Home
Release notes
Support homeSupport requestsSystem statusTrust centerTry for free
Back to All

Seoul

April 14th, 2026

The Seoul release introduces major platform capabilities focused on extensibility, developer flexibility, and improved operational visibility, along with the general availability of AI Assist.

This release includes changes that may impact your Strivacity deployment. See Important notes for details.

New features and enhancements

AI Assist

AI Assist is now available to all customers.

  • LLM-powered, chat-based assistance directly in the Admin Console
  • Trained on Strivacity documentation and APIs
  • Enables faster access to product knowledge and guidance
  • No customer data is used in training or query processing

Identity and data model

Complex attributes

You can now define structured and multi-valued attributes in identity stores.

  • Support for nested and repeatable data (for example, multiple addresses or account numbers)
  • Enables richer customer profiles and flexible data modeling
  • Supports advanced use cases such as preferences and metadata
  • Improves extensibility for evolving requirements

Token and authorization

Token exchange

Token exchange is available to all customers, enabling the secure exchange of tokens across systems and applications.

  • Modify scopes during exchange
  • Target different audiences (resource servers)
  • Enrich or transform claims
  • Support delegation (act_as) and impersonation (may_act) scenarios

Access token customization

You can now add custom data to the root level of the access token.

  • Enables direct inclusion of custom claims without using the ext object
  • Configured using the “Before ID token generation” hook

Event visibility and debugging

Account event experience overhaul

The account event experience has been redesigned for improved usability. The updated UI structure and navigation patterns are also applied to audit logs and hook logs, providing a more consistent investigation experience across log views.

  • Clear step-by-step progression of authentication journeys
  • Improved visibility into API calls and responses
  • Easier navigation to failed events
  • Enhanced JSON viewer for debugging

Account event replay

You can now replay customer journeys for troubleshooting and analysis.

  • Visualize the exact steps experienced by a customer
  • Step through each screen with PII masking
  • Preview journeys in the branding editor
  • Currently available in developer mode

Admin Console usability

Cross-entity navigation and contextual filtering

The Admin Console now provides improved navigation between related configuration entities.

  • Navigate directly to related entities such as applications, policies, hooks, and groups
  • Apply filters automatically when navigating between views to preserve context
  • Access related entity identifiers without leaving the current view

Provisioning and integrations

Outbound provisioning (Build 1)

Initial support for outbound provisioning is now available.

  • Automatically synchronize users to downstream systems
  • Define rules that trigger actions based on account changes
  • Supports integration with systems such as CRMs and ERPs

Other enhancements

  • Support for importing hashed passwords via the Create Account API
  • Verified email addresses and phone numbers are now indicated in the ID token
  • Brand policy enhancements for masked input fields
  • Ability to pass generic parameters to external login providers
  • Deprecation of attribute-hook-based JavaScript
  • Configure a display name for system-generated email notifications in the Notification policy, displayed alongside the sender address

Bug fixes

We fixed issues where:

  • Hook management and execution were unstable
  • MFA enrollment passcode messages were not properly translated
  • Back-channel logout could be configured with invalid local addresses
  • Biometric authenticator creation failed in My Account
  • Admin UI was not scrollable on mobile devices
  • Password lockout failed for accounts without passwords
  • Identity verification dashboard widgets could break after policy changes
  • Security headers interfered with Admin Console validation
  • Disabling translations was not working
  • Phone identifier could not be set as mandatory
  • Bulk invitation exceeding the invitee count gave a wrong result
  • Organization portal was handling manual verification improperly
  • Organization portal would crash when attempting to change an accounts password
  • Organization portal would not allow account creation
  • Name filter on the Admin Console did not reset the search input after clicking clear

Important notes

This release includes updates to token handling and hook behavior. While most changes are backward compatible, some configurations may require review.

“Before ID token generation” hook changes

  • A new AdditionalTokenData structure simplifies claim handling.
  • Root-level access token claims are now supported.

Impact:

  • No action is required by default (fully backward compatible).
  • If adopting the new structure:
    • Replace the previous class with AdditionalTokenData
    • Use access_token_claims instead of access_token_ext
    • Wrap claims in ext if maintaining current behavior

Back-channel logout restriction

  • Product instance internal addresses can no longer be used as back-channel logout endpoints.
🚧

Please review custom hooks and logout configurations before upgrading.

Deprecations

Attribute hook-based JavaScript execution

Attribute hook-based JavaScript execution is now deprecated. This change is part of ongoing improvements to platform security, maintainability, and future extensibility of attribute-related features.

This capability will remain available in the Seoul release and the following release, and will be fully removed in the Q4 release.

Developers using this feature should begin migrating away from attribute hook-based JavaScript execution.