...
User Consent feature has been refactored to allow for per namespace free-form consents to be defined and used. The user json may now include new consents. For API v1 the old consents remain where they are, but in the future on API v2 both old and new will be merged together.
Groups now have dynamic capabilities. As per customer purchased features, more or less of these capabilities are enabled. One example grouping are age groups. Multiple overlapping ages may de defined to segment users to correct groups. Another example is the strong identification. As there are several ways and LoAs to do it, users may be easily segmented to correct group to receive appropriate services.
SAML IdP. In addition to earlier being able to authenticate users from external SAML IdPs, we can now also be a SAML IdP. This is implemented as a layer on top of OpenID Connect Provider, so the technical back-end does not change. This new feature expands compatibility with legacy systems with no OIDC support.
Email systems have been improved to make it easier to add external email service providers such as SendGrid. Additionally, the email REST API has improved support for email attachments and custom email headers.
New claim
locality
, which prefers the locality or domicile from non-authoritative sources.OAuth 2.0 Client view now has another view, which allows administrators to see info on the tokens clients have requested using the client credentials grant flow.
Improvements
x
Bug fixes
...
Added OAuth 2.0 Client creation wizard
OAuth 2.0 Clients can have secret set even if set as non-confidential
Improve UI consistency throughout the portal
Object IDs are shown in editors along with the date of creation
Entities can now be locked for accidental modifications more consistently throughout the UI
Other smaller UI improvements
Bug fixes
Various UI bug fixes
Fixed an issue with email subject prefixes
Other changes
Multi-Namespace admin role / permission is no longer valid to access other namespaces. Instead all users listed as administrators in a namespace can access that namespace.
Direct permission and role assignment to users is now deprecated. Direct roles and permissions continue to work for now, but permissions should be granted through roles attached to groups.
Business extension: Product management / ETB / other
Product Management: Added flexibility and multiple minor features.
ETB: Support for multiple physical addresses for employer locations, and support employee home address. These are required for further future service automation.
ETB: Customer id for reports can be configured in the System Preferences → Enterprise Travel Benefit