Madrid

The Madrid release introduces powerful new features and enhancements—particularly around Strivacity dashboards—that make it easier than ever to monitor, analyze, and act on your identity data.

Important: This release includes breaking changes affecting:

  • Consent translations
  • Adaptive Access policy configuration
  • Legacy hook log endpoints

Please check with your Customer Success representative before upgrading.


New Features & Enhancements

Dashboard Click-Throughs to Account Events

Your Strivacity dashboard just got more interactive. Certain dashboard widgets now allow you to click directly into the events behind the metrics—giving you instant visibility into the activity driving your graphs.

New Dashboard Templates

To help you get started faster, we’ve added new pre-built dashboard templates for:

  • A/B testing
  • Consent acceptance
  • On-premises components

Dashboard Widget Browser Improvements

Our library of dashboard widgets keeps expanding! To make navigation easier, you can now search for widgets by name and quickly find the metrics you need.

Stacked Bar Charts

You now have a new way to compare metrics over time. Stacked bar charts make it simple to visualize multi-metric comparisons—such as login successes, failures, and abandonments—within a single view.

Hook Execution Dashboard Widget

Track performance like never before. The new Hook Execution widget helps developers measure orchestration response times as well as providing visibility into unhandled exceptions and hook errors that occur during hook execution. All of this to ensure your Lifecycle Event Hooks run smoothly.

Configure Temporary and Permanent Lockouts

We’ve made brute-force protection more flexible. With the Adaptive Access policy, you can now independently configure temporary and permanent lockout thresholds for both passwords and one-time passcodes.

Expanded Before ID Token Generation Hook

Developers now have more power when working with tokens. The Before ID Token Generation hook can: add or adjust token scopes


Other Updates

  • Added SessionIndex GUID to SAML assertions
  • Expanded documentation for managing email and phone authenticators via the My Account Portal APIs
  • Introduced a new Account Management API endpoint to change or remove organization assignments from an account

Bug Fixes

We fixed issues where:

  • The back-to-login link did not pick up the acr_value from session start
  • Custom telephony providers failed if the Strivacity default provider wasn’t enabled
  • The password requirements indicator didn’t handle Unicode lowercase letters
  • Password length wasn’t displayed properly in some cases
  • Adaptive Access policy didn’t include custom MFA configurations
  • Consents didn’t always render in the correct translation
  • The native SDK incorrectly fell back to web views in some scenarios
  • Password quality policy wasn’t listed in the admin console’s identity store view
  • The Before Authenticator Enrollment hook template missed required callback parameters
  • A/B testing evaluated usernames as case-sensitive
  • Tags containing underscores (_) weren’t always searchable
  • The My Account API endpoint didn’t return maxLength or restrictedCharacters fields