The Madrid release introduces powerful new features and enhancements—particularly around Strivacity dashboards—that make it easier than ever to monitor, analyze, and act on your identity data.
Important: This release includes breaking changes affecting:
- Consent translations
- Adaptive Access policy configuration
- Legacy hook log endpoints
- Social and external login provider claim updating behavoirs (build 1)
Please check with your Customer Success representative before upgrading.
New Features & Enhancements
Dashboard Click-Throughs to Account Events
Your Strivacity dashboard just got more interactive. Certain dashboard widgets now allow you to click directly into the events behind the metrics—giving you instant visibility into the activity driving your graphs.
New Dashboard Templates
To help you get started faster, we’ve added new pre-built dashboard templates for:
- A/B testing
- Consent acceptance
- On-premises components
Dashboard Widget Browser Improvements
Our library of dashboard widgets keeps expanding! To make navigation easier, you can now search for widgets by name and quickly find the metrics you need.
Stacked Bar Charts
You now have a new way to compare metrics over time. Stacked bar charts make it simple to visualize multi-metric comparisons—such as login successes, failures, and abandonments—within a single view.
Hook Execution Dashboard Widget
Track performance like never before. The new Hook Execution widget helps developers measure orchestration response times as well as providing visibility into unhandled exceptions and hook errors that occur during hook execution. All of this to ensure your Lifecycle Event Hooks run smoothly.
Configure Temporary and Permanent Lockouts
We’ve made brute-force protection more flexible. With the Adaptive Access policy, you can now independently configure temporary and permanent lockout thresholds for both passwords and one-time passcodes.
Expanded Before ID Token Generation Hook
Developers now have more power when working with tokens. The Before ID Token Generation hook can: add or adjust token scopes
Event log streaming improvements
Lifecycle Event Hook log streaming (build 1)
In addition to Account Events and Audit Logs, you can now stream Lifecycle Event Hook logs to any of our supported streaming integrations.
Streaming to generic HTTP endpoints (build 1)
In addition to named vendor integrations, Strivacity now support streaming all of our event stream types to a generic HTTP REST API endpoint for custom streaming integrations.
Support for native flows JavaScript SDKs (build 1)
We’ve updated our CORS security policy settings to allow for our Native JavaSCript SDKs to run in a more secure posture, making insecure CORS settings unnecessary for SDK usage.
Other Updates
- Added SessionIndex GUID to SAML assertions
- Expanded documentation for managing email and phone authenticators via the My Account Portal APIs
- Introduced a new Account Management API endpoint to change or remove organization assignments from an account
Bug Fixes
We fixed issues where:
- The back-to-login link did not pick up the acr_value from session start
- Custom telephony providers failed if the Strivacity default provider wasn’t enabled
- The password requirements indicator didn’t handle Unicode lowercase letters
- Password length wasn’t displayed properly in some cases
- Adaptive Access policy didn’t include custom MFA configurations
- Consents didn’t always render in the correct translation
- The native SDK incorrectly fell back to web views in some scenarios
- Password quality policy wasn’t listed in the admin console’s identity store view
- The Before Authenticator Enrollment hook template missed required callback parameters
- A/B testing evaluated usernames as case-sensitive
- Tags containing underscores (_) weren’t always searchable
- The My Account API endpoint didn’t return maxLength or restrictedCharacters fields
- An incorrect error response was returned on the account event endpoint when an incorrect customer IP address was invalid (build 1)
- Passkeys were not always configurable in the adaptive access policy when a password-only journey was configured (build 1)
- An application with a configured A/B testing variant could not be deleted (build 1)
Account lockout was not working for LDAP users (build 1) - Policy tag color handling validation did not work in some cases (build 1)
Incorrect helper text was included in the brute-force protections tab of adaptive access policies (build 1) - Fixed an issue where overriding a null attributed synced from the directory connector was not working properly (build 1)
- Authenticator with the same email, but different character casing, could be added to an account (build 1)
A journey custom code step is created with invalid policy tag when the journey was updated (build 1)