Home
Release notes
Support homeSupport requestsSystem statusTrust centerTry for free
Back to All

Lyon

November 10th, 2025

The Lyon release focuses on native app journeys and administrator usability, while also enhancing the developer experience, analytical insights, and various other platform components.

New features & enhancements

Native app journeys

Invitations for native clients

Invitations can now be sent and redeemed directly within native mobile or desktop applications. This removes the dependency on browser redirects, making first-time account setup faster and more intuitive for users on native platforms.

Password reset and account activation support for native nxperiences

Password reset and account activation links now open directly in native applications when accessed from a device with the app installed. This provides a seamless user experience without requiring a mobile browser redirect. SDK examples are available for developers to enable this functionality.

Native SDK support for WebAuthn & passkeys

Developers can now implement WebAuthn and passkeys for both primary and secondary authentication directly through the Journey Flow API. This enables passwordless sign-in and MFA flows without relying on web redirects or webviews, improving the user experience for embedded or native apps.

Minimized Journey API responses

Developers can now request that optional rendering assets be excluded from Journey API responses. This reduces unnecessary data transfer for developers who prefer full control over UI rendering.

Event Logging & Analytics

Identity verification outcomes widget

Dashboards now include widgets that visualize the outcomes of individual policy steps as well as over all policy outcomes.

Account Events – Detailed verification results

Account events now include detailed decision codes for each physical document verification and phone fraud risk evaluation. This provides administrators with greater visibility into failure reasons, improving troubleshooting and identity verification policy tuning.

Account Events – masked and unmasked targets

Events containing user contact data now include both a masked display value and a securely stored raw value for audit and debugging. This maintains data privacy while ensuring full traceability for administrators when needed.

New event tag – Forgotten username failure

A new event tag has been added for failed “forgotten username” events. Brands can now analyze failed and successful reminders to identify usability issues or detect suspicious activity.

Administration

Default language per product instance

Product instances can now be created with a custom default language—such as Canadian English or British English—instead of defaulting to U.S. English.

New language support

Added full translation and localization support for Latin American Spanish, Thai, and Turkish.

Identity store defaults

The default attribute creation strategy during identity store setup now defaults to “Only necessary.”

The previous “Default” option has been renamed to “Sample” to better indicate that it includes additional example attributes (e.g., name, address).

“Keep Me Logged In” support in password custom journey steps

The “Keep me logged in” feature is now supported within password custom journey steps, allowing developers to display and respect persistent session options inside of custom journeys.

Updated dashboard names and labels

Machine-level labels have been replaced with user-friendly names, making customer journey events easier to understand at a glance.

Other features

  • Replaced the default brand policy logo with a non-Strivacity-branded logo.
  • The administrator’s role is now displayed in the Admin Identity Store user management portal account list.

Bug fixes

We fixed issues where:

  • Impersonation reasons could exceed backend limits.
  • Toast error messages sometimes failed to display while saving hooks.
  • Adding email as an MFA authenticator in MyAccount allowed invalid email addresses, even when restricted by policy.
  • Tag-based access control caused breaks in the admin console experience.
  • Dependent fields in self-service policies were not properly disabled.
  • Drop-down UI elements occasionally rendered incorrectly.
  • A typo existed in identity verification line-type checks UI.
  • Lifecycle Event Hook ID was sometimes showing a previous ID instead of the current one.
  • Default email notification translations displayed the wrong language.
  • Some account events did not appear on click-through from the dashboard.
  • Organization display names were missing in the Organization Change API.
  • Hooks with static secrets could not be assigned to applications.
  • Invalid application client configurations were not correctly handled.
  • Notifications could sometimes be sent to disabled accounts.
  • The After Account Update hook contained an incorrect object name.
  • The logoURL fallback value was not working properly in email templates.
  • Optional consents were not shown during external login registration flows.