The Seoul release introduces major platform capabilities focused on extensibility, developer flexibility, and improved operational visibility, along with the general availability of AI Assist.

This release includes changes that may impact your Strivacity deployment. See Important notes for details.

New features and enhancements

AI Assist

AI Assist is now available to all customers.

LLM-powered, chat-based assistance directly in the Admin Console
Trained on Strivacity documentation and APIs
Enables faster access to product knowledge and guidance
No customer data is used in training or query processing

Identity and data model

Complex attributes

You can now define structured and multi-valued attributes in identity stores.

Support for nested and repeatable data (for example, multiple addresses or account numbers)
Enables richer customer profiles and flexible data modeling
Supports advanced use cases such as preferences and metadata
Improves extensibility for evolving requirements

Token and authorization

Token exchange

Token exchange is available to all customers, enabling the secure exchange of tokens across systems and applications.

Modify scopes during exchange
Target different audiences (resource servers)
Enrich or transform claims
Support delegation (act_as) and impersonation (may_act) scenarios

Access token customization

You can now add custom data to the root level of the access token.

Enables direct inclusion of custom claims without using the ext object
Configured using the “Before ID token generation” hook

Event visibility and debugging

Account event experience overhaul

The account event experience has been redesigned for improved usability. The updated UI structure and navigation patterns are also applied to audit logs and hook logs, providing a more consistent investigation experience across log views.

Clear step-by-step progression of authentication journeys
Improved visibility into API calls and responses
Easier navigation to failed events
Enhanced JSON viewer for debugging

Account event replay

You can now replay customer journeys for troubleshooting and analysis.

Visualize the exact steps experienced by a customer
Step through each screen with PII masking
Preview journeys in the branding editor
Currently available in developer mode

Admin Console usability

Cross-entity navigation and contextual filtering

The Admin Console now provides improved navigation between related configuration entities.

Navigate directly to related entities such as applications, policies, hooks, and groups
Apply filters automatically when navigating between views to preserve context
Access related entity identifiers without leaving the current view

Provisioning and integrations

Outbound provisioning (Build 1)

Initial support for outbound provisioning is now available.

Automatically synchronize users to downstream systems
Define rules that trigger actions based on account changes
Supports integration with systems such as CRMs and ERPs

Other enhancements

Support for importing hashed passwords via the Create Account API
Verified email addresses and phone numbers are now indicated in the ID token
Brand policy enhancements for masked input fields
Ability to pass generic parameters to external login providers
Configure a display name for system-generated email notifications in the Notification policy, displayed alongside the sender address

Bug fixes

We fixed issues where:

Hook management and execution were unstable
MFA enrollment passcode messages were not properly translated
Back-channel logout could be configured with invalid local addresses
Biometric authenticator creation failed in My Account
Admin UI was not scrollable on mobile devices
Password lockout failed for accounts without passwords
Identity verification dashboard widgets could break after policy changes
Security headers interfered with Admin Console validation
Disabling translations was not working
Phone identifier could not be set as mandatory
Bulk invitation exceeding the invitee count gave a wrong result
Organization portal was handling manual verification improperly
Organization portal would crash when attempting to change an accounts password
Organization portal would not allow account creation
Name filter on the Admin Console did not reset the search input after clicking clear

Important notes

This release includes updates to token handling and hook behavior. While most changes are backward compatible, some configurations may require review.

“Before ID token generation” hook changes

A new AdditionalTokenData structure simplifies claim handling.
Root-level access token claims are now supported.

Impact:

No action is required by default (fully backward compatible).
If adopting the new structure:
- Replace the previous class with AdditionalTokenData
- Use access_token_claims instead of access_token_ext
- Wrap claims in ext if maintaining current behavior

Back-channel logout restriction

Product instance internal addresses can no longer be used as back-channel logout endpoints.

🚧
Please review custom hooks and logout configurations before upgrading.

Deprecations

Attribute hook-based JavaScript execution

Attribute hook-based JavaScript execution is now deprecated. This change is part of ongoing improvements to platform security, maintainability, and future extensibility of attribute-related features.

This capability will remain available in the Seoul release and the following release, and will be fully removed in the Q4 release.

Developers using this feature should begin migrating away from attribute hook-based JavaScript execution and use Brand Policies to host your code instead.