WSO2 Changelog

Asgardeo now supports enforcing password reset as an inline step within an application's login flow when a user's password has expired. Previously, password expiry enforcement was only available organization-wide, triggering at the end of the login flow for all users regardless of the application they signed in too. With this enhancement, administrators can now configure password expiry enforcement at two levels:

• All organization users (default):
  Preserves the existing behavior. Password expiry is enforced for every user in the organization upon login, regardless of which application they sign in to.
• Specific application login flows:
  Organization-wide enforcement is disabled. Password expiry is enforced only for applications where it has been explicitly configured as a step in the login flow. Applications without this configuration are unaffected.

This gives organizations the flexibility to enforce password expiry selectively for high-security applications without applying the policy across the entire organization. 

Documentation: 

• https://wso2.com/asgardeo/docs/guides/account-configurations/login-secu…