This version brings major improvements to user directories which enable login from external services, such as Apple, Microsoft, Google and Facebook. All technologies are OpenID or SAML, where OpenID is preferred, as it is also the native protocol of TIS.

New features

These social, and other sign-ins are currently in status “early release” meaning they are fully functional, but have not yet been extensively regression tested. Later in separate release notes we will promote these new features as mature.

• [ONEP-1796] - Add dynamic group UserCondition for "strongly identified"

• [ONEP-2002] - Implement Facebook sign-in (OpenID)

• [ONEP-2003] - Implement Google sign-in (OpenID)

• [ONEP-2006] - Implement Azure AD login (OpenID)

• [ONEP-2008] - Implement improved ADFS user directory (SAML)

• [ONEP-2009] - Implement MPASSid login (OpenID, not SAML)

• [ONEP-2012] - Implement Microsoft sign-in (OpenID)

• [ONEP-2013] - Implement Apple sign-in (OpenID)

Improvements

• [ONEP-1884] - Separate SAML user directory for suomi.fi-tunnistus (SAML)

• [ONEP-1972] - Implement OpenID user directory and refactor external sign-in processes

• [ONEP-2004] - Update authorisation collection indexes

• [ONEP-2005] - More customisable external sign-in policy for OpenID login dialog

• [ONEP-2010] - Refactor user directory authentication

• [ONEP-2011] - Implement autentication error codes

• [ONEP-2014] - Major authentication error message refactoring

Bug fixes

• [ONEP-1966] - Suspected incident in suomi.fi-tunnistus successUri