We are excited to announce the introduction of passkey support for app-native authentication! With this feature, users can enjoy a faster and more secure login experience by authenticating to their mobile apps using passkeys. App-native authentication is an API-based authentication mechanism that allows developers to seamlessly integrate authentication directly within a native app's environment.
We have extended the organization filtering capabilities of Asgardeo to include meta attributes. With this enhancement, you can now filter organizations not only by attributes, such as name, ID, and parent organization name, but also by meta attributes enabling more granular and effective organization management.
We're excited to introduce rule-based password expiry! This enhancement allows administrators to set password expiration rules specifically tailored to user groups and roles, offering a more flexible and precise approach to password security. With this feature, expiration policies can be effectively targeted, ensuring the right rules are enforced for each user segment.
We are excited to announce the launch of User Impersonation, a powerful feature designed to streamline customer support, testing, and troubleshooting processes. This feature allows system administrators or support staff to temporarily access a user’s account, with the user's consent and the administrator's approval, without asking the user's login credentials.
This feature not only enhances the support experience but also offers peace of mind, knowing that user privacy is maintained, and impersonation access is temporary, controlled, and well-audited.
We are excited to announce a significant update aimed at enhancing the security and integrity of our application and improving ongoing maintenance processes. Organizations today face constant risks from potential cyber attacks that can lead to unauthorized access to sensitive information. Such incidents jeopardize the privacy and security of both the organization and its users. To proactively mitigate these risks, we are implementing the following measures:
We are thrilled to introduce the Asgardeo On-Demand Silent Password Migration, enabling a seamless transition of your users' credentials from an existing Identity Provider to Asgardeo. As businesses evolve, organizations may need to migrate from a legacy Identity Provider to a modern solution like Asgardeo. One of the main challenges during this transition is the transfer of user credentials. Because credentials are stored differently across systems, a password stored in one system may not be directly usable in another. Asgardeo On-Demand Silent Password Migration addresses these challenges by ensuring a smooth and secure migration process.
When users log in to the application, they are redirected to the Asgardeo login screen to enter their legacy IdP credentials. If their password has not been migrated yet, Asgardeo authenticates the credentials with the legacy IdP. Upon successful authentication, the password is silently migrated, and the user is redirected back to the application, authenticated through Asgardeo.
Upgrade to Asgardeo today and enjoy a hassle-free transition with our On-Demand Silent Password Migration feature!
We are thrilled to introduce the new getMaskedValue function for Asgardeo conditional authentication scripts! This powerful addition is designed to enhance security by allowing developers to mask sensitive information, such as Personally Identifiable Information (PII), in their adaptive authentication script logs.
We’ve enhanced the configuration capabilities for the self-service portal. Now, administrators can configure the login flow with greater flexibility and share the self-service portal with B2B organizations just as seamlessly as they do with other applications in the organization.
Asgardeo now supports creating roles at the organization level, allowing shared access control across all applications within the organization. This new role management capability centralizes access control, eliminating the need to duplicate roles across multiple applications.
Our latest update introduces the capability to register Machine-to-Machine (M2M) applications, providing robust access control for non-interactive apps using the client credentials grant. This includes IoT devices, CLI tools, and more, allowing for flexible and specific access control. This enhancement enables secure machine-to-machine communication while enforcing granular access, authorization, and security requirements.
We’ve enhanced the access management capabilities of Asgardeo management APIs. With this improvement, organizations now can define fine-grained access controls for management APIs, allowing for more precise and secure management of Asgardeo resources.
Our latest upgrade contains major feature updates for Asgardeo B2B CIAM offering enhancing both security and user experience.
We have introduced a new API category named “Organization APIs”. These APIs simplify the management of organizational-level resources in your B2B SaaS applications with API authorization and Role Based Access Control. Now, you no longer need to create repetitive roles in each organization to manage organizational-level resources. Instead, you can simply create roles in your root organization where the B2B SaaS application is registered with organization API scopes and share them with organizations.
We are pleased to introduce the email domain-based organization discovery functionality tailored for B2B SaaS solutions. This feature facilitates seamless user routing to respective organization logins based on their email addresses.
We have now enabled seamless collaboration between parent organizations and their customer/partner organizations through parent organization user inviting capability. Furthermore, administrators can manage the groups and roles of invited users on an organization-wide basis.
Traditionally, the branding of customer/partner organizations is inherited from the primary B2B business organization. With our latest improvements, organizations now have the freedom and flexibility to tailor their branding to better reflect their own identity and value. Whether it's adjusting logos, color schemes, or messaging, the power is now in their hands!
We have enhanced the Asgardeo Console to support seamless delegated administration for B2B organization administrators. This update enables administrators to efficiently manage and provide delegated administration within their respective organizations. By leveraging the Console, admins can streamline administrative processes, ensuring smoother operations and enhanced control over organizational management.
We have enhanced Asgardeo MyAccount self-service portal by making it available to B2B organization users as well. If your customer or partner organizations handle user management within Asgardeo, you can utilize the enhanced out-of-the-box selfcare application. Further, MyAccount portal can be customized with the organization's branding and tailored login flows based on each organization's preferences.
Our latest upgrade contains major usability enhancements in Asgardeo Console aimed at improving your experience.
We've reimagined the ‘Organizational Settings’ and grouped them under a separate section called `Login and Registration.’ This makes it much easier to dive into configurations like Login Identifier, Login Security, User Onboarding, and Account Recovery.
We've updated the side panel navigations, making it easier for you to access different capabilities. The `Administrators` section now has its dedicated space, and ‘User Stores’ are grouped under `User Attributes and Stores.`
We've moved the `Scopes` section inside `OIDC Attributes` for your convenience.
You'll now experience Asgardeo in your chosen language effortlessly! Instead of manually selecting a language from the footer's language switcher, Asgardeo will now seamlessly adapt to your browser settings.
Documentation: https://wso2.com/asgardeo/docs/references/localization-in-asgardeo/#language-switcher
We are pleased to introduce the “Branding AI” feature, now available in Beta!
Our new “Branding AI” tool simplifies the process of creating a cohesive branding theme by automatically analyzing your website’s visual elements. This feature extracts colors, images, fonts, and styles directly from your website and uses them to craft a branding preference that aligns with your existing digital identity.
Documentation: https://wso2.com/asgardeo/docs/guides/branding/ai-branding/We're thrilled to introduce an exciting addition to Asgardeo as in the form of Audit Logs, which is now available in Beta!
Audit logs are designed for organization owners or auditors to access and analyze vital state changes that happen to the resources they own in Asgardeo.
Upgrade your login journey with iProov's cutting-edge biometrics technology. Seamlessly integrate iProov as a multifactor authentication (MFA) option into your application's login flow, offering secure facial biometrics authentication. Elevate user experience by making login convenient and secure.
Documentation: https://wso2.com/asgardeo/docs/guides/authentication/mfa/add-iproov-login/
We are pleased to introduce the “App-Native Authentication” feature for Asgardeo now. When developing applications (especially native/mobile apps) developers look at implementing their login flows within the apps itself where they target more on UX. To cater to this requirement, App-Native Authentication capability is introduced in which it will provide the app developer the capability to implement a complete authentication capability within the application.
We are excited to roll out the “LoginFlow AI” feature, now available in Beta!
“LoginFlow AI” streamlines the creation of authentication sequences for your applications. By simply inputting your desired login scenario, our AI analyzes and configures the necessary authentication steps based on your specific requirements and context.
Documentation: https://wso2.com/asgardeo/docs/guides/authentication/ai-loginflow/Now you can effortlessly integrate your unique user signup portal in the login screen, replacing the default Asgardeo signup. This enhancement offers you unparalleled control over your user registration journey, enabling direct management of registrations through your customized portal.
Documentation: https://wso2.com/asgardeo/docs/guides/branding/configure-ui-branding/#text-preferences
Asgardeo now directly supports your choice of SMS providers, providing another option in addition to doing so through integration with Choreo. This will allow you to plug in your favorite SMS providers as the SMS gateway with minimal configurations for Asgardeo. Asgardeo will utilize the plugged-in SMS provider for sending SMSs in all the scenarios including SMS OTP for login, recovery and for verification.
With this feature, you can plug in Twilio or Vonage as your SMS provider by just providing the proper service ID and the service secret you obtained from respective providers. Is it not Twilio or Vonage? Nothing to worry, by using the custom SMS provider option you can plug in any 3rd party SMS provider vendor by simply providing the endpoint URL and customizing the payload in a few clicks. You can find more information about this in the Asgardeo documentation linked below.
Documentation: https://wso2.com/asgardeo/docs/guides/authentication/mfa/add-smsotp-login/#configuring-sms-providers
Get ready for a significant enhancement in your app's security and login convenience with our latest enhancement to FIDO 2.0 Passkey.
On-the-fly passkey enrollment:
Say goodbye to the hassle of navigating away from your login flow for passkey registration. With our on-the-fly passkey enrollment feature, users can now seamlessly register their FIDO 2.0 passkeys as part of the login process, enhancing convenience without sacrificing security.
Flexible passkey management:
While we're excited about the new on-the-fly enrollment capability, the trusted My Account portal for passkey registration remains available, offering flexibility and choice to users based on their preferences.
Passkey as a multi-factor authentication option:
Elevate your application's security by leveraging FIDO 2.0 Passkey as a robust MFA option. This addition not only fortifies your security posture but also provides a user-friendly authentication method that's both fast and secure.
Documentation:
Now you can conveniently onboard multiple users to the organization by adding a set of users manually or via CSV file upload.
Documentation: https://wso2.com/asgardeo/docs/guides/users/manage-customers/
In today's dynamic landscape, where users access applications from multiple devices and application instances, ensuring the security and integrity of user sessions poses a significant challenge. Traditional back-channel grant types, such as token exchange or password, often struggle to associate user sessions with specific devices or instances. Recognizing this challenge, Asgardeo has developed Client-Request Token Binding, a sophisticated solution that empowers developers to explicitly associate user sessions with specific devices or client instances. This feature offers flexibility and security, addressing a critical need in the realm of identity and access management.
Documentation: https://wso2.com/asgardeo/docs/references/app-settings/oidc-settings-for-app/#access-token
You can now easily customize the text content in login, registration and recovery Screens for maximum impact.
Craft a unique brand identity by tailoring messaging to perfection. From setting the tone to offering precise instructions, our intuitive customization tools put you in control. Personalize crucial screens effortlessly with customization options for common, login, OTP, sign up, and recovery screens.
Documentation: https://wso2.com/asgardeo/docs/guides/branding/configure-ui-branding/#text-preferences
Now you can experience Asgardeo's SMS OTP as your first-factor authentication option, simplifying application access without the burden of password memorization.
Documentation: https://wso2.com/asgardeo/docs/guides/authentication/passwordless-login/add-passwordless-login-with-sms-otp
Get ready to elevate your application's login flow to new heights with our latest innovation – the Sign-in Method Visual Editor. This groundbreaking tool empowers users to effortlessly craft visually appealing and efficient login experiences. Here's what you can expect from this exciting update:
Dive in and unlock the full potential of the Sign-in Method Visual Editor. Your application's login flow has never looked better.
Documentation Link : https://wso2.com/asgardeo/docs/guides/authentication/conditional-auth/configure-conditional-auth/#enable-conditional-authentication
With this latest update, we've reimagined the Asgardeo Console's navigation structure. We've transformed it from a flat structure into a highly organized one, eliminating the need for endless scrolling to locate specific features. This enhancement ensures a more intuitive and optimal user experience, making it easier than ever to access the full range of Asgardeo Console capabilities.
Our latest upgrade empowers you to delve deeper into user login insights by introducing two powerful filters:
Connection Type: Tailor your analysis by filtering logins based on the user's chosen authentication method. For instance, you can select 'Google' to uncover insights specific to users who logged in using their Google credentials.
Connection ID: Fine-tune your insights by filtering logins based on the unique UUID of the connection used during the login process. With these enhanced filters, you'll gain a more comprehensive understanding of user logins and their associated authentication methods, allowing you to make data-driven decisions with precision.
Consider for dev rel activities to cover a holistic story
Documentation Link : https://wso2.com/asgardeo/docs/guides/organization-insights/#filter-insights
We've taken our Asgardeo Token Exchange grant type to the next level by adding robust support for refresh tokens. Now, in scenarios where the client of the token exchange requires ongoing access to a resource, even after the original credentials have expired, you can seamlessly obtain a refresh token.
Documentation Link : https://wso2.com/asgardeo/docs/guides/authentication/configure-the-token-exchange-flow/#enable-token-exchange-in-your-app
With this exciting update, we're introducing powerful capabilities that redefine the way you handle idle accounts.
Expanded Remote Userstore Integration: Our Idle Account Identification API response now brings you a comprehensive view by including inactive users from remote userstores. Gain deeper insights into account activity across your entire network, all within a single, unified interface.
Unparalleled Sub-Organization Level Insights: We've taken it a step further! Not only can you now identify idle accounts across your primary organization, but our extended capabilities also cover sub-organization-level users. Seamlessly manage and maintain account activity across various hierarchies with utmost ease.
https://wso2.com/asgardeo/docs/apis/idle-account-identification/
Sub-org API documentation: https://wso2.com/asgardeo/docs/apis/organization-management/idle-account-identification/#/
We are excited to announce the launch of a new feature for Asgardeo organization admins: login and registration insights. This feature provides admins with valuable insights into the login and registration activities of the users in their organizations.
With login and registration insights, admins can:
To access the login and registration insights feature, organization admins can log in to the Asgardeo console and click on the "Insights'' tab. Visit our documentation for an in-detail guide.
Note: The organization insights feature is currently in beta, so only a predefined set of filters are available. We plan to add more insights and filters in the near future.
Documentation Link:https://wso2.com/asgardeo/docs/guides/organization-insights/
We're excited to announce that now, customers/partners can seamlessly self-subscribe to B2B applications and effortlessly create their sub-organizations. With this enhancement, we put the power in your hands, making the onboarding process quick and convenient, adhering to your specific needs.
Key Features:
Benefits of the Approaches:
Choose the Approach that Suits You: Both approaches have their merits, and we offer the flexibility to choose the one that aligns best with your organizational structure and processes.
We're thrilled to announce an upgrade to the Asgardeo My Account application - introducing our brand-new, ultra-responsive Oxygen UI! This update is designed to provide you with a smoother experience to have a consistent experience with the new console design.
The Asgardeo console just got a major upgrade with our brand-new, lightning-fast Oxygen UI! Get ready for a seamless and breezy user experience like never before. But that's not all, we have even more exciting tweaks and upgrades planned in the coming months. Stay tuned!
OxygenUI project link: https://wso2.github.io/oxygen-ui/
Introducing Asgardeo's email OTP as your first-factor authentication option! Say goodbye to password headaches and enjoy a hassle-free login experience. Check out our documentation to learn how to enable this feature in your consumer-facing applications and elevate your security game!
Introducing powerful enhancements in Asgardeo for seamless API authorization and robust application role management in B2B organizations! Here's what you can do now:
Experience enhanced control and collaboration with Asgardeo's latest feature update!
Application roles for shared applications -
Role assignments in sub-organization -
We're excited to announce that Asgardeo organization admins now have the power to customize email notification templates directly from the user interface (UI). This update empowers admins to tailor their organization's email communications to meet specific needs and preferences.
Key features of this update include
Customize email templates effortlessly and deliver a tailored communication experience to your users with Asgardeo's enhanced email template customization.
Documentation Link: https://wso2.com/asgardeo/docs/guides/branding/customize-email-templates/#customize-email-content
We're excited to announce that Asgardeo now offers a seamless way to retrieve your user profile data, including linked account details, in compliance with privacy guidelines. By utilizing the MyAccount and self-service API, you can conveniently access your information in a JSON file format.
Key benefits of this update include
Experience the convenience and privacy of accessing your user profile data with Asgardeo.
Export profile information via My Account: https://wso2.com/asgardeo/docs/guides/your-asgardeo/asgardeo-self-service/#export-profile-information
Self-service API Documentation for admin users: https://wso2.com/asgardeo/docs/apis/administrators/export-admin-info/#/paths/me/get
Self-service API Documentation for business users: https://wso2.com/asgardeo/docs/apis/register-mfa/export-user-info/#/paths/me/get
We are thrilled to announce that Asgardeo now offers comprehensive support for the API Authorization and Application Roles Management capabilities in B2E applications.
Key features -
API Authorization - https://wso2.com/asgardeo/docs/guides/api-authorization/
Assigning application roles to groups - https://wso2.com/asgardeo/docs/guides/users/manage-groups/#assign-grops-to-application-roles
We are delighted to introduce the new multi-level organization creation feature, designed specifically for businesses with hierarchical models. With this capability, Enterprise-B2B subscribers can now create nested sub-organizations, enabling a more dynamic and structured organization hierarchy.
Key features of this update include:
Please note that this feature is exclusively available to our Enterprise-B2B tier subscribers, providing them with advanced organization management capabilities. Take advantage of this powerful feature to enhance your organizational structure and optimize your business operations.
With this functionality, administrators can configure their preferred SMTP providers with ease, granting them the ability to send emails related to business user flows directly from their preferred email provider. This will allow your organization to streamline the email management workflow and use your own email domain for better branding presence.
Configuring documentation can be found here.
We have recently made improvements to Asgardeo application login process by introducing backup code authentication for business users. Previously, only administrator users had access to backup codes via My Account. Now, business users can also generate, regenerate, and remove backup codes from their self-service (My account) portal.
For steps on how to enable this feature, check the Enable TOTP for app section in online documentation.
We are excited to announce the availability of Asgardeo organization UI branding configurations to apply on the My Account app.
Previously, organizations could leverage the branding feature to create a consistent look and feel for user login across applications. Now, we have extended the same capability to the organization's My Account, ensuring a unified branding experience throughout your users journey.
If you do not have experience on how the organization branding was configured, you can check the online guide for the details.
Asgardeo has made enhancements to its business user registration process, introducing a new feature that allows organizations to register users with non-email alphanumeric usernames. Unlike the previous requirement of an email address, business users can now easily sign up with a simple alphanumeric username. This improves the accessibility of our platform, expanding business users who may not have an email address.
For additional information on how to configure, see the online documentation.
We have on-boarded HYPR as a passwordless authentication option for Asgardeo. This enables organization administrators to add HYPR as an authentication option for their business applications allowing end-users to login to business apps using HYPR’s passwordless authentication. This authentication approach replaces passwords with biometric-based authentication using personal devices such as smartphones, providing enhanced security and a convenient user experience.
Documentation: https://wso2.com/asgardeo/docs/guides/authentication/passwordless-login/add-passwordless-login-with-hypr/
Along with this feature, four new languages are available as supported translations for user Login and Registration pages:
For additional information on languages and localization, see the online documentation.
And we look forward to continuing to improve Asgardeo for our users around the world!