Home
Release notes
Support homeSupport requestsSystem statusTrust centerTry for free
Back to All

Veszprém

March 31st, 2025

Headline features

Secrets and variables management

Strivacity now provides brand developers secret and variable management, enabling flexible use of these across the platform. You can define variables and secrets at the global level and use them in any Strivacity code editor. You can also define variables at the Journey or Lifecycle Event Hook level to leverage variables and secrets local to just that code base. Finally, you can set variables and secrets that are applied when hooks and journeys are attached to an application, allowing you to promote environmental configurations between applications on the same or different product instances.

IdP initiated SAML support

Strivacity now supports Identity Provider (IdP) initiated SAML2, which expands Strivacity’s federation capabilities by enabling brands to start a SAML2-based authentication journey with Strivacity directly from a third-party IdP without first receiving an authentication request from the Service Provider (SP). This facilitates smoother user experiences, especially in federated identity environments, by enabling organizations to centralize authentication and maintain user control within their own domain. This feature is configurable via an External login provider

Custom telephony provider

In addition to the four native telephony providers supported today, Strivacity now lets you create your own custom telephony provider integration. This feature allows brand developers to write code that sends Strivacity SMS messages to whatever telephony provider or messaging service you choose. This is configurable via the Telephony provider configuration .

Before password reset extensibility point

We now support a Before Password Reset hook, allowing brands to add custom journeys to a password reset link password reset. Want to put MFA in front of a password reset? How about asking for additional confirmation, or doing a third-party risk assessment before letting a user update that password? All of these are now possible using the Before Password Reset extensibility point along with the Strivacity Journey Builder.

Synchronous capabilities for the After Password Change extensibility point

Brand developers now have the ability to stop the flow after a password change has occurred to ensure synchronizations with 3rd party data stores are successful before changing the password locally. We've also changed the name from "After password change" to "Before password persist". Lifecycle event hooks

Additional client context values available in hooks

Brand developers now have a seamless way to send information from the browser to the back-end context of Lifecycle Event hooks. This allows for better integration with security tools and other products that need to handle sensitive browser-gathered information.

Expose the Strivacity token endpoint to all configured domains

Previously, Strivacity’s token endpoint was only exposed to the primary DNS domain configured in the Strivacity.. Now, you can access the token endpoint from any of the domains configured to be used in Strivacity,

Other stories

  • Account management now indicates if a phone number identifier has been confirmed
  • You can now link to the list of notifications associated with an account event
  • We renamed the Strivacity Bridge components to be more clear about their purposes. The Strivacity Bridge for Header-based Authentication is now the Strivacity Login Gateway. The Strivacity Bridge for On-premises Directories is now the Strivacity Directory Connector.
  • We’ve added additional notification templates to notify customers when a user has unenrolled an MFA method and when an identifier has been changed
  • Passcode and OTP attempts against the lockout count are now exposed in the user account records

Bug fixes

  • Fixed an issue where admin console account event date filter was handling timestamps incorrectly STY-6204
  • Fixed a broken link in the brand policy developer docs STY-6177
  • Fixed an issue where deleting an Adaptive Access policy was impossible if the Custom MFA method was enabled STY-6123
  • Fixed an unnecessary warning when enabling identifiers in an identity store STY-6134