Release notes
Support homeSupport requestsSystem statusTrust center
Back to All

Mauna Kea

May 2nd, 2024 by Larry King

Released September, 2023

Password history, age limits, and sequential characters

https://docs.strivacity.com/docs/password-quality-settings#password-history
Strivacity now allows you to add password history, age limits, and sequential character restrictions to your password policy to ensure brands keep compliant with their internal security policies.

Account lockout

https://docs.strivacity.com/docs/account-lockout
A customer’s account can now be locked automatically based upon a configured number of failed login attempts. Locked accounts can be re-enabled by customer support via the Account Management feature or via API.

Password strength indicator

Brand administrators can now provide their customers real-time visibility into password requirements as they are typing their password.

Support for different password hashing algorithms

We’ve introduced flexibility in password hashing methods, allowing administrators to specify alternatives. Supported methods include Argon2, bcrypt, and more. Our identity store service offers a standard hashing option, with administrators able to set a "current" method. During validation, if the stored method differs, the authenticator is updated accordingly to the new method. 

Single logout support for SAML 2

Brands can now implement both IdP (identity provider) initiated and SP (service provider) initiated single log-out for in SAML 2 clients.

New identifier configuration options

Our identity stores now support granular controls for username and email identifiers. With this feature you can easily migrate and support legacy username identities while at the same time require new accounts to register with email addresses. 

Localization language selection updates

https://docs.strivacity.com/docs/translations#display-language-precedence
We now support different methods of determining which localized language is shown to the user, including specifying the language preference coming from the brand portal via login hints.

Lifecycle event hook updates

  • Added Organization and Group context into the After Failed Identification and Pre-Registration Lifecycle Event Hooks
  • The Before ID Token Generation hook can now add custom values into the access token

Organization support enhancements

We now include more information about organization inside of the LifeCycle Event Hook context, including the customer’s organization membership and the organizational roles assigned.

Other stories

  • Geo-location selection improvements in adaptive rules
  • Support for message-level encryption for external login providers
  • Ability to enroll email MFA via magic link
  • Audit log entries for translation-related actions
  • Seamless Lifecycle Event Hook assign/unassign
  • Allow "&" character for brand names in the brand policy
  • New hook to customize SAML assertions
  • Expose last login information to Lifecycle Event Hook contexts
  • Increase invite link max age to 30 days
  • Increase the max "Keep me logged in" session length to a full 2 years
  • Added minute precision for the "Session inactivity timeout" setting