Home
Release notes
Support homeSupport requestsSystem statusTrust centerTry for free
Back to All

Madrid

August 19th, 2025

The Madrid release introduces powerful new features and enhancements—particularly around Strivacity dashboards—that make it easier than ever to monitor, analyze, and act on your identity data.

Important: This release includes breaking changes affecting:

  • Consent translations
  • Adaptive Access policy configuration
  • Legacy hook log endpoints
  • Social and external login provider claim updating behavoirs (build 1)

Please check with your Customer Success representative before upgrading.

New Features & Enhancements

Dashboard Click-Throughs to Account Events

Your Strivacity dashboard just got more interactive. Certain dashboard widgets now allow you to click directly into the events behind the metrics—giving you instant visibility into the activity driving your graphs.

New Dashboard Templates

To help you get started faster, we’ve added new pre-built dashboard templates for:

  • A/B testing
  • Consent acceptance
  • On-premises components

Dashboard Widget Browser Improvements

Our library of dashboard widgets keeps expanding! To make navigation easier, you can now search for widgets by name and quickly find the metrics you need.

Stacked Bar Charts

You now have a new way to compare metrics over time. Stacked bar charts make it simple to visualize multi-metric comparisons—such as login successes, failures, and abandonments—within a single view.

Hook Execution Dashboard Widget

Track performance like never before. The new Hook Execution widget helps developers measure orchestration response times as well as providing visibility into unhandled exceptions and hook errors that occur during hook execution. All of this to ensure your Lifecycle Event Hooks run smoothly.

Configure Temporary and Permanent Lockouts

We’ve made brute-force protection more flexible. With the Adaptive Access policy, you can now independently configure temporary and permanent lockout thresholds for both passwords and one-time passcodes.

Expanded Before ID Token Generation Hook

Developers now have more power when working with tokens. The Before ID Token Generation hook can: add or adjust token scopes

Event log streaming improvements

Lifecycle Event Hook log streaming (build 1)

In addition to Account Events and Audit Logs, you can now stream Lifecycle Event Hook logs to any of our supported streaming integrations.

Streaming to generic HTTP endpoints (build 1)

In addition to named vendor integrations, Strivacity now support streaming all of our event stream types to a generic HTTP REST API endpoint for custom streaming integrations.

Support for native flows JavaScript SDKs (build 1)

We’ve updated our CORS security policy settings to allow for our Native JavaSCript SDKs to run in a more secure posture, making insecure CORS settings unnecessary for SDK usage.

Other Updates

  • Added SessionIndex GUID to SAML assertions
  • Expanded documentation for managing email and phone authenticators via the My Account Portal APIs
  • Introduced a new Account Management API endpoint to change or remove organization assignments from an account

Bug Fixes

We fixed issues where:

  • The back-to-login link did not pick up the acr_value from session start
  • Custom telephony providers failed if the Strivacity default provider wasn’t enabled
  • The password requirements indicator didn’t handle Unicode lowercase letters
  • Password length wasn’t displayed properly in some cases
  • Adaptive Access policy didn’t include custom MFA configurations
  • Consents didn’t always render in the correct translation
  • The native SDK incorrectly fell back to web views in some scenarios
  • Password quality policy wasn’t listed in the admin console’s identity store view
  • The Before Authenticator Enrollment hook template missed required callback parameters
  • A/B testing evaluated usernames as case-sensitive
  • Tags containing underscores (_) weren’t always searchable
  • The My Account API endpoint didn’t return maxLength or restrictedCharacters fields
  • An incorrect error response was returned on the account event endpoint when an incorrect customer IP address was invalid (build 1)
  • Passkeys were not always configurable in the adaptive access policy when a password-only journey was configured (build 1)
  • An application with a configured A/B testing variant could not be deleted (build 1)
    Account lockout was not working for LDAP users (build 1)
  • Policy tag color handling validation did not work in some cases (build 1)
    Incorrect helper text was included in the brute-force protections tab of adaptive access policies (build 1)
  • Fixed an issue where overriding a null attributed synced from the directory connector was not working properly (build 1)
  • Authenticator with the same email, but different character casing, could be added to an account (build 1)
    A journey custom code step is created with invalid policy tag when the journey was updated (build 1)