch on each notification you send to your customers.

Multi-factor authentication enhancements

Does your customer only have one MFA method registered? Then why are you asking them to choose an MFA method when signing in? Oh right, we didn't support that before. Now we do!

Want to give your users more options for MFA? You can now show both mandatory and optional methods of MFA during the sign-up process.

We've also added MFA capabilities for external login providers, so you can add multi-factor authentication to enterprise and/or social logins.

Identity store-based access control

We've amped up our brand administrator role-based access control (RBAC) to include restriction of access to specific identity stores. This can come in handy if you have to restrict user management between multiple business units. We also made the RBAC controls a bit easier to use by grouping related permissions together.

OIDC backchannel logout

When you absolutely, positively, have to make sure that session has been killed. OIDC backchannel logout informs your brand portal when a session has been revoked, whether that session has been invalided by an administrator or by the customer themselves. You'll have to do a little work on your brand portal to make it work, but trust us: you'll be glad you did.

Keep me logged in and remember my device available during registration

You can now offer "remember my device" and "keep me logged in" during the registration process ensuring that sign-ups have the least amount of friction possible. Its like seamless, only with less seams.

Social account linking during login

Did your customer sign up for your service with an email address associated with one of their social accounts? Now, if they try to use the social login button to log in, you can offer to link the social and local account together instead of asking them to create a new account.

Resolved issues

Released: May, 2022

The Vienna release is our largest release yet. It combines industry standard identity affirmation features, sophisticated fraud detection and mitigation, and bleeding edge FIDO-based authentication protocols. We also continue our “clicks not code” approach with a visual brand editor as well as an expanded list of pre-canned integrations with social, identity, and analytic providers. We’ve also made it easier for your customers to integrate their social login accounts, reset their password without an email address, and launch the applications they have access to right from the My Account portal.

There is a lot to cover, so let’s get started.

Identity verification

It is important to know your customers are who they say they are. This can greatly reduce the level of fraudulent transactions to your service and keep your customer’s accounts safe.

We make this easy by integrating with 3rd party phone carrier providers and credit agencies while offering pain-free registration workflows that make it easy for a customer to verify their identity.

In the Vienna release, we implement a highly configurable customer journey builder that allows you to control your customer’s experience when verifying their identity. You have full control over what your customers see, how their data is collected, which verification techniques are used, and how the customer is handled if they fail to verify their identity. Balancing registration friction and fraud prevention has never been easier.

See: Identity verification

Fraud detection

No one wants fraudulent activity to occur on their platform. Fraud risks your customer’s accounts and your brand’s reputation. We make it easy by providing out-of-the-box fraud mitigation tools that reduce the risk of your brand becoming a headline.

Bot detection

Our Vienna release adds an IP-based bot detection feed to stop consumer bots in their tracks. We’ve also added network analysis, allowing you to block or step-up connections that come from Tor or other anonymous proxies.

See: Bot detection

Phone fraud

We can also detect if a phone number being used as an authenticator has been recently ported or is associated with VoIP phone types that are often used by scammers.

See: Phone fraud documentation.

Improbable travel

Can you travel faster than a commercial airline? If you can, you might be a bad actor. We can compare the time and location of recent logins and determine that traveling that far in that amount of time would be…well…improbable. You can then configure the system to require MFA on the questionable authentication to reduce the risk of fraudulent activity.

See: Adaptive rules: an overview

Behavior analytics

Finally, we can check a customer’s login time, day, and location and compare that to past behaviors to determine whether to require MFA for that customer. This makes your customer’s normal login behavior as friction-free as possible while maintaining the security everybody expects.

See: Adaptive rules: an overview

Adaptive MFA

FIDO2

We continue to our list of authenticator options to ensure your customers have an easy and safe authentication experience. In this release, we’ve added support for FIDO2 platform and roaming authenticators. Your customers can now access your site using their face or fingerprint from a mobile or desktop/laptop device. Security has never been easier!

See: Multi-factor methods: an overview

Mobile SDK

We are also expanding that authentication and biometric support to your brand’s iOS and Android mobile app. When you integrate our new mobile SDK into your brand’s app, you allow customers to quickly and securely authenticate across all the platforms your brand live.

See: Mobile SDK overview

Visualize your brand with our brand policy visualizer

Getting that pixel perfect representation of your brand in a 3rd party service can be cumbersome and time consuming. Strivacity’s new visual brand editor makes this process a snap. Our editor shows you each piece of the customer journey and allows you to make real-time updates to the experience. When you change a color, you instantly see the effects of that change. No more going back and forth between the admin UI and a test customer account trying to get the experience just right. You’ll have confidence the changes you made are the right ones because you’ll see the changes right when you make them.

See: Using your logos and color schemes

Plugin library

We’ve moved our Lifecycle Event hook repository to a new place in the Admin Console. We’ve created a plugin library where you can now find off-the-shelf event hook templates that allow you to

• improve existing customer lifecycle capabilities,
• customize features,
• or integrate with external systems.

See: Setup and manage lifecycle event hooks

Integrations

More clicks, less code. That’s our mantra. We introduce a slew of new integrations in our admin experience to make 3rd party support super easy.

In the Vienna release we now natively support:

Identity providers

• Azure Active Directory
• PingFederate
• Okta

Passwordless vendors

• HYPR
• Transmit BindID

Web analytics

• Google Analytics
• Google Tag Manager
• Amplitude
• Mixpanel

Social logins

• LinkedIn
• Amazon
• Apple

Your customer’s experience, only better

Your customer’s success is our success. We do whatever we can to make your customer’s experience easier and more secure.

Password reset via phone

We now support resetting your password without the need of an email address. If a customer has a valid phone authenticator, they can now use it to reset their password.

See: Password reset

Application launcher

If you have multiple apps that a customer can access, they can now see the applications they have access to and launch them right from the My Account portal.

See: Application launcher

Account registration via invitation

Administrators can now send an email invite to a customer (or another administrator) to sign up for an account.

See: Customer invitation
See: Inviting administrative accounts

But wait, there’s more!

There are too many great features to wax poetic about, but you can also look forward to:

• Consent versioning
• Remembered users can skip the identifier screen if only one session exists
• Application specific paths so customers can bookmark your login page
• Group membership restrictions for access to applications
• Expanded account event capabilities, allowing admins to get better insights into what happens when a customer creates an account and signs in.
• Added localization support for 🇫🇮Finnish and 🇺🇦Ukrainian

Resolved issues

Released: January, 2022

The Prague release of Strivacity Fusion is packed with features that make you and your customers more secure— without sacrificing great customer experience. We’ve also thrown in great experience improvements in our administration console for brand administrators and customer support personnel.

Here is what you can expect from our Prague release:

Security updates

In Prague, we implemented the following features to continue our mission to keep your applications and your customers secure.

Breached password analysis

We implemented Breached Password Analysis to help mitigate against customers who use passwords that have been leaked by a security breach.

When turned on this feature analyzes the password customers enter during registration, password changes, or password resets, and compares it to a database of known breached passwords. If the password is on this list, the user is prevented from using that password. This keeps both you and your brand safe from this particular attack vector.

Multi-factor enrollment at registration and login

Next to bad password practices, the single best way to protect customer accounts against malicious activity is to require multi-factor authentication for logins. Brand administrators can now require customers to enroll in multi-factor authentication during login or the account registration process. And, we’ve done the work to make it as easy as possible for your customers to successfully add their phone number, email address, or a soft-token during as authenticators.

Enhanced Adaptive Authentication Policy rules

We added additional adaptive authentication policy rules to help you further secure your applications and customers. These rules provide you with tools to determine the risk level of a login or registration attempt and define an appropriate action depending on that risk.

In Prague we have added the ability to block, require a second factor (step up), or allow access with no second factor (step down) based on and IP address range and a geo-location.

Customer journey improvements

Security and usability are not mutually exclusive. You can have your cake AND eat it too. Here is how we’ve made your customer’s experience better

Domain-bound passcode tokens in text messages

We’ve updated our standard text message templates to include domain-bound passcode tokens. This helps ensure that passcodes from text messages are available for autofill on all devices that support this.

Date picker options

Not all date input methods are alike. Some are better for picking a recent date and other are best for entering a known date that is far in advance. Now you can determine the best date input method for the context when setting up an attribute in an identity store. Entering a known date such as a birthdate is now much easier for your customers.

Improvements for you, the brand administrator

Import/export/copy policies

Need to duplicate a policy configuration? Hate copying and pasting? We have you covered. You can now simply duplicate an existing policy and save the configurations you need and change the ones you don’t. You can also export a policy configuration and import it into the same or different Strivacity cluster.

Account activity logs in the account lookup

Looking up a user? Want to know what they’ve been up to? Tired of navigating back and forth between the account activity logs and the account page? Me too. Now you don’t have to. All of the account activity logs associated with a customer are available in a tab right next to the customer’s account information.

Additional account events

In addition to making account events easier to find for customers, we’ve added additional events to give you more information about what is happening when a customer is registering and logging in.

Resolved Issues

The following are a list of bugs we fixed that you might be interested in.

Released: November, 2021

New Features:

Admin Console Enhancements

We make it easy to define your customers' experiences in a no-code or low-code fashion. Here are some ways we've made that even easier:

• You can now disable local login and registration to limit your customers to social or external providers when logging into your applications
• You can easily see if a notification template is enabled, disabled, or has been customized right from the notification list under the notifications template settings
• We've added a confirmation step to critical configuration changes that could break your customers' experiences
• You can now map claims coming from external login providers to the Strivacity Fusion username
• We've added a configuration that will forward a customer to an external login without them having to click on the external provider during login
• You can now render a native claim into the Name ID field in a SAML configuration
• You can now hide attributes from the admin UI that are only used in Lifecycle Event Hooks
• We've added common work-related attributes to the default identity store, including Job Title, Department, and Company

Enhanced Dashboard and Reporting

The Admin Console dashboard now includes the following enhancements, making data visualization and reporting easier for your customer facing applications:

• Filter dashboard results by any individual customer facing application
• Filter dashboard results based upon a custom date and time range, with timezone selection
• Any time you return to your dashboard, you'll find filters just the way you left them— we save your filter settings for the next time you come back to view statistics
• Export dashboard widget results to a CSV file with the ability to filter by application, date interval, and time resolution
• We've added tracking for monthly active users (Active Accounts), so you can track how fully you are utilizing your CIAM spend

Progressive Profiling

Take your progressive data collection strategy to the next level using Progressive Profiling. This allows you to choose additional attributes and account information to request during a customer's next login.

Additional account information requested via Progression Profiling can and can be:

• Stored as custom attribute for a customer account within the Strivacity Identity Store
• Used with any claim mapping for synchronization with other applications and other Identity Providers (IdPs)
• Synchronized to third party systems during any event in the customer account lifecycle, using Lifecycle Event Hooks

You can also add custom text to progressive profiling experiences, allowing you to control the message going to your customers.

Request New or Updated Consents at Login

Customers can now be prompted at login to agree to new consents, or re-certify any existing consents. This is useful if:

• You wish to ask a customer whether they will consider agreeing to a new consent, such as an email opt-in or other mail-based subscription
• You wish to ask a customer to re-attest to an existing consent

New or updated consents can then be synchronized to any third party data stores or existing Consent Management Platform (CMP).

Login and Registration Workflow

Your customer's experience is our top priority. To ensure they continue to get all of the identity love they deserve, we have:

• Updated our login, registration, and account management pages to support auto-fill information from browsers and password managers
• Added the ability to resend a magic link from the waiting-for-magic-link-response page

Account Management Enhancements

This release contains a number of new capabilities to make it easier for customer service personnel to assist your customers. From within the Admin Console, you can now:

• Have customer service initiate a password reset email with a secure link from the admin console so your customers can self-service reset their password
• Easily view the last login date/time and the date/time on when the account was last modified
• View IP address and the geo-location information associated with your customer's current session
• Speed up the search for customer accounts by designating account attributes to index on
• Provide a friendly URL for self-service that is defined by you and easily shared to a customer over a phone call
• Have customer service add an email address or phone number as an authenticator to any customer account
• Hide the Dashboard from your customer service personnel so they can easily get to the functionality they need to support your customers
• Have customer service pick the appropriate branding to use when sending customers notifications of changes to their account

Branding

We are always looking for ways to make it easier to present your unique brand to your customers. You want flexibility and ease of use. In this release we have added:

• Ability to add your company's logo and primary brand colors to notification emails
• Added a set of commonly used CSS variables to the advanced CSS editor

Accessibility

We want all of your customers to have a great experience, regardless of accessibility needs. In this release, we added various accessibility fixes to ensure our customer facing pages follow the latest accessibility guidelines, including:

• Adding skip navigation to the my account experience
• Updating HTML markup to better support a browser's accessibility features
• Making HTML element focus changes behave more intuitively

Internationalization

All of our customer facing experiences now support the following languages:

• English
• French
• German
• Hungarian
• Italian
• Portuguese
• Spanish

Lifecycle Event Hook Updates

Lifecycle Event Hooks make it easy to add customizations and integrations to Strivacity Fusion without having to host your code somewhere else. In the release we've added additional capabilities, development optimizations, and security improvements.

Additional Capabilities

• You can now trigger an external event or fetch data from an external system after a customer has provided their identifier (email address or username) and before they are asked for any authenticator
• We've also made location data accessible to event hook code to allow you to make location based decisions in your login and registration flows

Development Optimizations

• The power and value of event hooks have exceeded our original expectations, outgrowing their tiny genie lamp. So, we granted an additional wish and made that lamp bigger by increasing the maximum size of an event hook to 256k.
• We've also made your event hook genie faster, and significantly decreased the amount of time to see if your wishes have come true, by increasing the speed of event hook deployment
• We've added the ability to access the last 10 minutes of event hook production logs from the admin UI
• You can now monitor the deployment status of each event hook on the Lifecycle Event Hooks page.

Security Improvements

• We have increased the security of event hooks by providing a callback URL with an expected state value that all supportable hooks can use in the future
• We also implemented an additional endpoint for pre-Las Vegas release event hooks that accepts connections without the state parameter, ensuring your existing event hook implementation does not break

We encourage all event hook authors to evaluate their existing hooks to take advantage of this enhanced security.

API Security

Strivacity API Security provides a centralized service for all authentication to your homegrown or customer facing APIs. API Security can:

• Ensure only approved applications can access your data and service
• Authenticate calling applications and generate tokens that are passed to your APIs
• Verify tokens that you receive from calling applications that use your APIs
• Turn-off interactive logins on API-only applications

Attack Protection

We make it harder for malicious actors to compromise your customer's accounts. A few ways we provide this protection:

• We detect when an attacker tries to login into an account too many times using a bad password or MFA authenticator and we terminate their session
• We also detect when an attacker from a single IP address tries to perform account related actions too many times resulting in a termination of their session.

Resolved Issues

Released: June, 2021

New Features:

Lifecycle Event Hooks

Lifecycle Event Hooks (LEH) provides a complete integration capability so that you can can integrate your customer facing applications with any other homegrown systems or 3rd-party products that you may own, such as CRM or Marketing Hubs. With Lifecycle Event Hooks you can;

• Take Fine Grained Control of the Customer Lifecycle
• Migrate or Synchronize Customer Profile Data
• Automate and Trigger Events Externally
• Consume Threat Information From Any Source

Claim Dialects

Claim Dialects provide the ability to map native customer attributes in an Identity Store to OIDC claims. Claims can be assigned on an application by application basis.

Social Login Claim Mappings

In addition for OIDC Claim Dialects, admins can now manage claim mappings for any social login providers, providing full control over the scope of what customer account information is synchronized and stored from social platforms with Fusion and any other Fusion integration applications, like CRM.

Updated Regional Availability

Strivacity Fusion is now deployed and able to provide data sovereignty in Seoul, South Korea.

Identity Store Attribute/Schema Management

The Strivacity Identity Store now has a fully extensible schema, providing administrators the ability to easily add or modify an attribute for a customer account or group.

Enterprise OIDC and OAuth2 Identity Provider (IdP) Support

Fusion now supports the ability to add any enterprise OIDC or OAuth2 provider, supporting SP-initiated Inbound Federation using an external identity provider.

Enterprise SAML Identity Provider (IdP) Support

Fusion now supports the ability to add any enterprise SAML provider, supporting SP-initiated Inbound Federation using an external SAML identity provider.

Role-based Access Control

The Fusion Admin Console now includes Role-based Access Control so that brands can setup their own roles and rights to achieve a least-privilege approach to managing their CIAM configuration and appropriate separation of duties.

Google Authenticator and Soft-token Support

Google Authenticator and other Soft-token applications are now supported as Multi-factor Authentication Methods.

Voice Call Passcode

Passcodes via a voice call is now a supported Multi-factor Authentication method, so customers can receive passcodes via voice to either a mobile or landline number.

Group Management

Administrators can now easily manage static Group membership using Identities and Groups within the Admin Console.

Support for Multiple Custom Domain Names

Additional flexibility for custom domains (vanity URLs) is now provided. Brands can not only choose want DNS domain is used for their Fusion instance (e.g. login.yourdomain.com), but DNS domains can now be configured and chosen on an application-by-application basis. This provides full flexibility for customers that may support multiple brands and have multiple DNS domains.

Customer Notification Improvements

The following general improvements/additions have been made to Customer Email Notifications:

• Customer Notification Email's can now be individually enabled or disabled within a Notification policy providing greater flexibility on how brands would like to communicate with customers
• An additional notification Email has been added to notify customers as they opt in or opt out of any Consents. This gives brands the ability to better notify customers based on their consent wishes
• An additional notification Email has been added to notify customers based on any account updates, such as changing their name or updating their address details.
• The sender address can now be defined on a per-Notification policy basis.

Resolved Issues:

Released: October, 2020

New Features:

Extended Regional Availability

Strivacity Fusion is now deployed and providing data sovereignty in the following additional countries: Australia, Canada, Germany, Ireland and the United Kingdom.

ServiceNow - Customer Service Management Integration

Strivacity Fusion now supports integration with ServiceNow's Paris Release - so you can extend your ServiceNow Customer Service Management (CSM) using all of the functionality of Fusion.

Social Login Support (with Customer Data Handling)

Strivacity Fusion now provides self-service registration and login for customers using Facebook, Google, Twitter, Github, and Microsoft Logins. Fusion can now use the authentication and authorization services from these social providers and can also synchronize and store customer social attributes within the Strivacity Identity Store.

Consent Management

Strivacity Fusion now includes Consent Management which makes it easy for to add option or mandatory opt in or opt out consents to the customer registration process. Fusion then stores receipts for those consents so that admins can see when they were granted and when they were revoked.

Customers can then use Self-Service Account Management to manage those consents as they wish to opt in or opt out.

Anonymous Visitor and Consent API

Strivacity Fusion now has an Anonymous Visitor API that can create, update, get and delete anonymous visitor information and create, update, get and delete consents associated with anonymous visitors.

Dashboard Updates

The dashboard now has new widgets that show the number of social logins (by provider), the number of social registrations (by provider), consents granted/revoked, and total number of anonymous visitors (to a web application).

Add and Manage Additional Identity Stores

You can now add and manage additional instances of the Strivacity Identity Store (Fusion's own built-in identity store). As an example, this is useful if for example you wanted to use Fusion to manage multiple applications and each application uses its own separate and isolated identity store.

Customize SMS Wording and Alpha Tags

You can now add custom wording to the SMS notifications for Multi-Factor Authentication (and enrollment) and request Alpha Tags for SMS messages (supported by most carriers in most countries).

Session Management

Both administrators and customers can now view and terminate sessions within the admin console or Self-Service account management. Both roles can now viewing the browser type, the geographic location and the IP address from where the session originated and end the session if required.