We’ve enhanced account linking functionality to provide greater flexibility and control. Administrators can now define any attribute beyond just username or email as the lookup attribute for linking accounts. In addition, provisioning behavior during account linking failures is fully configurable.

Documentation:

• https://wso2.com/asgardeo/docs/guides/authentication/jit-user-provisioning/

We’ve introduced a nested-level organization search option in the Console.

Previously, searches were limited to immediate child organizations. With this enhancement, you can now search across the entire organization hierarchy, making it easier to locate and manage organizations at any depth.

Documentation:

• https://wso2.com/asgardeo/docs/guides/organization-management/manage-organizations/#search-an-organization

In extension points such as Pre-Issue Access Token and Custom Authenticator actions, it is common to rely on additional headers and parameters from the request flow. However, allowing unrestricted access to all headers and parameters poses security risks, as they may contain sensitive information, personally identifiable data (PII), or internal infrastructure details.

Asgardeo now provides full control over which roles are shared when delegating applications to sub organizations.Previously, application sharing automatically granted all associated application roles to sub organizations, which could lead to over-permissive access.

With this update, admins can fine-tune role visibility using one of three sharing modes: