Choreo now supports routing in-data-plane builds such as Argo Workflows running within a private data plane through customer-owned mirror registries including Nexus, Harbor, and JFrog Artifactory. Platform engineers can configure a single Kubernetes secret to redirect container image pulls and language package downloads (including npm, Maven, Gradle, NuGet, PyPI, Go, Composer, and RubyGems) away from public registries. This enables secure and reliable builds in restricted, private, or air-gapped Kubernetes environments.

Asgardeo now supports machine-to-machine (M2M) authentication insights, giving administrators visibility into M2M token issuance activity across their organization. Previously, the Insights view only surfaced user-driven activity such as logins and registrations, leaving M2M token usage as a blind spot for organizations relying on client credentials flows for service-to-service communication.

With this enhancement, administrators can now monitor M2M activity through a dedicated M2M view under Insights on the Asgardeo Console.

Documentation: 

Asgardeo now supports enterprise login for the Console.

Enterprise login enables administrators to access the Asgardeo Console using credentials from an external identity provider (IdP). Instead of managing separate Asgardeo accounts, administrators can authenticate through their organization’s existing SAML or OIDC-based enterprise IdP, providing a more seamless and centralized sign-in experience.
 

Asgardeo now supports using a SAML metadata endpoint as the certificate source for external SAML identity providers (Connections). With this enhancement, Asgardeo automatically retrieves and refreshes signing certificates from the configured metadata URL whenever a signature validation failure occurs, eliminating the need for manual certificate updates during IdP key rotations.

Key capabilities include:

Asgardeo now supports enhanced controls to govern OTP retry and resend attempts within a single authentication session, enabling administrators to mitigate brute-force attacks and optimize SMS/Email delivery costs while preserving a smooth user experience.

Key capabilities include:

Asgardeo now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across  trusted token issuers defined at the organization level.

Key capabilities include:

Outbound provisioning is extended to support organizations. Organizations can now configure and manage their own outbound provisioning connectors independently.

Application-level outbound provisioning is also supported. You can configure provisioning at both the organization level and the application level, enabling you to define organization-wide provisioning rules while customizing behavior for specific applications.

Documentation: 

You can configure rules for user operations, such as adding a user or creating a role, to control whether an approval workflow should be triggered when the operation occurs.

This enhancement gives administrators more precise control over workflow configuration, enabling approvals to be enforced only when specific business conditions are met.

Documentation: 

• https://wso2.com/asgardeo/docs/guides/workflows/workflow-rules/

Asgardeo now sends SMS and email notifications to both approvers and initiators when a workflow request is created or resolved.

When a user operation, such as adding a user or creating a role, triggers a configured workflow, the designated approver receives a notification through the configured channel. After the approver acts, if additional approval steps exist, the next approver receives a notification. If no further steps remain, the initiator is notified of the final outcome.

Administrators can define the notification channels when creating a workflow.

Previously only available through the API, Asgardeo now enables organization administrators to configure organization access for the users in their organizations through Asgardeo console.