The Vienna release is our largest release yet. It combines industry standard identity affirmation features, sophisticated fraud detection and mitigation, and bleeding edge FIDO-based authentication protocols. We also continue our “clicks not code” approach with a visual brand editor as well as an expanded list of pre-canned integrations with social, identity, and analytic providers. We’ve also made it easier for your customers to integrate their social login accounts, reset their password without an email address, and launch the applications they have access to right from the My Account portal.
There is a lot to cover, so let’s get started.
It is important to know your customers are who they say they are. This can greatly reduce the level of fraudulent transactions to your service and keep your customer’s accounts safe.
We make this easy by integrating with 3rd party phone carrier providers and credit agencies while offering pain-free registration workflows that make it easy for a customer to verify their identity.
In the Vienna release, we implement a highly configurable customer journey builder that allows you to control your customer’s experience when verifying their identity. You have full control over what your customers see, how their data is collected, which verification techniques are used, and how the customer is handled if they fail to verify their identity. Balancing registration friction and fraud prevention has never been easier.
No one wants fraudulent activity to occur on their platform. Fraud risks your customer’s accounts and your brand’s reputation. We make it easy by providing out-of-the-box fraud mitigation tools that reduce the risk of your brand becoming a headline.
Our Vienna release adds an IP-based bot detection feed to stop consumer bots in their tracks. We’ve also added network analysis, allowing you to block or step-up connections that come from Tor or other anonymous proxies.
See: Bot detection
We can also detect if a phone number being used as an authenticator has been recently ported or is associated with VoIP phone types that are often used by scammers.
Can you travel faster than a commercial airline? If you can, you might be a bad actor. We can compare the time and location of recent logins and determine that traveling that far in that amount of time would be…well…improbable. You can then configure the system to require MFA on the questionable authentication to reduce the risk of fraudulent activity.
Finally, we can check a customer’s login time, day, and location and compare that to past behaviors to determine whether to require MFA for that customer. This makes your customer’s normal login behavior as friction-free as possible while maintaining the security everybody expects.
We continue to our list of authenticator options to ensure your customers have an easy and safe authentication experience. In this release, we’ve added support for FIDO2 platform and roaming authenticators. Your customers can now access your site using their face or fingerprint from a mobile or desktop/laptop device. Security has never been easier!
We are also expanding that authentication and biometric support to your brand’s iOS and Android mobile app. When you integrate our new mobile SDK into your brand’s app, you allow customers to quickly and securely authenticate across all the platforms your brand live.
See: Mobile SDK overview
Getting that pixel perfect representation of your brand in a 3rd party service can be cumbersome and time consuming. Strivacity’s new visual brand editor makes this process a snap. Our editor shows you each piece of the customer journey and allows you to make real-time updates to the experience. When you change a color, you instantly see the effects of that change. No more going back and forth between the admin UI and a test customer account trying to get the experience just right. You’ll have confidence the changes you made are the right ones because you’ll see the changes right when you make them.
We’ve moved our Lifecycle Event hook repository to a new place in the Admin Console. We’ve created a plugin library where you can now find off-the-shelf event hook templates that allow you to
- improve existing customer lifecycle capabilities,
- customize features,
- or integrate with external systems.
More clicks, less code. That’s our mantra. We introduce a slew of new integrations in our admin experience to make 3rd party support super easy.
In the Vienna release we now natively support:
- Azure Active Directory
- Transmit BindID
- Google Analytics
- Google Tag Manager
Your customer’s success is our success. We do whatever we can to make your customer’s experience easier and more secure.
We now support resetting your password without the need of an email address. If a customer has a valid phone authenticator, they can now use it to reset their password.
See: Password reset
If you have multiple apps that a customer can access, they can now see the applications they have access to and launch them right from the My Account portal.
See: Application launcher
Administrators can now send an email invite to a customer (or another administrator) to sign up for an account.
There are too many great features to wax poetic about, but you can also look forward to:
- Consent versioning
- Remembered users can skip the identifier screen if only one session exists
- Application specific paths so customers can bookmark your login page
- Group membership restrictions for access to applications
- Option to use Strivacity's built-in MFA with external identity providers
- Expanded account event capabilities, allowing admins to get better insights into what happens when a customer creates an account and signs in.
- Added localization support for 🇫🇮Finnish and 🇺🇦Ukrainian
|Fixed issues where the branding fails to load sometimes|
|Fixed an issue where a new SAML application would only provide expired metadata||STY-2624|
|Fixed an issue where the "Back to login" button did not appear when expected||STY-2638|
|Fixed an issue where the "Passwords do not match" message would not update after making the passwords match||STY-2670|
|Fixed an issue where the same email address would appear twice on an MFA target screen||STY-2738|
|Fixed an issue where a "Service provider not found" error occurred when logging in via a SAML external login provider||STY-2741|
|Fixed an issue where MAUs were reported incorrectly||STY-2964|
|Fixed an issue where end dates were incorrectly handled on the dashboard||STY-3018|
|Fixed accessibility issues|
|Fixed an issue where a SAML2 request would throw a "Request header field too large" error||STY-3125|
|Fixed an issue where dashboard data could not be downloaded||STY-3133|
Updated 1 day ago