Strivacity Fusion: Prague Release
The Prague release of Strivacity Fusion is packed with features that make you and your customers more secure— without sacrificing great customer experience. We’ve also thrown in great experience improvements in our administration console for brand administrators and customer support personnel.
Here is what you can expect from our Prague release:

Security updates

In Prague, we implemented the following features to continue our mission to keep your applications and your customers secure.

Breached password analysis

We implemented Breached Password Analysis to help mitigate against customers who use passwords that have been leaked by a security breach.
When turned on this feature analyzes the password customers enter during registration, password changes, or password resets, and compares it to a database of known breached passwords. If the password is on this list, the user is prevented from using that password. This keeps both you and your brand safe from this particular attack vector.

Multi-factor enrollment at registration and login

Next to bad password practices, the single best way to protect customer accounts against malicious activity is to require multi-factor authentication for logins. Brand administrators can now require customers to enroll in multi-factor authentication during login or the account registration process. And, we’ve done the work to make it as easy as possible for your customers to successfully add their phone number, email address, or a soft-token during as authenticators.

Enhanced Adaptive Authentication Policy rules

We added additional adaptive authentication policy rules to help you further secure your applications and customers. These rules provide you with tools to determine the risk level of a login or registration attempt and define an appropriate action depending on that risk.
In Prague we have added the ability to block, require a second factor (step up), or allow access with no second factor (step down) based on and IP address range and a geo-location.

Customer journey improvements

Security and usability are not mutually exclusive. You can have your cake AND eat it too. Here is how we’ve made your customer’s experience better
Domain-bound passcode tokens in text messages
We’ve updated our standard text message templates to include domain-bound passcode tokens. This helps ensure that passcodes from text messages are available for autofill on all devices that support this.
Date picker options
Not all date input methods are alike. Some are better for picking a recent date and other are best for entering a known date that is far in advance. Now you can determine the best date input method for the context when setting up an attribute in an identity store. Entering a known date such as a birthdate is now much easier for your customers.

Improvements for you, the brand administrator

Import/export/copy policies

Need to duplicate a policy configuration? Hate copying and pasting? We have you covered. You can now simply duplicate an existing policy and save the configurations you need and change the ones you don’t. You can also export a policy configuration and import it into the same or different Strivacity cluster.

Account activity logs in the account lookup

Looking up a user? Want to know what they’ve been up to? Tired of navigating back and forth between the account activity logs and the account page? Me too. Now you don’t have to. All of the account activity logs associated with a customer are available in a tab right next to the customer’s account information.

Additional account events

In addition to making account events easier to find for customers, we’ve added additional events to give you more information about what is happening when a customer is registering and logging in.

Resolved Issues

The following are a list of bugs we fixed that you might be interested in.
Description
Tracking Number
Fixed an issue in Safari where editing the middle of a string in an input field would cause the cursor to jump to the end of the string
STY-2464
Fixed an issue in Safari where required fields were not marked
STY-2462
Updated some error messages to be more clear
STY-2427
Fixed an issue where some account events were not being logged for admin accounts.
STY-2415
Fixed an issue where searching for an account was case sensitive when it really shouldn't be
STY-2414
Fixed an issue where the enrollment count on the dashboard is not updated when authenticators are removed from an account
STY-2401
Fixed an issue where the default admin passowrd reset email is not sent when creating a new cluster
STY-2400
Fixed an issue where changing group assignments were not logged
STY-2399
Fixed an issue in autofill where password managers would not work correctly if the identifier field was configured as "email" or "email or username"
STY-2393
Fixed an issue in Safari where the calendar picker icon would not appear in the date input field
STY-2392
Fixed an issue where iOS was not autofilling passcodes from text messages
STY-2391
Fixed an issue where the location assocaited with a device session was incorrect
STY-2386
Fixed an issue where the "back to login" button was not found on the logout page
STY-2385
Fixed an issue where the Roles filter in the admin account search rendered incorrectly for read-only users
STY-2374
Fixed an issue where an admin account change email had incorrect information
STY-2341
Fixed an issue where soft-token apps were ignoring token lengths
STY-2330