Initial release

Released 2020-03-20.

New Features

1. User Consent feature has been refactored to allow for per namespace free-form consents to be defined and used. The user json may now include new consents. For API v1 the old consents remain where they are, but in the future on API v2 both old and new will be merged together.

2. Groups now have dynamic capabilities. As per customer purchased features, more or less of these capabilities are enabled. One example grouping are age groups. Multiple overlapping ages may de defined to segment users to correct groups. Another example is the strong identification. As there are several ways and LoAs to do it, users may be easily segmented to correct group to receive appropriate services.

3. SAML IdP. In addition to earlier being able to authenticate users from external SAML IdPs, we can now also be a SAML IdP. This is implemented as a layer on top of OpenID Connect Provider, so the technical back-end does not change. This new feature expands compatibility with legacy systems with no OIDC support. Technical implementation: External micro service.

4. Email systems have been improved to make it easier to add external email service providers such as SendGrid. Additionally, the email REST API has improved support for email attachments and custom email headers.

5. New claim locality, which prefers the locality or domicile from non-authoritative sources.

6. OAuth 2.0 Client view now has another view, which allows administrators to see info on the tokens clients have requested using the client credentials grant flow.

Improvements

1. Added OAuth 2.0 Client creation wizard

2. OAuth 2.0 Clients can have secret set even if set as non-confidential

3. Improve UI consistency throughout the portal

4. Object IDs are shown in editors along with the date of creation

5. Entities can now be locked for accidental modifications more consistently throughout the UI

6. Other smaller UI improvements

Bug fixes

1. Various UI bug fixes

2. Fixed an issue with email subject prefixes

Other changes

1. Multi-Namespace admin role / permission is no longer valid to access other namespaces. Instead all users listed as administrators in a namespace (role a.k.a. Namespace admin) can access that namespace.

2. Direct permission and role assignment to users is now deprecated. Direct roles and permissions continue to work for now, but permissions should be granted through roles attached to groups. Please see the following image for visual explanation.

Open

Business extension: Product management / ETB / other

1. Product Management: Added flexibility and multiple minor features.

2. ETB: Support for multiple physical addresses for employer locations, and support employee home address. These are required for further future service automation.

3. ETB: Customer id for reports can be configured in the System Preferences → Employee Travel Benefit