Strivacity: Vienna Release

The Vienna release is our largest release yet. It combines industry standard identity affirmation features, sophisticated fraud detection and mitigation, and bleeding edge FIDO-based authentication protocols. We also continue our “clicks not code” approach with a visual brand editor as well as an expanded list of pre-canned integrations with social, identity, and analytic providers. We’ve also made it easier for your customers to integrate their social login accounts, reset their password without an email address, and launch the applications they have access to right from the My Account portal.

There is a lot to cover, so let’s get started.

Identity verification

It is important to know your customers are who they say they are. This can greatly reduce the level of fraudulent transactions to your service and keep your customer’s accounts safe.

We make this easy by integrating with 3rd party phone carrier providers and credit agencies while offering pain-free registration workflows that make it easy for a customer to verify their identity.

In the Vienna release, we implement a highly configurable customer journey builder that allows you to control your customer’s experience when verifying their identity. You have full control over what your customers see, how their data is collected, which verification techniques are used, and how the customer is handled if they fail to verify their identity. Balancing registration friction and fraud prevention has never been easier.

See: Identity verification

Customer Journey BuilderCustomer Journey Builder

Fraud detection

No one wants fraudulent activity to occur on their platform. Fraud risks your customer’s accounts and your brand’s reputation. We make it easy by providing out-of-the-box fraud mitigation tools that reduce the risk of your brand becoming a headline.

Bot detection

Our Vienna release adds an IP-based bot detection feed to stop consumer bots in their tracks. We’ve also added network analysis, allowing you to block or step-up connections that come from Tor or other anonymous proxies.

See: Bot detection

Phone fraud

We can also detect if a phone number being used as an authenticator has been recently ported or is associated with VoIP phone types that are often used by scammers.

See: Phone fraud documentation.

Improbable travel

Can you travel faster than a commercial airline? If you can, you might be a bad actor. We can compare the time and location of recent logins and determine that traveling that far in that amount of time would be…well…improbable. You can then configure the system to require MFA on the questionable authentication to reduce the risk of fraudulent activity.

See: Adaptive rules: an overview

Behavior analytics

Finally, we can check a customer’s login time, day, and location and compare that to past behaviors to determine whether to require MFA for that customer. This makes your customer’s normal login behavior as friction-free as possible while maintaining the security everybody expects.

See: Adaptive rules: an overview

Adaptive MFA

FIDO2

We continue to our list of authenticator options to ensure your customers have an easy and safe authentication experience. In this release, we’ve added support for FIDO2 platform and roaming authenticators. Your customers can now access your site using their face or fingerprint from a mobile or desktop/laptop device. Security has never been easier!

See: Multi-factor methods: an overview

Mobile SDK

We are also expanding that authentication and biometric support to your brand’s iOS and Android mobile app. When you integrate our new mobile SDK into your brand’s app, you allow customers to quickly and securely authenticate across all the platforms your brand live.

See: Mobile SDK overview

Visualize your brand with our brand policy visualizer

Getting that pixel perfect representation of your brand in a 3rd party service can be cumbersome and time consuming. Strivacity’s new visual brand editor makes this process a snap. Our editor shows you each piece of the customer journey and allows you to make real-time updates to the experience. When you change a color, you instantly see the effects of that change. No more going back and forth between the admin UI and a test customer account trying to get the experience just right. You’ll have confidence the changes you made are the right ones because you’ll see the changes right when you make them.

Visual Brand EditorVisual Brand Editor

See: Using your logos and color schemes

Plugin library

We’ve moved our Lifecycle Event hook repository to a new place in the Admin Console. We’ve created a plugin library where you can now find off-the-shelf event hook templates that allow you to

  • improve existing customer lifecycle capabilities,
  • customize features,
  • or integrate with external systems.
Plugin library previewPlugin library preview

Plugin library preview

See: Setup and manage lifecycle event hooks

Integrations

More clicks, less code. That’s our mantra. We introduce a slew of new integrations in our admin experience to make 3rd party support super easy.

In the Vienna release we now natively support:

Identity providers

  • Azure Active Directory
  • PingFederate
  • Okta

Passwordless vendors

  • HYPR
  • Transmit BindID

Web analytics

  • Google Analytics
  • Google Tag Manager
  • Amplitude
  • Mixpanel

Social logins

  • LinkedIn
  • Amazon
  • Apple

Your customer’s experience, only better

Your customer’s success is our success. We do whatever we can to make your customer’s experience easier and more secure.

Password reset via phone

We now support resetting your password without the need of an email address. If a customer has a valid phone authenticator, they can now use it to reset their password.

See: Password reset

Application launcher

If you have multiple apps that a customer can access, they can now see the applications they have access to and launch them right from the My Account portal.

See: Application launcher

Account registration via invitation

Administrators can now send an email invite to a customer (or another administrator) to sign up for an account.

See: Customer invitation
See: Inviting administrative accounts

But wait, there’s more!

There are too many great features to wax poetic about, but you can also look forward to:

Resolved issues

Description
Fixed issues where the branding fails to load sometimes

STY-2483
STY-2951

Fixed an issue where a new SAML application would only provide expired metadataSTY-2624
Fixed an issue where the "Back to login" button did not appear when expectedSTY-2638
Fixed an issue where the "Passwords do not match" message would not update after making the passwords matchSTY-2670
Fixed an issue where the same email address would appear twice on an MFA target screenSTY-2738
Fixed an issue where a "Service provider not found" error occurred when logging in via a SAML external login providerSTY-2741
Fixed an issue where MAUs were reported incorrectlySTY-2964
Fixed an issue where end dates were incorrectly handled on the dashboardSTY-3018
Fixed accessibility issues

STY-3080
STY-3081

Fixed an issue where a SAML2 request would throw a "Request header field too large" errorSTY-3125
Fixed an issue where dashboard data could not be downloadedSTY-3133